#!/usr/bin/perl use strict; #use lib './'; #************************************************************************************ #Build 1011A0001 #************************************************************************************ use CGI::Carp qw(fatalsToBrowser); (our $script=$0) =~s!^.*[/\\]!!; use Manager; use Digest::MD5; use Data::Dumper; use CGI::Cookie; use utf8; use URI::Escape; use Encode qw(encode); use Encode; #************************************************************************************ #Icon Artwork By Silvestre Herrera # #Check out his other icon artwork here: http://www.silvestre.com.ar # #Icons released under the terms of the GNU General Public License version 2 and/or 3 # #************************************************************************************ my %SUB = ( download => \&download, upload=> \&upload2, uploadfl => \&uploadfl, uploadja => \&uploadja, uploadok => \&uploadok, uplja => \&uplja, userarea => \&userarea, findfile => \&findfile, about => \&about, view => \&view, chmod => \&chmod_f, logout=> \&logout, delete=> \&delete, mkdir => \&mkdir, rename=> \&rename, copy => \©_f, pack => \&pack, unpack=> \&unpack, move => \&move, edit => \&edit, tree => \&tree, notes => \¬es, batch_download => \&batch_download, hotlink=> \&hotlink, flu=> \&flu, ); my $fm = new Manager(config=>'Configuration.pl', SCRIPT=>$script); $fm->parseCGI; my $dir=$fm->{CGI}->{dir}; about() if $fm->{CGI}->{action} eq 'about'; $fm->hotLink() if $fm->{CGI}->{file} && $fm->{CGI}->{link} && $fm->{CGI}->{a}; forgott() if $fm->{CGI}->{action} eq 'forgott'; restore() if $fm->{CGI}->{action} eq 'restore'; flu() if $fm->{CGI}->{action} eq 'flu'; uplja() if $fm->{CGI}->{action} eq 'uplja'; $SUB{upload} = \&upload if $fm->{uploadPrBarOn}; $SUB{upload} = \&uploadX if $fm->{xUploadOn}; my $sid = $fm->getCookie($fm->{cookieName}); $sid=~s/;$//; if ($fm->{CGI}->{action} eq 'logout'){ $fm->currentUserBySid(); $fm->logger("Logged Out"); $fm->logout; exit; } if($fm->{CGI}->{log_in}){ $fm->getMessages( $fm->{CGI}->{language} || $fm->{currentUser}->{language} || 'en'); $fm->login(password=>$fm->{CGI}->{password},login=>$fm->{CGI}->{login}); $fm->logger("Logged In"); #clear all old sessions $fm->clearSessions; print "Location: $fm->{SCRIPT}\n\n"; } elsif($sid){ print L "[sid] $sid\n";#close L; $fm->currentUserBySid(); } unless($fm->currentUser){$fm->login;} my $user = $fm->currentUser(); $fm->logout(3) if $user->{disabled}; $fm->logout(3) unless $fm->validTime(); $fm->getMessages( $fm->{CGI}->{language} || $fm->{currentUser}->{language} || 'en'); $fm->{CGI}->{opt} ||= 'name'; $SUB{$fm->{CGI}->{action}}->() if defined $SUB{$fm->{CGI}->{action}}; my ($dsort,$sort)=$fm->getFileList(); #my $Rights = ($fm->{isShared} && !$fm->currentUser->{isAdmin})? $user->{SHARED}->{$fm->{isShared}}->{RIGHTS}:$user->{RIGHTS}; my $Rights = ($fm->{isShared} && !$fm->currentUser->{isAdmin})? $user->{SHARED}->{$fm->{isShared}}->{RIGHTS}:$user->{RIGHTS}; my %opt_; my %arrow; if($fm->{CGI}->{r}){$arrow{$fm->{CGI}->{opt}} = "{htmlDataFolder}/arrow_up.gif\" align=\"top\" alt=\"\"> ";} else{ $arrow{$fm->{CGI}->{opt}} = "{htmlDataFolder}/arrow_down.gif\" align=\"top\" alt=\"\"> "; $opt_{$fm->{CGI}->{opt}}="&r=1"; } my $overQuota = $fm->currentfreeSpace? undef:1; print "Content-type: text/html; charset=utf-8\n\n"; print qq~ $fm->{Filemanagertitle} {timeOut}; print qq~> ~; my $qs = ""; my $colspan = $fm->{fileDescriptionOn}?7:6; (my $tdir=$dir)=~s/^\(shared\)//; my @path = split('/',$tdir); $tdir=""; my $i=0; for (@path){ $tdir &&= $tdir.'/'; $tdir .