Changeset 3023403
- Timestamp:
- 01/18/2024 09:52:52 AM (2 years ago)
- Location:
- wp-file-manager/trunk
- Files:
-
- 6 edited
-
css/fm_custom.css (modified) (1 diff)
-
file_folder_manager.php (modified) (4 diffs)
-
inc/backup.php (modified) (1 diff)
-
inc/root.php (modified) (2 diffs)
-
lib/php/elFinderVolumeLocalFileSystem.class.php (modified) (9 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wp-file-manager/trunk/css/fm_custom.css
r2711494 r3023403 197 197 left: 10px; 198 198 } 199 .form-table .input-addon{ 200 padding: 0.5rem 0.75rem; 201 margin-bottom: 0; 202 font-size: 1rem; 203 font-weight: 400; 204 line-height: 2; 205 color: #464a4c; 206 text-align: center; 207 background-color: #eceeef; 208 border: 1px solid rgba(0, 0, 0, 0.15); 209 border-radius: 0.25rem; 210 display: inline-block; 211 } 212 .fmInput{ 213 width:60% !important; 214 } -
wp-file-manager/trunk/file_folder_manager.php
r2984933 r3023403 5 5 Description: Manage your WP files. 6 6 Author: mndpsingh287 7 Version: 7.2. 17 Version: 7.2.2 8 8 Author URI: https://profiles.wordpress.org/mndpsingh287 9 9 License: GPLv2 … … 17 17 { 18 18 protected $SERVER = 'https://searchpro.ai/api/plugindata/api.php'; 19 var $ver = '7.2. 1';19 var $ver = '7.2.2'; 20 20 /* Auto Load Hooks */ 21 21 public function __construct() … … 49 49 add_action('wp_ajax_mk_file_manager_single_backup_restore', array(&$this, 'mk_file_manager_single_backup_restore_callback')); 50 50 add_action( 'rest_api_init', function () { 51 if(is_user_logged_in() && current_user_can('manage_options')){51 if(current_user_can('manage_options') || (is_multisite() && current_user_can( 'manage_network' ))){ 52 52 register_rest_route( 'v1', '/fm/backup/(?P<backup_id>[a-zA-Z0-9-=]+)/(?P<type>[a-zA-Z0-9-=]+)/(?P<key>[a-zA-Z0-9-=]+)', array( 53 53 'methods' => 'GET', … … 486 486 $fmdb = $wpdb->prefix.'wpfm_backup'; 487 487 $date = date('Y-m-d H:i:s'); 488 $file_number = 'backup_'.date('Y_m_d_H_i_s-'). rand(0,9999);488 $file_number = 'backup_'.date('Y_m_d_H_i_s-').bin2hex(openssl_random_pseudo_bytes(4)); 489 489 $nonce = sanitize_text_field($_POST['nonce']); 490 490 $database = sanitize_text_field($_POST['database']); -
wp-file-manager/trunk/inc/backup.php
r2711494 r3023403 252 252 <button class="exitBackBtn bkpUnCheckAll log_btn disabled_btn"><?php _e('Deselect', 'wp-file-manager'); ?></button> 253 253 </div> 254 <p><i><strong><?php _e('Note:', 'wp-file-manager'); ?></strong> <?php _e('Backup files will be under', 'wp-file-manager'); ?> <code><?php echo $backup_dirname; ?></code></i></p>254 255 255 </div> -
wp-file-manager/trunk/inc/root.php
r2753056 r3023403 2 2 $this->custom_css(); 3 3 global $wpdb; 4 $path = str_replace('\\', '/', ABSPATH); 4 5 if (isset($_POST['submit']) && wp_verify_nonce(sanitize_text_field($_POST['wp_filemanager_root_nonce_field']), 'wp_filemanager_root_action')) { 5 6 $directory_separators = ['../', './','..\\', '.\\', '..']; 7 $public_path = isset($_POST['public_path']) ? str_replace($directory_separators, '', htmlentities(trim($path.