mirrors/h5ai
1
0
Fork 0
mirror of https://github.com/lrsjng/h5ai.git synced 2025-05-24 20:14:37 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed security issues.

Browse source
This commit is contained in:
Lars Jung 2011-09-06 20:57:49 +02:00
parent df30c67ade
commit 8e21a3c038
10 changed files with 100 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -10,6 +10,12 @@ It uses the [Faenza icon set](http://tiheum.deviantart.com/art/Faenza-Icons-1733
## Changelog
### v0.15.1 · *2011-09-06*
* fixed security issues with the zipped download feature
* made zipped download optional (but enabled by default)
### v0.15 · *2011-09-04*
* added zipped download for selected files

2
build.properties
View file

@ -3,7 +3,7 @@ custom = true
# project
project.name = h5ai
project.version = 0.15
project.version = 0.15.1
# src

BIN
release/h5ai-0.15.1.tar.gz Normal file
View file

Binary file not shown.

BIN
release/h5ai-0.15.zip → release/h5ai-0.15.1.zip
View file

Binary file not shown.

BIN
release/h5ai-0.15.tar.gz
View file

Binary file not shown.

10
src/h5ai/js/inc/h5ai.js
View file

@ -28,7 +28,9 @@ var H5ai = function (options, langs) {
dateFormat: "Y-m-d H:i",
ignore: ["h5ai", "h5ai.header.html", "h5ai.footer.html"],
ignoreRE: ["/^\\./"],
showThumbs: true
showThumbs: true,
zippedDownload: true
},
settings = $.extend({}, defaults, options),
pathClick = function (fn) {
@ -292,7 +294,7 @@ var H5ai = function (options, langs) {
});
});
},
initSelect = function () {
initZippedDownload = function () {
var x = 0,
y = 0,
@ -362,9 +364,11 @@ var H5ai = function (options, langs) {
return false;
};
if (settings.zippedDownload) {
$("body>nav,body>footer,#tree,#extended a").bind("mousedown", noSelection);
$("#extended a").live("mousedown", noSelection);
$window.bind("mousedown", selectionStart);
}
},
init = function () {
@ -376,7 +380,7 @@ var H5ai = function (options, langs) {
initLangSelector(langs);
localize(langs, settings.lang, settings.useBrowserLang);
initIndicators();
initSelect();
initZippedDownload();
},
h5ai = {
settings: settings,

61
src/h5ai/options.js
View file

@ -97,7 +97,13 @@ h5aiOptions = {
* Only used in PHP implementation.
* Show thumbnails in Icons view.
*/
"showThumbs": true
"showThumbs": true,
/*
* Enable zipped download of selected entries. Requieres
* PHP on the server.
*/
"zippedDownload": true
};
@ -117,7 +123,8 @@ h5aiLangs = {
"parentDirectory": "Parent Directory",
"empty": "empty",
"folders": "folders",
"files": "files"
"files": "files",
"download": "download"
},
"de": {
@ -130,7 +137,8 @@ h5aiLangs = {
"parentDirectory": "Übergeordnetes Verzeichnis",
"empty": "leer",
"folders": "Ordner",
"files": "Dateien"
"files": "Dateien",
"download": "Download"
},
"fr": {
@ -143,7 +151,8 @@ h5aiLangs = {
"parentDirectory": "Dossier parent",
"empty": "vide",
"folders": "Répertoires",
"files": "Fichiers"
"files": "Fichiers",
"download": "download"
},
"nl": {
@ -155,8 +164,9 @@ h5aiLangs = {
"size": "Grootte",
"parentDirectory": "Bovenliggende map",
"empty": "lege",
"folders": "[?folders?]",
"files": "[?files?]"
"folders": "folders",
"files": "files",
"download": "download"
},
"sv": {
@ -168,8 +178,9 @@ h5aiLangs = {
"size": "Filstorlek",
"parentDirectory": "Till överordnad mapp",
"empty": "tom",
"folders": "[?folders?]",
"files": "[?files?]"
"folders": "folders",
"files": "files",
"download": "download"
},
"cs": {
@ -182,7 +193,8 @@ h5aiLangs = {
"parentDirectory": "Nadřazený adresář",
"empty": "prázdný",
"folders": "složek",
"files": "souborů"
"files": "souborů",
"download": "download"
},
"sk": {
@ -195,7 +207,8 @@ h5aiLangs = {
"parentDirectory": "Nadriadený priečinok",
"empty": "prázdny",
"folders": "priečinkov",
"files": "súborov"
"files": "súborov",
"download": "download"
},
"es": {
@ -207,8 +220,9 @@ h5aiLangs = {
"size": "Tamaño",
"parentDirectory": "Directorio superior",
"empty": "vacío",
"folders": "[?folders?]",
"files": "[?files?]"
"folders": "folders",
"files": "files",
"download": "download"
},
"tr": {
@ -220,8 +234,9 @@ h5aiLangs = {
"size": "Boyut",
"parentDirectory": "Üst Dizin",
"empty": "boş",
"folders": "[?folders?]",
"files": "[?files?]"
"folders": "folders",
"files": "files",
"download": "download"
},
"pt": {
@ -234,7 +249,8 @@ h5aiLangs = {
"parentDirectory": "Diretório superior",
"empty": "vazio",
"folders": "pastas",
"files": "arquivos"
"files": "arquivos",
"download": "download"
},
"bg": {
@ -247,7 +263,8 @@ h5aiLangs = {
"parentDirectory": "Предходна директория",
"empty": "празно",
"folders": "папки",
"files": "файлове"
"files": "файлове",
"download": "download"
},
"lv": {
@ -260,7 +277,8 @@ h5aiLangs = {
"parentDirectory": "Vecākdirektorijs",
"empty": "tukšs",
"folders": "mapes",
"files": "faili"
"files": "faili",
"download": "download"
},
"zh-cn": {
@ -273,7 +291,8 @@ h5aiLangs = {
"parentDirectory": "上层文件夹",
"empty": "空文件夹",
"folders": "文件夹",
"files": "文件"
"files": "文件",
"download": "download"
},
"pl": {
@ -286,7 +305,8 @@ h5aiLangs = {
"parentDirectory": "Katalog nadrzędny",
"empty": "pusty",
"folders": "foldery",
"files": "pliki"
"files": "pliki",
"download": "download"
},
"ru": {
@ -299,6 +319,7 @@ h5aiLangs = {
"parentDirectory": "Главная директория",
"empty": "пусто",
"folders": "папки",
"files": "файлы"
"files": "файлы",
"download": "download"
}
};