= $_; $_= "$_"; } $tdir = join ('/',@path); print qq~ ~; my $disabled = 'disabled' if $fm->{CGI}->{gzfile}; my $col1 = $fm->{fileDescriptionOn}? '37%':'48%'; my $col2 = $fm->{fileDescriptionOn}? '6%':'10%'; my $col3 = $fm->{fileDescriptionOn}? '12%':'22%'; print qq~ ~; print "" if $fm->{fileDescriptionOn}; print ""; print ""; } } my $shDir =$dir; $shDir &&="$dir/"; my $has_descr = {}; for(@dkeys){ #(my $tmpDir="$_")=~s/\&/%26/g; #$tmpDir=~s/#/%23/g; my $tmpDir=$_; my $sh = "(shared)" if $dsort->{$_}->{shared}; print qq~\n"; print "" if $fm->{fileDescriptionOn} ; print ""; print ""; } for(@skeys){ my $desc; my $icon = $fm->getIcon($sort->{$_}->{ext}); print qq~\n"; print "" if $fm->{fileDescriptionOn} ; print ""; print "\n"; } print ""; print "
~; print qq~~ if $fm->{fileDescriptionOn}; print qq~
$arrow{name}$fm->{MESSAGES}->{name} $arrow{ext}$fm->{MESSAGES}->{ext} $arrow{size}$fm->{MESSAGES}->{size}$fm->{MESSAGES}{description}$arrow{date}$fm->{MESSAGES}->{date}
~; print qq~
~; my $addQs = "&opt=$fm->{opt}" if $fm->{opt}; $addQs .= "&opt_=$fm->{opt_}" if $fm->{opt_}; my (@skeys,@dkeys); if($fm->{CGI}->{opt} eq 'ext' or $fm->{CGI}->{opt} eq 'name' or $fm->{CGI}->{opt} eq 'mode'){ @skeys = sort {lc $sort->{$a}->{$fm->{CGI}->{opt}} cmp lc $sort->{$b}->{$fm->{CGI}->{opt}} } keys %$sort; @dkeys = sort {lc $dsort->{$a}->{$fm->{CGI}->{opt}} cmp lc $dsort->{$b}->{$fm->{CGI}->{opt}} } keys %$dsort; } elsif($fm->{CGI}->{opt} eq 'date'){ @skeys = sort {$sort->{$b}->{_date} <=> $sort->{$a}->{_date}} keys %$sort; @dkeys = sort {$dsort->{$b}->{_date} <=> $dsort->{$a}->{_date}} keys %$dsort; } elsif($fm->{CGI}->{opt} eq 'size'){ @skeys = sort {$sort->{$a}->{size} <=> $sort->{$b}->{size}} keys %$sort; @dkeys = sort {lc $a cmp lc $b} keys %$dsort; } else{ @skeys = sort {$a <=> $b} keys %$sort; @dkeys = sort {$a <=> $b} keys %$dsort; } @skeys = reverse @skeys if $fm->{CGI}->{r}; @dkeys = reverse @dkeys if $fm->{CGI}->{r} && ($fm->{CGI}->{opt} ne 'ext' and $fm->{CGI}->{opt} ne 'size'); if($fm->{CGI}->{search} && !(@dkeys || @skeys)){ print ""; print "
{fileDescriptionOn}? 7:6)."\">




$fm->{MESSAGES}->{no_results}
"; print "
"; print footer(); exit; } (my $up=$dir)=~s![/\\][^/\\]*$!! if $dir=~m/[\/\\]/; if ($dir or $fm->{CGI}->{gzfile} or $fm->{CGI}->{search}){ $up=$dir if $fm->{CGI}->{gzfile} or $fm->{CGI}->{search}; for(".."){ print qq~
 
[$_]
   <$fm->{MESSAGES}->{DIR}> $sort->{$_}->{date}
~; print qq~{$_}->{shared} ? 'disabled':'').qq~ >~; print "
"; print "{SCRIPT}?dir=$sh$shDir$tmpDir$addQs\" >" unless $disabled; print "{htmlDataFolder}/".($dsort->{$_}->{shared}? 's':'')."folder.gif\" alt=\"\">"; print "" unless $disabled; my $note = $fm->getNote("$sh$shDir$_", 1) if $fm->{fileDescriptionOn}; print " {htmlDataFolder}/note.gif\">" if $fm->{fileDescriptionOn} && $note; (my $tmp=$_)=~s/^(.{65}).+/$1\.\.\./; if ($disabled){print "[$tmp]";} else{print " {SCRIPT}?dir=$sh$shDir$tmpDir$addQs\" class=\"filefolderlisting\">$tmp";} print "
 <$fm->{MESSAGES}->{DIR}> " if $fm->{fileDescriptionOn} ; print "$note" if $note; print "$dsort->{$_}->{date}