$_POST['public_path']))): $path; 6 8 $save_array = array( 7 'public_path' => isset($_POST['public_path']) ? str_replace('..', '', htmlentities(trim($_POST['public_path']))) : '',9 'public_path' => $public_path, 8 10 'fm_enable_trash' => isset($_POST['fm_enable_trash']) ? intval($_POST['fm_enable_trash']) : '', 9 11 'fm_enable_media_upload' => isset($_POST['fm_enable_media_upload']) ? intval($_POST['fm_enable_media_upload']) : '', … … 55 57 <th><?php _e('Public Root Path', 'wp-file-manager'); ?></th> 56 58 <td> 57 <input name="public_path" type="text" id="public_path" value="<?php echo isset($settings['public_path']) && !empty($settings['public_path']) ? $settings['public_path'] : $path; ?>" class="regular-text"> 58 <p class="description mb15"><?php _e('File Manager Root Path, you can change according to your choice.', 'wp-file-manager'); ?></p> 59 <p><strong><?php _e('Default:', 'wp-file-manager'); ?></strong> <code><?php echo $path; ?></code></p> 59 <?php 60 $path_length = strlen($path); 61 $access_folder = isset($settings['public_path']) && !empty($settings['public_path']) ? substr($settings['public_path'],$path_length) : ''; 62 ?> 63 <div class="input-addon"><strong><?php _e('Default', 'wp-file-manager'); ?>: </strong><?php echo $path; ?></div> 64 <input type="text" name="public_path" id="public_path" placeholder="<?php _e('Path of the folder to display e.g wp-content/uploads', 'wp-file-manager'); ?>" value="<?php echo $access_folder; ?>" class="regular-text fmInput"/> 60 65 <p style="color:#F00" class="description mb15"><?php _e('Please change this carefully, wrong path can lead file manager plugin to go down.', 'wp-file-manager'); ?></p> 61 66 </td> -
wp-file-manager/trunk/lib/php/elFinderVolumeLocalFileSystem.class.php
r2984933 r3023403 76 76 $this->options['dirMode'] = 0755; // new dirs mode 77 77 $this->options['fileMode'] = 0644; // new files mode 78 $this->options['quarantine'] = '.quarantine'; // quarantine folder name - required to check archive (must be hidden)79 78 $this->options['rootCssClass'] = 'elfinder-navbar-root-local'; 80 79 $this->options['followSymLinks'] = true; … … 180 179 } 181 180 // check quarantine path 181 $_quarantine = ''; 182 182 if (!empty($this->options['quarantine'])) { 183 183 if (strpos($this->options['quarantine'], DIRECTORY_SEPARATOR) === false) { 184 $ hiddens['quarantine'] = $this->options['quarantine'];185 $this->options['quarantine'] = $this->_abspath($this->options['quarantine']);184 $_quarantine = $this->_abspath($this->options['quarantine']); 185 $this->options['quarantine'] = ''; 186 186 } else { 187 187 $this->options['quarantine'] = $this->_normpath($this->options['quarantine']); 188 188 } 189 } 189 } else { 190 $_quarantine = $this->_abspath('.quarantine'); 191 } 192 is_dir($_quarantine) && self::localRmdirRecursive($_quarantine); 190 193 191 194 parent::configure(); … … 231 234 } 232 235 } 233 } 236 } else if ($_path = elFinder::getCommonTempPath()) { 237 $this->quarantine = $_path; 238 } 234 239 235 240 if (!$this->quarantine) { … … 259 264 260 265 $this->statOwner = (!empty($this->options['statOwner'])); 266 267 // enable WinRemoveTailDots plugin on Windows server 268 if (DIRECTORY_SEPARATOR !