mirrors/h5ai
1
0
Fork 0
mirror of https://github.com/lrsjng/h5ai.git synced 2025-05-25 04:24:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed security issues.

Browse source
This commit is contained in:
Lars Jung 2011-09-06 20:57:49 +02:00
parent df30c67ade
commit 8e21a3c038
10 changed files with 100 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -10,6 +10,12 @@ It uses the [Faenza icon set](http://tiheum.deviantart.com/art/Faenza-Icons-1733
## Changelog ## Changelog
### v0.15.1 · *2011-09-06*
* fixed security issues with the zipped download feature
* made zipped download optional (but enabled by default)
### v0.15 · *2011-09-04* ### v0.15 · *2011-09-04*
* added zipped download for selected files * added zipped download for selected files

2
build.properties
View file

@ -3,7 +3,7 @@ custom = true
# project # project
project.name = h5ai project.name = h5ai
project.version = 0.15 project.version = 0.15.1
# src # src

BIN
release/h5ai-0.15.1.tar.gz Normal file
View file

Binary file not shown.

BIN
release/h5ai-0.15.zip → release/h5ai-0.15.1.zip
View file

Binary file not shown.

BIN
release/h5ai-0.15.tar.gz
View file

Binary file not shown.

16
src/h5ai/js/inc/h5ai.js
View file

@ -28,7 +28,9 @@ var H5ai = function (options, langs) {
dateFormat: "Y-m-d H:i", dateFormat: "Y-m-d H:i",
ignore: ["h5ai", "h5ai.header.html", "h5ai.footer.html"], ignore: ["h5ai", "h5ai.header.html", "h5ai.footer.html"],
ignoreRE: ["/^\\./"], ignoreRE: ["/^\\./"],
showThumbs: true showThumbs: true,
zippedDownload: true
}, },
settings = $.extend({}, defaults, options), settings = $.extend({}, defaults, options),
pathClick = function (fn) { pathClick = function (fn) {
@ -292,7 +294,7 @@ var H5ai = function (options, langs) {
}); });
}); });
}, },
initSelect = function () { initZippedDownload = function () {
var x = 0, var x = 0,
y = 0, y = 0,
@ -362,9 +364,11 @@ var H5ai = function (options, langs) {
return false; return false;
}; };
$("body>nav,body>footer,#tree,#extended a").bind("mousedown", noSelection); if (settings.zippedDownload) {
$("#extended a").live("mousedown", noSelection); $("body>nav,body>footer,#tree,#extended a").bind("mousedown", noSelection);
$window.bind("mousedown", selectionStart); $("#extended a").live("mousedown", noSelection);
$window.bind("mousedown", selectionStart);
}
}, },
init = function () { init = function () {
@ -376,7 +380,7 @@ var H5ai = function (options, langs) {
initLangSelector(langs); initLangSelector(langs);
localize(langs, settings.lang, settings.useBrowserLang); localize(langs, settings.lang, settings.useBrowserLang);
initIndicators(); initIndicators();
initSelect(); initZippedDownload();
}, },
h5ai = { h5ai = {
settings: settings, settings: settings,