~; my $note = $fm->getNote($dir."/".$_, 1) if $fm->{fileDescriptionOn}; my $txtnote = "{htmlDataFolder}/note.gif\">" if $fm->{fileDescriptionOn} && $note; if ($_=~m/(gz|tar)$/i){ my $tdir=$dir; (my $tmpFile="$_")=~s/\&/%26/g; $tmpFile=~s/#/%23/g; if ($_=~m/^\(shared\)/){ ($tdir, $tmpFile) = $fm->subDirFile($_); #$tdir="(shared)".$dir; } (my $tname=$_)=~s/^\(shared\)//; $tname=~s/^(.{65}).+/$1\.\.\./; print "{htmlDataFolder}/$Manager::fileType->{gz}\" border=0>$txtnote $tname\n"; } else{ (my $fl = "$shDir$_")=~s/'/\\'/g; (my $tf=$_)=~s/^\(shared\)//; $tf=~s/^(.{65}).+/$1\.\.\./; print "$icon $txtnote $tf\n"; } if(length($sort->{$_}->{size})>7){ $sort->{$_}->{size}=~s/,//; $sort->{$_}->{size} = sprintf("%.2f",$sort->{$_}->{size}/(1024*1024))." $fm->{MESSAGES}->{Mb}"; #$sort->{$_}->{size}=~s/\././; } elsif(length($sort->{$_}->{size})>3){ $sort->{$_}->{size}=~s/,//; $sort->{$_}->{size} = sprintf("%.2f",$sort->{$_}->{size}/(1024))." $fm->{MESSAGES}->{Kb}"; } else {$sort->{$_}->{size}.=" $fm->{MESSAGES}->{Kb}"} print "
.$sort->{$_}->{ext}$sort->{$_}->{size} " if $fm->{fileDescriptionOn} ; print "$note" if $note; print "$sort->{$_}->{date}
"; print ""; print ""; print footer(); print ""; sub footer{ my $tmp = qq~ ~; return $tmp; } sub view{ my $file=$fm->getCurrentFile($fm->{CGI}->{file},'v',1); $fm->logger("File ".$fm->getUserPath($fm->{CGI}->{file})." Previewed"); my ($fdir,$filename,$ext) = $fm->subDirFile($file); if (!$fm->{CGI}->{play} && lc $ext eq 'mp3'){ my $link = "$script?action=view&dir=$fm->{CGI}->{dir}&play=1&file=$fm->{CGI}->{file}"; play($link,$filename); } my $contentType=$fm->getContentType($ext); if ($contentType){ if ($contentType eq 'attachment'){print "Content-disposition: attachment; filename=$filename\n";} else{ print "Content-Type: $contentType\n" #print "Content-disposition: inline; filename=\"$filename\"\n" ; } print "Content-Length: ".(-s $file ) ."\n"; print "\n"; if($fm->{CGI}->{gzfile}){ my $tar = Archive::Tar->new("$fdir/$fm->{CGI}->{gzfile}",1); my @files = $tar->get_files($filename); binmode STDOUT; print $files[0]->{data}; exit; } elsif($filename=~m/\.s?html?$/i){ print "{htmlClientsFolder}/\">\n"; open(F, "$file") or error($fm->{MESSAGES}->{err_open_file}); binmode F; binmode STDOUT; while(){print;} close F; } else{ open(F, "$file") or error($fm->{MESSAGES}->{err_open_file}); binmode F; binmode STDOUT; while(){print;} close F; } exit; } else{ print "Content-Type: text/html; charset=utf-8\n\n"; print "\n\n$fm->{MESSAGES}->{preview}: $filename\n
\n\n"; } exit; } sub error{ print "Content-Type: text/html; charset=utf-8\n\n"; print "

$_[0]

"; exit; #die $_[0]; } sub error_right{ my $mess = shift; $fm->logger("$fm->{MESSAGES}->{no_right} '$mess'"); error ($fm->{MESSAGES}->{"no_right"}) ; } sub chmod_f{ my ($text, $mode); $fm->{CGI}->{cmd}=eval("$fm->{CGI}->{cmd}") & 0777; for($fm->getParam('file')){ $_=~m/\.([^\.]+)$/; next if $fm->currentDisabled->{lc $1}; if ($fm->{CGI}->{cmd}){ chmod $fm->{CGI}->{cmd}, $fm->getCurrentFile($_, 'c'); } else{ $text .="" if $_ ; my @sb=stat($fm->getCurrentFile($_)); $mode= sprintf("%04o",$sb[2] & 0777); $fm->logger($fm->getUserPath($_)." Chmod"); } } my $onload; if($fm->{CGI}->{cmd}){$onload=" onload=\"go();\"";} else{ $mode ||= "0644"; my $R; my ($n,$u,$g,$o) = split("",$mode); if ($u>=4){$u-=4; $R->{u}->{r}="checked"} if ($u>=2){$u-=2; $R->{u}->{w}="checked"} if ($u>=1){$u-=1; $R->{u}->{e}="checked"} if ($g>=4){$g-=4; $R->{g}->{r}="checked"} if ($g>=2){$g-=2; $R->{g}->{w}="checked"} if ($g>=1){$g-=1; $R->{g}->{e}="checked"} if ($o>=4){$o-=4; $R->{o}->{r}="checked"} if ($o>=2){$o-=2; $R->{o}->{w}="checked"} if ($o>=1){$o-=1; $R->{o}->{e}="checked"} $text .= qq~
$fm->{MESSAGES}->{chmod}
$fm->{MESSAGES}->{mode}$fm->{MESSAGES}->{user}$fm->{MESSAGES}->{group}$fm->{MESSAGES}->{world}
$fm->{MESSAGES}->{read} {u}->{r}> {g}->{r}> {o}->{r}>
$fm->{MESSAGES}->{write} {u}->{w}> {g}->{w}> {o}->{w}>
$fm->{MESSAGES}->{execute} {u}->{e}> {g}->{e}> {o}->{e}>
$fm->{MESSAGES}->{permission}
{MESSAGES}->{cancel} onclick="window.close()">
