FileManager latest changes

serghey-rodin · serghey-rodin · commit e02e470d3499 · 2015-11-05T04:50:15.000+02:00
diff --git a/web/download/file/index.php b/web/download/file/index.php
@@ -1,6 +1,11 @@
 <?php
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY']))) {
+    header("Location: /login/");
+    exit;
+}
+
 $user = $_SESSION['user'];
 if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
     $user=$_SESSION['look'];
diff --git a/web/edit/file/index.php b/web/edit/file/index.php
@@ -47,7 +47,7 @@
                 chmod($fn, 0644);
 
                 if ($f) {
-                    exec (VESTA_CMD . "v-copy-fs-file {$user} {$fn} {$path}", $output, $return_var);
+                    exec (VESTA_CMD . "v-copy-fs-file {$user} {$fn} ".escapeshellarg($path), $output, $return_var);
                     $error = check_return_code($return_var, $output);
                     if ($return_var != 0) {
                         print('<p style="color: white">Error while saving file</p>');
@@ -58,16 +58,7 @@
             }
         }
 
-        exec (VESTA_CMD . "v-check-fs-permission {$user} '{$path}'", $content, $return_var);
-        if ($return_var != 0) {
-            var_dump($return_var);
-            var_dump($content);
-            exit;
-            print 'Error while opening file'; // todo: handle this more styled
-            exit;
-        }
-
-        exec (VESTA_CMD . "v-open-fs-file {$user} {$path}", $content, $return_var);
+        exec (VESTA_CMD . "v-open-fs-file {$user} ".escapeshellarg($path), $content, $return_var);
         if ($return_var != 0) {
             print 'Error while opening file'; // todo: handle this more styled
             exit;
diff --git a/web/file_manager/fm_core.php b/web/file_manager/fm_core.php
@@ -74,13 +74,7 @@ public function formatFullPath($path_part = '') {
     
     function deleteItem($dir, $item) {
         $dir = $this->formatFullPath($item);
-        //if (is_dir($item)) {
-            //var_dump(VESTA_CMD . "v-delete-fs-directory {$this->user} {$dir}");die();
-            exec (VESTA_CMD . "v-delete-fs-directory {$this->user} {$dir}", $output, $return_var);
-        //}
-        //else {
-        //    exec (VESTA_CMD . "v-delete-fs-file {$this->user} {$dir}", $output, $return_var);
-        //}
+        exec (VESTA_CMD . "v-delete-fs-directory {$this->user} {$dir}", $output, $return_var);
 
         $error = self::check_return_code($return_var, $output);
         
diff --git a/web/file_manager/index.php b/web/file_manager/index.php
@@ -0,0 +1,3 @@
+<?php
+header("Location: /login/");
+exit;
diff --git a/web/view/file/index.php b/web/view/file/index.php
@@ -2,7 +2,11 @@
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Check login_as feature
+if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY']))) {
+    header("Location: /login/");
+    exit;
+}
+
 $user = $_SESSION['user'];
 if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
     $user=$_SESSION['look'];

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+<?php`
	`2`	`+header("Location: /login/");`
	`3`	`+exit;`