61
src/h5ai/options.js
View file

@ -97,7 +97,13 @@ h5aiOptions = {
* Only used in PHP implementation. * Only used in PHP implementation.
* Show thumbnails in Icons view. * Show thumbnails in Icons view.
*/ */
"showThumbs": true "showThumbs": true,
/*
* Enable zipped download of selected entries. Requieres
* PHP on the server.
*/
"zippedDownload": true
}; };
@ -117,7 +123,8 @@ h5aiLangs = {
"parentDirectory": "Parent Directory", "parentDirectory": "Parent Directory",
"empty": "empty", "empty": "empty",
"folders": "folders", "folders": "folders",
"files": "files" "files": "files",
"download": "download"
}, },
"de": { "de": {
@ -130,7 +137,8 @@ h5aiLangs = {
"parentDirectory": "Übergeordnetes Verzeichnis", "parentDirectory": "Übergeordnetes Verzeichnis",
"empty": "leer", "empty": "leer",
"folders": "Ordner", "folders": "Ordner",
"files": "Dateien" "files": "Dateien",
"download": "Download"
}, },
"fr": { "fr": {
@ -143,7 +151,8 @@ h5aiLangs = {
"parentDirectory": "Dossier parent", "parentDirectory": "Dossier parent",
"empty": "vide", "empty": "vide",
"folders": "Répertoires", "folders": "Répertoires",
"files": "Fichiers" "files": "Fichiers",
"download": "download"
}, },
"nl": { "nl": {
@ -155,8 +164,9 @@ h5aiLangs = {
"size": "Grootte", "size": "Grootte",
"parentDirectory": "Bovenliggende map", "parentDirectory": "Bovenliggende map",
"empty": "lege", "empty": "lege",
"folders": "[?folders?]", "folders": "folders",
"files": "[?files?]" "files": "files",
"download": "download"
}, },
"sv": { "sv": {
@ -168,8 +178,9 @@ h5aiLangs = {
"size": "Filstorlek", "size": "Filstorlek",
"parentDirectory": "Till överordnad mapp", "parentDirectory": "Till överordnad mapp",
"empty": "tom", "empty": "tom",
"folders": "[?folders?]", "folders": "folders",
"files": "[?files?]" "files": "files",
"download": "download"
}, },
"cs": { "cs": {
@ -182,7 +193,8 @@ h5aiLangs = {
"parentDirectory": "Nadřazený adresář", "parentDirectory": "Nadřazený adresář",
"empty": "prázdný", "empty": "prázdný",
"folders": "složek", "folders": "složek",
"files": "souborů" "files": "souborů",
"download": "download"
}, },
"sk": { "sk": {
@ -195,7 +207,8 @@ h5aiLangs = {
"parentDirectory": "Nadriadený priečinok", "parentDirectory": "Nadriadený priečinok",
"empty": "prázdny", "empty": "prázdny",
"folders": "priečinkov", "folders": "priečinkov",
"files": "súborov" "files": "súborov",
"download": "download"
}, },
"es": { "es": {
@ -207,8 +220,9 @@ h5aiLangs = {
"size": "Tamaño", "size": "Tamaño",
"parentDirectory": "Directorio superior", "parentDirectory": "Directorio superior",
"empty": "vacío", "empty": "vacío",
"folders": "[?folders?]", "folders": "folders",
"files": "[?files?]" "files": "files",
"download": "download"
}, },
"tr": { "tr": {
@ -220,8 +234,9 @@ h5aiLangs = {
"size": "Boyut", "size": "Boyut",
"parentDirectory": "Üst Dizin", "parentDirectory": "Üst Dizin",
"empty": "boş", "empty": "boş",
"folders": "[?folders?]", "folders": "folders",
"files": "[?files?]" "files": "files",
"download": "download"
}, },
"pt": { "pt": {
@ -234,7 +249,8 @@ h5aiLangs = {
"parentDirectory": "Diretório superior", "parentDirectory": "Diretório superior",
"empty": "vazio", "empty": "vazio",
"folders": "pastas", "folders": "pastas",
"files": "arquivos" "files": "arquivos",
"download": "download"
}, },
"bg": { "bg": {
@ -247,7 +263,8 @@ h5aiLangs = {
"parentDirectory": "Предходна директория", "parentDirectory": "Предходна директория",
"empty": "празно", "empty": "празно",
"folders": "папки", "folders": "папки",
"files": "файлове" "files": "файлове",
"download": "download"
}, },
"lv": { "lv": {
@ -260,7 +277,8 @@ h5aiLangs = {
"parentDirectory": "Vecākdirektorijs", "parentDirectory": "Vecākdirektorijs",
"empty": "tukšs", "empty": "tukšs",
"folders": "mapes", "folders": "mapes",
"files": "faili" "files": "faili",
"download": "download"
}, },
"zh-cn": { "zh-cn": {
@ -273,7 +291,8 @@ h5aiLangs = {
"parentDirectory": "上层文件夹", "parentDirectory": "上层文件夹",
"empty": "空文件夹", "empty": "空文件夹",
"folders": "文件夹", "folders": "文件夹",
"files": "文件" "files": "文件",
"download": "download"
}, },
"pl": { "pl": {
@ -286,7 +305,8 @@ h5aiLangs = {
"parentDirectory": "Katalog nadrzędny", "parentDirectory": "Katalog nadrzędny",
"empty": "pusty", "empty": "pusty",
"folders": "foldery", "folders": "foldery",
"files": "pliki" "files": "pliki",
"download": "download"
}, },
"ru": { "ru": {
@ -299,6 +319,7 @@ h5aiLangs = {
"parentDirectory": "Главная директория", "parentDirectory": "Главная директория",
"empty": "пусто", "empty": "пусто",
"folders": "папки", "folders": "папки",
"files": "файлы" "files": "файлы",
"download": "download"
} }
}; };