~; }; print "Content-Type: text/html; charset=utf-8\n\n"; my $data={ CONTENT=>$text, TITLE=>$fm->{MESSAGES}->{chmod}, script => $fm->{SCRIPT}, ONLOAD => $onload, dir => $fm->{CGI}->{dir}, }; print $fm->tmpToHtml($fm->{'tmpWndMain'},$data); exit; } sub rename{ my $text; if($fm->{CGI}->{cmd}){ my $path = $fm->getCurrentPath($fm->{CGI}->{file}, 'a'); $fm->{CGI}->{cmd}=~m/\.([^\.]+)$/; error("$fm->{MESSAGES}->{err_rename_disabled}") if $fm->currentDisabled->{lc $1}; $fm->{CGI}->{old_cmd}=~m/\.([^\.]+)$/; error("$fm->{MESSAGES}->{err_rename_disabled}") if $fm->currentDisabled->{lc $1}; chdir "$path"; rename "$fm->{CGI}->{old_cmd}", "$fm->{CGI}->{cmd}" or error($!."$fm->{MESSAGES}->{err_rename_file}"); $fm->moveNotes("$path/$fm->{CGI}->{old_cmd}", "$path/$fm->{CGI}->{cmd}", 1); $fm->asHtml(title=>'rename',close=>1); } else{ (my $filename=$fm->getCurrentFile($fm->{CGI}->{file}, 'a'))=~s!^.*[/\\]!!; $text = qq~
$fm->{MESSAGES}->{rename}
 $fm->{MESSAGES}->{name}:
~; } $fm->asHtml(text=>$text, title=>"$fm->{MESSAGES}->{rename_file}"); } sub mkdir{ my $path = $fm->getCurrentPath($fm->{CGI}->{file}, 'n'); if($fm->{CGI}->{cmd}){ mkdir "$path/$fm->{CGI}->{cmd}",0755 or $fm->error("$fm->{MESSAGES}->{err_create_new_dir} $!"); $fm->logger("Folder '".$fm->getUserPath("$path/$fm->{CGI}->{cmd}")."' Created"); $fm->addNote("$path/$fm->{CGI}->{cmd}", $fm->{CGI}->{fileDescription}); $fm->asHtml(title=>'mkdir',close=>1); } my $fileDesc=qq~ $fm->{MESSAGES}->{description}: ~ if $fm->{fileDescriptionOn}; my $text = qq~
$fm->{MESSAGES}->{mkdir}
$fileDesc
 $fm->{MESSAGES}->{name}:         
{MESSAGES}->{cancel} onclick="window.close()" class=button>
~; $fm->asHtml(text=>$text, title=>"$fm->{MESSAGES}->{new_dir}"); } sub download{ my $file=$fm->getCurrentFile($fm->{CGI}->{file}, 'r'); (my $filename = $file) =~s!^.*[/\\]!!; $file=~m/\.([^\.]+)$/; error("$fm->{MESSAGES}->{err_downl_disabled}!") if $fm->currentDisabled->{lc $1}; $fm->logger("File ".$fm->getUserPath($fm->{CGI}->{file})." Downloaded"); if ($fm->{sendConfirmDownload}){ my $message="$file downloaded"; if($fm->{sendAsHtml}){ $message = $fm->get_record( $fm->read_file($fm->{templateDir}."/".$fm->{emlFileDownload}), { MESSAGE=>$message, login=>$fm->currentUser->{login}, first=>$fm->currentUser->{first}, last=>$fm->currentUser->{last}, files=>join (', ',$filename), } ); } $fm->male($fm->{toAdmin}, $fm->{fromAdmin}, "$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_downloaded}:", $message); } open(F, "$file") or error($fm->{MESSAGES}->{err_open_file}); binmode F; print "Content-type: multipart/form-data;\n"; print "Content-length: " .( -s $file ). "\n"; print "Content-Disposition: attachment; filename=\"$filename\"\n\n"; binmode STDOUT; while(){print;} close F; exit; } sub delete{ for($fm->getParam('file')){ my $file=$fm->getCurrentFile($_, 'd',0); if ($file and -e $file){ if (-d $file){File::Path::rmtree($file);} else{unlink $file;} $fm->deleteNote($file); $fm->logger("".$fm->getUserPath($file)." Deleted"); } } print "Location: $fm->{SCRIPT}?".$fm->getQueryString()."\n\n"; } sub batch_download{ my $zip = Archive::Zip->new(); $fm->{CGI}->{'zipname'} .=".zip" if $fm->{CGI}->{'zipname'}!~m/\.zip$/i; $fm->logger("$fm->{CGI}->{'zipname'} Zipped & Downloaded"); for($fm->getParam('file')){ my $path=$fm->getCurrentFile($_, 'z', 1); my ($folder,$file) = $fm->subDirFile($path); chdir "$folder"; $fm->{fileList}=[]; if (-d $path){ chdir "$folder"; File::Find::find(\&treeFiles, "$path"); } else{$zip->addFile( $path,$file );} for(@{$fm->{fileList}}){ (my $name=$_)=~s/$folder//; $name=~s/^\///; if(-d $_){$zip->addDirectory( "$_", $name );} else{$zip->addFile( "$_",$name );} } } if ($fm->{sendConfirmDownload}){ my $message="$fm->getParam('file') downloaded"; if($fm->{sendAsHtml}){ $message = $fm->get_record( $fm->read_file($fm->{templateDir}."