9
src/h5ai/php/h5ai.php
View file

@ -96,7 +96,14 @@ class H5ai {
if ($absPath === null) {
return $this->absHref;
}
return $this->normalizePath(rawurlencode(preg_replace("!^" . $this->docRoot . "!", "", $absPath)), $endWithSlash);
$absHref = preg_replace("!^" . $this->docRoot . "!", "", $absPath);
$parts = explode("/", $absHref);
$encodedParts = array();
foreach ($parts as $part) {
$encodedParts[] = rawurlencode($part);
}
$endodedAbsHref = implode("/", $encodedParts);
return $this->normalizePath($endodedAbsHref, $endWithSlash);
}
public function getAbsPath($absHref = null) {

8
src/h5ai/php/zipcontent.php
View file

@ -11,14 +11,18 @@ require_once "zipit.php";
$h5ai = new H5ai();
$zipit = new ZipIt($h5ai);
$files = explode(":", trim($_REQUEST["hrefs"]));
$hrefs = explode(":", trim($_REQUEST["hrefs"]));
$zipFile = $zipit->zip($files);
$zipFile = $zipit->zip($hrefs);
if ($zipFile !== false) {
header("Content-Disposition: attachment; filename=\"h5ai-selection.zip\"");
header("Content-Type: application/force-download");
header("Content-Length: " . filesize($zipFile));
header("Connection: close");
readfile($zipFile);
} else {
echo "sorry, something went wrong while building the zip.";
}
?>

6
src/h5ai/php/zipit.php
View file

@ -18,6 +18,9 @@ class ZipIt {
}
foreach ($hrefs as $href) {
$d = dirname($href);
$n = basename($href);
if ($this->h5ai->getHttpCode($this->h5ai->getAbsHref($d)) === "h5ai" && !$this->h5ai->ignoreThisFile($n)) {
$localFile = $this->h5ai->getAbsPath($href);
$file = preg_replace("!^" . $this->h5ai->getDocRoot() . "!", "", $localFile);
if (is_dir($localFile)) {
@ -26,6 +29,7 @@ class ZipIt {
$this->zipFile($zip, $localFile, $file);
}
}
}
$zip->close();
return $zipFile;
@ -40,6 +44,7 @@ class ZipIt {
private function zipDir($zip, $localDir, $dir) {
if ($this->h5ai->getHttpCode($this->h5ai->getAbsHref($localDir)) === "h5ai") {
$zip->addEmptyDir($dir);
$files = $this->h5ai->readDir($localDir);
foreach ($files as $file) {
@ -53,5 +58,6 @@ class ZipIt {
}
}
}
}
?>