11
src/h5ai/php/h5ai.php
View file

@ -27,7 +27,7 @@ class H5ai {
$this->sortOrder = array( $this->sortOrder = array(
"column" => array_key_exists("col", $_REQUEST) ? $_REQUEST["col"] : $defaultSortOrder["column"], "column" => array_key_exists("col", $_REQUEST) ? $_REQUEST["col"] : $defaultSortOrder["column"],
"ascending" => array_key_exists("asc", $_REQUEST) ? $_REQUEST["asc"] !== "false" : $defaultSortOrder["ascending"] "ascending" => array_key_exists("asc", $_REQUEST) ? $_REQUEST["asc"] !== "false" : $defaultSortOrder["ascending"]
); );
$this->dateFormat = $this->options["options"]["dateFormat"]; $this->dateFormat = $this->options["options"]["dateFormat"];
$this->view = array_key_exists("view", $_REQUEST) ? $_REQUEST["view"] : $this->options["options"]["viewmodes"][0]; $this->view = array_key_exists("view", $_REQUEST) ? $_REQUEST["view"] : $this->options["options"]["viewmodes"][0];
if (!in_array($this->view, H5ai::$VIEWMODES)) { if (!in_array($this->view, H5ai::$VIEWMODES)) {
@ -96,7 +96,14 @@ class H5ai {
if ($absPath === null) { if ($absPath === null) {
return $this->absHref; return $this->absHref;
} }
return $this->normalizePath(rawurlencode(preg_replace("!^" . $this->docRoot . "!", "", $absPath)), $endWithSlash); $absHref = preg_replace("!^" . $this->docRoot . "!", "", $absPath);
$parts = explode("/", $absHref);
$encodedParts = array();
foreach ($parts as $part) {
$encodedParts[] = rawurlencode($part);
}
$endodedAbsHref = implode("/", $encodedParts);
return $this->normalizePath($endodedAbsHref, $endWithSlash);
} }
public function getAbsPath($absHref = null) { public function getAbsPath($absHref = null) {

18
src/h5ai/php/zipcontent.php
View file

@ -11,14 +11,18 @@ require_once "zipit.php";
$h5ai = new H5ai(); $h5ai = new H5ai();
$zipit = new ZipIt($h5ai); $zipit = new ZipIt($h5ai);
$files = explode(":", trim($_REQUEST["hrefs"])); $hrefs = explode(":", trim($_REQUEST["hrefs"]));
$zipFile = $zipit->zip($files); $zipFile = $zipit->zip($hrefs);
header("Content-Disposition: attachment; filename=\"h5ai-selection.zip\""); if ($zipFile !== false) {
header("Content-Type: application/force-download"); header("Content-Disposition: attachment; filename=\"h5ai-selection.zip\"");
header("Content-Length: " . filesize($zipFile)); header("Content-Type: application/force-download");
header("Connection: close"); header("Content-Length: " . filesize($zipFile));
readfile($zipFile); header("Connection: close");
readfile($zipFile);
} else {
echo "sorry, something went wrong while building the zip.";
}
?> ?>

36
src/h5ai/php/zipit.php
View file

@ -18,12 +18,16 @@ class ZipIt {
} }
foreach ($hrefs as $href) { foreach ($hrefs as $href) {
$localFile = $this->h5ai->getAbsPath($href); $d = dirname($href);
$file = preg_replace("!^" . $this->h5ai->getDocRoot() . "!", "", $localFile); $n = basename($href);
if (is_dir($localFile)) { if ($this->h5ai->getHttpCode($this->h5ai->getAbsHref($d)) === "h5ai" && !$this->h5ai->ignoreThisFile($n)) {
$this->zipDir($zip, $localFile, $file); $localFile = $this->h5ai->getAbsPath($href);
} else { $file = preg_replace("!^" . $this->h5ai->getDocRoot() . "!", "", $localFile);
$this->zipFile($zip, $localFile, $file); if (is_dir($localFile)) {
$this->zipDir($zip, $localFile, $file);
} else {
$this->zipFile($zip, $localFile, $file);
}
} }
} }
@ -40,15 +44,17 @@ class ZipIt {
private function zipDir($zip, $localDir, $dir) { private function zipDir($zip, $localDir, $dir) {
$zip->addEmptyDir($dir); if ($this->h5ai->getHttpCode($this->h5ai->getAbsHref($localDir)) === "h5ai") {
$files = $this->h5ai->readDir($localDir); $zip->addEmptyDir($dir);
foreach ($files as $file) { $files = $this->h5ai->readDir($localDir);
$localFile = $localDir . "/" . $file; foreach ($files as $file) {
$file = $dir . "/" . $file; $localFile = $localDir . "/" . $file;
if (is_dir($localFile)) { $file = $dir . "/" . $file;
$this->zipDir($zip, $localFile, $file); if (is_dir($localFile)) {
} else { $this->zipDir($zip, $localFile, $file);
$this->zipFile($zip, $localFile, $file); } else {
$this->zipFile($zip, $localFile, $file);
}
} }
} }
} }