/".$fm->{emlFileDownload}), { MESSAGE=>$message, login=>$fm->currentUser->{login}, first=>$fm->currentUser->{first}, last=>$fm->currentUser->{last}, files=>join(', ', $fm->getParam('file')), } ); } $fm->male($fm->{toAdmin}, $fm->{fromAdmin}, "$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_downloaded}:", $message); } print "Content-type: application/zip\n"; print "Content-Disposition: inline; filename=\"$fm->{CGI}->{'zipname'}\"\n\n"; binmode STDOUT; $zip->writeToFileHandle( *STDOUT, 0 ); exit; } sub treeFiles{ my $name=$File::Find::name; return if $name=~m/\/\./; push @{$fm->{fileList}},$name; } sub pack{ if($fm->{CGI}->{cmd} ){ my $tar = Archive::Tar->new(); for($fm->getParam('file')){ my $path=$fm->getCurrentFile($_, 'p', 1); my ($folder,$file) = $fm->subDirFile($path); chdir "$folder"; $tar->add_files($file); if (-d $file){ $fm->{fileList}=[]; File::Find::find(\&treeFiles, $file); $tar->add_files(@{$fm->{fileList}}); } } (my $filename = $fm->{CGI}->{cmd},$fm->{CGI}->{cmd1}) =~s/(\.tar)|(\.gz)//i; $tar->write("$filename.tar") or error("$fm->{MESSAGES}->{err_create} $filename.tar"); binmode ("$filename.tar.gz"); # gzopen only sets it on the fd my $gz = Compress::Zlib::gzopen("$filename.tar.gz", "wb") or error( "$fm->{MESSAGES}->{err_open_std}\n") ; open (F,"$filename.tar") or error("$fm->{MESSAGES}->{err_open} $filename.tar"); binmode F; while(){$gz->gzwrite($_) or error( "$fm->{MESSAGES}->{err_write}\n") ;} close (F); $gz->gzclose; unlink "$filename.tar"; $fm->logger("Archive File '$filename.tar.gz' Created"); $fm->asHtml(title=>'gzip',close=>1); } else{ my $path=$fm->getCurrentFile(($fm->getParam('file'))[0], 'p', 1); my ($folder,$file) = $fm->subDirFile($path); my $hidden; my $size=0; foreach($fm->getParam('file')) { $hidden.=qq~~; $size += -s $fm->getCurrentFile($_, 'p', 1); } if ($size > 200*1024*1024){error("Files is to big for pack operation on this server!");} my $text = qq~
$fm->{MESSAGES}->{pack}
 $fm->{MESSAGES}->{name}: $hidden
~; $fm->asHtml(text=>$text, title=>"$fm->{MESSAGES}->{pack_file}"); } } sub unpack{ my $path=$fm->getCurrentFile($fm->{CGI}->{file}, 'k', 1); my $text; if($fm->{CGI}->{cmd}){ $fm->{CGI}->{cmd}=~s!/\*\.\*$!!; $fm->{CGI}->{cmd}=~s!^/!!; my $cmd = $fm->getCurrentPath($fm->{CGI}->{cmd}, 'k', 1); chdir "$cmd" or error("Incorrect target path!"); my $tar = Archive::Tar->new($path,1); if ($tar){ my @files = $tar->list_files(); #check disabled files my @tmp; for (@files){push @tmp, $_ if $fm->allowFile($_)} $tar->extract(@tmp); $fm->logger("File ".$fm->getUserPath($fm->{CGI}->{file})." Unpacked"); } else{error("Incorrect target path!")} $fm->asHtml(title=>'gzip',close=>1); } elsif($fm->{CGI}->{file}!~m/\.tar/ && $fm->{CGI}->{file}!~m/\.gz/){ $text = qq~
$fm->{MESSAGES}->{unpack}
 $fm->{CGI}->{file}$fm->{MESSAGES}->{not_archive}
~; } else{ my $slash='/' if $fm->{CGI}->{dir}; (my $dir=$fm->{CGI}->{dir})=~s/\(shared\)//; $text = qq~
$fm->{MESSAGES}->{unpack}
 $fm->{MESSAGES}->{directory}:
~;} $fm->asHtml(text=>$text, title=>"$fm->{MESSAGES}->{unpack_files}"); } sub hotlink{ $fm->{CGI}->{limit}=~s/\D//g; my $expire = time()+(60*60*24)*$fm->{CGI}->{limit} if $fm->{CGI}->{limit}; my ($file,$hotlink,$hotlinknormal) = $fm->setHotLink($fm->{CGI}->{file},$expire,$fm->{CGI}->{pwd}); my $urifile = uri_escape($file); $fm->logger("File ".$fm->getUserPath($fm->{CGI}->{file})." Hotlinked"); my $add = '&l='.$expire if $fm->{CGI}->{limit}; $add.= '&p=1' if $fm->{CGI}->{pwd}; $hotlinknormal = "$fm->{scriptPath}/$fm->{SCRIPT}?file=$urifile&link=$hotlink&a=".$fm->currentUser->{id}.$add; $hotlink = "$fm->{scriptPath}/$fm->{SCRIPT}?file=$urifile%26link=$hotlink%26a=".$fm->currentUser->{id}.$add; my $option; for (1,2,3,4,5,6,7,10,20,30,60,90){ $option .= ""; } my $script = qq~ ~; my $text = qq~ ~; $fm->asHtml(text=>$text, title=>"$fm->{MESSAGES}->{hotlink}",ONLOAD=>"onload=\"writeText(this.form); replaceCharacters();\"",JSCRIPT=>$script); } sub notes{ my $right = $fm->{CGI}->{del}||$fm->{CGI}->{edit}||$fm->{CGI}->{Submit} ? 'l':0; my $path=$fm->getCurrentFile($fm->{CGI}->{file}, $right, 1); my ($folder,$file) = $fm->subDirFile($fm->{CGI}->{file}); $file=~s/\(shared\)//; if($fm->{CGI}->{del}){ $fm->deleteNoteById($fm->{CGI}->{del}); print "Location: $fm->{SCRIPT}?action=notes&file=$fm->{CGI}->{file}&r=1\n\n"; exit; } if( $fm->{CGI}->{edit}){ $fm->saveNote(file=>$path,note=>$fm->{CGI}->{note},id=>$fm->{CGI}->{edit}); print "Location: $fm->{SCRIPT}?action=notes&file=$fm->{CGI}->{file}&r=1\n\n"; exit; } if($fm->{CGI}->{Submit} && !$fm->{CGI}->{edit}){ $fm->saveNote(file=>$path, note=>$fm->{CGI}->{note}); $fm->logger("Note added to ".$fm->getUserPath($fm->{CGI}->{file}).""); print "Location: $fm->{SCRIPT}?action=notes&file=$fm->{CGI}->{file}&r=1\n\n"; exit; } my $notes = $fm->getNotes($path); my $icon = $fm->getIcon($path,1); my $txtNote; for (@$notes){ $txtNote.="$_->{user} $_->{date} "; $txtNote.="{id}')\"class=Menucss>$fm->{MESSAGES}->{edit} {SCRIPT}?action=notes&file=$fm->{CGI}->{file}&del=$_->{id}\" onclick=\"return confirm('$fm->{MESSAGES}->{sure_del_note}')\"class=Menucss>$fm->{MESSAGES}->{delete}" if $_->{userId} eq $fm->currentUser->{id}; $txtNote.="
{id}\" style=\"margin-left:5px;\">$_->{note}
\n"; } my $text = qq~
$fm->{MESSAGES}->{notes}
 $fm->{MESSAGES}->{name}: $file
 $txtNote

 $fm->{MESSAGES}->{description}:
~; $fm->asHtml(text=>$text, title=>"$file :: $fm->{MESSAGES}->{notes}", ONLOAD=>"onload=\"opener.location.reload();\""); } sub edit{ my $path=$fm->getCurrentFile($fm->{CGI}->{file}, 'w', 1); my ($folder,$file) = $fm->subDirFile($path); if($fm->{CGI}->{submitSave} || $fm->{CGI}->{closeSave} || $fm->{CGI}->{closeExit}){ $fm->{CGI}->{content}=~s/\r//gs; open (F, ">$path") or error($fm->{MESSAGES}->{err_open_file}); print F $fm->{CGI}->{content}; close F; $fm->logger("'".$fm->getUserPath($fm->{CGI}->{file})."' Edited"); } print "Content-Type: text/html; charset=utf-8\n\n"; print qq~ $file \n~; unless ($fm->{CGI}->{closeSave} || $fm->{CGI}->{closeExit}){ print qq~ ~; } print qq~\n~ if $fm->{useWysiwig}; print qq~{CGI}->{closeSave} || $fm->{CGI}->{closeExit}; print qq~ background="$fm->{htmlDataFolder}/toolsLine.png">~ unless $fm->{useWysiwig}; print qq~

~; print qq~~ if $fm->{useWysiwig}; print qq~~; exit; } sub userarea{ my $txt =""; if($fm->{CGI}->{pw} eq 'change'){ my $error =''; chomp $fm->{CGI}->{newpw}; chomp $fm->{CGI}->{newpw2}; $error .="

$fm->{MESSAGES}->{err_old_pw}
" if !$fm->{CGI}->{oldpw} ; $error .="

$fm->{MESSAGES}->{err_blank_pw}
" unless $fm->{CGI}->{newpw}; $error .="

$fm->{MESSAGES}->{err_new_pw}
" if $fm->{CGI}->{newpw} ne $fm->{CGI}->{newpw2}; $error .="

$fm->{MESSAGES}->{err_old_pw}
" unless $fm->checkPassword($fm->{CGI}->{oldpw}, $fm->currentUser->{password}); unless ($error){ $fm->updatePassword($fm->{CGI}->{newpw}); $fm->logger("Changed Password"); print "Location: $fm->{SCRIPT}?action=userarea\n\n"; exit; } $txt = $error."