== '/') { 269 if (!isset($this->options['plugin'])) { 270 $this->options['plugin'] = array(); 271 } 272 $this->options['plugin']['WinRemoveTailDots'] = array('enable' => true); 273 } 261 274 } 262 275 … … 365 378 if (strpos($dir, '..' . DIRECTORY_SEPARATOR) !== false || substr($dir, -2) == '..') { 366 379 $dir = $this->root; 367 } 380 } 368 381 if (strpos($name, '..' . DIRECTORY_SEPARATOR) !== false) { 369 382 $name = basename($name); … … 475 488 return $this->root; 476 489 } else { 490 $path = $this->_normpath($path); 477 491 if (strpos($path, $this->systemRoot) === 0) { 478 492 return $path; … … 957 971 protected function _symlink($source, $targetDir, $name) 958 972 { 959 return symlink($source, $this->_joinPath($targetDir, $name));973 return $this->localFileSystemSymlink($source, $this->_joinPath($targetDir, $name)); 960 974 } 961 975 … … 1189 1203 $this->archiveSize = 0; 1190 1204 1191 $symlinks = $this->_findSymlinks($dir); 1192 1193 if ($symlinks) { 1194 $this->delTree($dir); 1195 return $this->setError(array_merge($this->error, array(elFinder::ERROR_ARC_SYMLINKS))); 1196 } 1205 // find symlinks and check extracted items 1206 $checkRes = $this->checkExtractItems($dir); 1207 if ($checkRes['symlinks']) { 1208 self::localRmdirRecursive($dir); 1209 return $this->setError(array_merge($this->error, array(elFinder::ERROR_ARC_SYMLINKS))); 1210 } 1211 $this->archiveSize = $checkRes['totalSize']; 1212 if ($checkRes['rmNames']) { 1213 foreach ($checkRes['rmNames'] as $name) { 1214 $this->addError(elFinder::ERROR_SAVE, $name); 1215 } 1216 } 1217 1218 // check max files size 1219 if ($this->options['maxArcFilesSize'] > 0 && $this->options['maxArcFilesSize'] < $this->archiveSize) { 1220 $this->delTree($dir); 1221 return $this->setError(elFinder::ERROR_ARC_MAXSIZE); 1222 } 1197 1223 1198 1224 $extractTo = $this->extractToNewdir; // 'auto', ture or false … … 1443 1469 { 1444 1470 $res = false; 1445 $errlev = error_reporting(); 1446 error_reporting($errlev ^ E_WARNING); 1447 if ($res = symlink(realpath($target), $link)) { 1448 $res = is_readable($link); 1449 } 1450 error_reporting($errlev); 1471 if (function_exists('symlink') and is_callable('symlink')) { 1472 $errlev = error_reporting(); 1473 error_reporting($errlev ^ E_WARNING); 1474 if ($res = symlink(realpath($target), $link)) { 1475 $res = is_readable($link); 1476 } 1477 error_reporting($errlev); 1478 } 1451 1479 return $res; 1452 1480 } -
wp-file-manager/trunk/readme.txt
r2984933 r3023403 3 3 Tags: wp-file-manager, elfinder,file manager, ftp, wp-filemanager,file manager, wp-filemanager, Upload Files, WP File Manager, File Manage, Edit Files, Delete Files, FTP, filemanager, wpfilemanager, ftp, file transfer, update, create, delete, view, rename, editor, Cpanel, Control Panel, Admin, Shortcode, explorer, file explorer, filemanager 4 4 Requires at least: 4.0 5 Tested up to: 6. 3.25 Tested up to: 6.4.2 6 6 Requires PHP: 5.2.4 7 Stable tag: 7.2. 17 Stable tag: 7.2.2 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 140 140 == Changelog == 141 141 142 = 7.2.2 (18 Jan, 2024) = 143 * Fixed Security issue. 144 142 145 = 7.2.1 (26th Oct, 2023) = 143 146 * Directory Traversal issue resolved.
Note: See TracChangeset
for help on using the changeset viewer.