$fm->{MESSAGES}->{back}"; } elsif ($fm->{CGI}->{pw} eq 'new'){ $txt = qq~
$fm->{MESSAGES}->{change_password}:
$fm->{MESSAGES}->{old_password}:
$fm->{MESSAGES}->{new_password}:
$fm->{MESSAGES}->{retype_password}:
~; } elsif($fm->{CGI}->{email} eq 'change'){ my $oldEmail = $fm->currentUser->{email}; if ($fm->updateEmail($fm->{CGI}->{userEmail})){ $fm->logger("Changed email address from '$oldEmail' to '".$fm->currentUser->{email}."'"); my $message = "Client: $fm->{currentUser}->{login}\nOld Email: $oldEmail\nNew email: $fm->{CGI}->{userEmail}\n"; $fm->male($fm->{toAdmin}, $fm->{fromAdmin}, "Client has changed their Email Address", $message) if $fm->{sendConfirmChEmail}; print "Location: $fm->{SCRIPT}?action=userarea\n\n"; exit; } else{error("Can't change email!");} } elsif($fm->{CGI}->{email} eq 'new'){ $txt = qq~
$fm->{MESSAGES}->{ch_eml}:
$fm->{MESSAGES}->{new_eml}:
~; } else{ my $user = $fm->currentUser(); my $used = $fm->usedSpace(); $user->{expired}||='∞'; $used = $used? sprintf('%0.2F',$used/1024)." $fm->{MESSAGES}->{Mb}" : "-"; my $quote = $user->{diskquota}? "$user->{diskquota} $fm->{MESSAGES}->{Mb}":"∞"; $txt =qq~
$fm->{MESSAGES}->{client_details}:
$fm->{MESSAGES}->{client_username}: $user->{login}
$fm->{MESSAGES}->{client_password}: *******   [$fm->{MESSAGES}->{change}]
$fm->{MESSAGES}->{client_folder}: /$user->{home}
$fm->{MESSAGES}->{disc_quota}:$quote $fm->{MESSAGES}->{Mb}
$fm->{MESSAGES}->{disabled_files}: $user->{protect}
$fm->{MESSAGES}->{expired_date}:$user->{expired}
$fm->{MESSAGES}->{groups}:
~.(ref $user->{groups} eq 'ARRAY'? join(', ',@{$user->{groups}}):$user->{groups}).qq~
$fm->{MESSAGES}->{rights}:
{RIGHTS_BOX}->{u}>$fm->{MESSAGES}->{upload} {RIGHTS_BOX}->{r}>$fm->{MESSAGES}->{download} {RIGHTS_BOX}->{z}>$fm->{MESSAGES}->{batch_download_zip}
{RIGHTS_BOX}->{m}>$fm->{MESSAGES}->{move} {RIGHTS_BOX}->{o}>$fm->{MESSAGES}->{copy} {RIGHTS_BOX}->{a}>$fm->{MESSAGES}->{rename}
{RIGHTS_BOX}->{v}>$fm->{MESSAGES}->{preview} {RIGHTS_BOX}->{t}>$fm->{MESSAGES}->{hotlink} {RIGHTS_BOX}->{c}>$fm->{MESSAGES}->{chmod}
{RIGHTS_BOX}->{p}>$fm->{MESSAGES}->{pack} {RIGHTS_BOX}->{k}>$fm->{MESSAGES}->{unpack} {RIGHTS_BOX}->{n}>$fm->{MESSAGES}->{mkdir}
{RIGHTS_BOX}->{w}>$fm->{MESSAGES}->{editor} {RIGHTS_BOX}->{l}>$fm->{MESSAGES}->{notes} {RIGHTS_BOX}->{d}>$fm->{MESSAGES}->{delete}
$fm->{MESSAGES}->{contact_details}:
$fm->{MESSAGES}->{company_name}: $user->{company}
$fm->{MESSAGES}->{first_name}: $user->{first}
$fm->{MESSAGES}->{last_name}: $user->{last}
$fm->{MESSAGES}->{address}: $user->{address}
$fm->{MESSAGES}->{city}: $user->{city}
$fm->{MESSAGES}->{state}: $user->{state}
$fm->{MESSAGES}->{zip}: $user->{zip}
$fm->{MESSAGES}->{country}: $user->{country}
$fm->{MESSAGES}->{email}: $user->{email}   [$fm->{MESSAGES}->{change}]
$fm->{MESSAGES}->{phone}: $user->{phone}
$fm->{MESSAGES}->{fax}: $user->{fax}
~; } print "Content-type: text/html; charset=utf-8\n\n"; print qq~ $fm->{MESSAGES}->{client_details} $txt ~; exit; } sub about{ print "Content-type: text/html; charset=utf-8\n\n"; print qq~ $fm->{FileManagerName}
$fm->{Version}
$fm->{RegisteredOwner}
~; exit; } sub copy_f{ my $move=shift; my $right = $move? 'm':'o'; if($fm->{CGI}->{cmd}){ my @old = $fm->getParam('old_cmd'); my $fname=0; $fm->{CMD} = $fm->getCurrentFile($fm->{CGI}->{folder}.$fm->{CGI}->{cmd}, $right, 1); if ($fm->{CMD}=~s/(\/|\*\.\*)$/\//){$fname = 0;} elsif(@old==1){ $fname = 1;} for(@old){ my $path=$fm->getCurrentFile($_, $right, 1); my ($folder,$file) = $fm->subDirFile($path); $fm->{HOME}=$fm->getCurrentPath(); #die "$path, $fm->{CMD}/$file :".$fm->{CGI}->{folder}.$fm->{CGI}->{cmd}; next if $fm->_eqFile("$path", "$fm->{CMD}/$file"); if(-d "$path"){ File::Path::mkpath("$path/$file", 0, 0755) or error("Can't create folder $!") unless -d "$path/$file"; chdir "$fm->{HOME}"; (my $target="$fm->{CMD}/$file") =~s/\/+/\//g; $target =~s/\/$//; File::Find::find( sub { (my $name = $File::Find::name)=~s/$fm->{HOME}//; (my $curr = "$fm->{HOME}/$name") =~s/\/+/\//g; return if $curr=~ m/$target/x; if (-d "$File::Find::name"){ File::Path::mkpath("$fm->{CMD}/$name", 0, 0755) unless -d "$fm->{CMD}/$name"; } else{ File::Copy::copy("$File::Find::name", "$fm->{CMD}/$name"); } } , $path); File::Path::rmtree($path) if $move && !$fm->_eqFile($path, $fm->{CMD}); $fm->moveNotes($path,"$fm->{CMD}/$file",$move); } else{ my $folder = $fname? "$fm->{CMD}" : "$fm->{CMD}/$file"; my $op = File::Copy::copy("$path", "$fm->{CMD}/$file"); $fm->moveNotes($path,"$fm->{CMD}/$file",$move); unlink "$path" if $move && $op; } } for (@old){$_=$fm->getUserPath($_)}; $fm->logger("'".(join ', ', @old)."' ".($move? 'moved':'copied')." to '".$fm->getUserPath($fm->{CMD})."'"); $fm->asHtml(title=>'copy', close=>1); } my @files = $fm->getParam('file'); my $path=$fm->getCurrentFile($files[0], $right, 1); my ($folder,$file) = $fm->subDirFile($path); my $filename = '/'; my $filenames = join (', ',@files); $filenames=~s/^(.{40}).*/$1\.\.\./; my $whichpage = ($move?$fm->{MESSAGES}->{move}:$fm->{MESSAGES}->{copy}); my $text = qq~
$whichpage
 ~. ($move?$fm->{MESSAGES}->{move}:$fm->{MESSAGES}->{copy}).qq~ $filenames $fm->{MESSAGES}->{to}:
~; for(@files){ $text .= ""; } $text .= qq~ 
 $fm->{MESSAGES}->{del_directory}:
~; $text .="{SCRIPT}?action=tree';setPath2('');\" ".(!$fm->{isShared}? 'checked':'')." value=\"\">/"; for( keys %{ $fm->currentUser->{'SHARED'} } ){ #next unless -e $_; $text .="
  • "; } $text .=qq~
~; $fm->asHtml(text=>$text, title=>$move? $fm->{MESSAGES}->{move}:$fm->{MESSAGES}->{copy_file}); } sub move{ copy_f(1); } sub wanted { (my $name = $File::Find::name)=~s/$fm->{HOME}//; if (-d "$File::Find::name"){ File::Path::mkpath("$fm->{CMD}/$name", 0, 0755) unless -d "$fm->{CMD}/$name"; } else{ File::Copy::copy("$File::Find::name", "$fm->{CMD}/$name"); } } sub tree{ $fm->{HOME}=$fm->getCurrentPath(); File::Find::find(\&build_tree, $fm->{HOME}); my $text=qq~ File list
~; for my $cat (@{$fm->Tree->{''}}){ my $tmp = treeline($cat->{id}, $fm->Tree); my $coll = $tmp ? 'c':'l'; $text.=qq~$cat->{Title}
~; $text.=qq~
$tmp
~ if $tmp; } $text.="
\n\n\n"; print "Content-type: text/html; charset=utf-8\n\n"; print $text; exit; } sub build_tree{ my $name= $File::Find::name; return if $name eq $fm->{HOME} or !-d $name or $name=~/\.thumb/; $name=~s/\Q$fm->{HOME}\E//g; $name=~s/^\///g; if ($name!~m/\//){push @{$fm->Tree->{''}}, {id=>$name,Title=>$name};} else{ $name=~m/(.*)\/([^\/]+)/; push @{$fm->Tree->{$1}},{id=>$1."/".$2, Title=>$2}; } } sub treeline{ my $cat_id = shift; my $Tree = shift; return unless $cat_id; my $content = ''; for my $subcat (@{$Tree->{$cat_id}}){ my $tmp = treeline($subcat->{id}, $Tree); my $coll = $tmp? "c":"l"; $content .= qq~$subcat->{Title}
~; $content .= $tmp ? "
\n$tmp
":""; } return $content; } sub findfile{ print "Content-type: text/html; charset=utf-8\n\n"; print qq~ $fm->{MESSAGES}->{search}

$fm->{MESSAGES}->{search}:
$fm->{MESSAGES}->{match_case} {CGI}->{inNotes}? 'checked':'') .qq~> $fm->{MESSAGES}->{notes}

~; exit; } sub upload2{ print "Content-type: text/html; charset=utf-8\n\n"; if($fm->{CGI}->{file}){ error ($fm->{MESSAGES}->{over_quota}) unless $fm->currentfreeSpace($ENV{CONTENT_LENGTH}); } my $dir = $fm->getCurrentPath($fm->{CGI}->{dir},'u'); my @fDesc = CGI::param('fileDescription') if $fm->{fileDescriptionOn}; my @descLine; my @uploaded; for (@fDesc){ $_ =~ s///g; $_ =~ s/<([^>]|\n)*>//g; push @descLine,$_ if $_; } my ($s,$ind) = (0,0); my @files = CGI::param('file'); for(@files){ next unless $_; error("A File Name $_ or Description cannot contain any of the following illegal characters: * ? <> | : & ! ; [ ] ^ + @ ' \~ { } $ ! % ( )", 2) if $_=~m/[*?<>|:&!;[]^+@'\~{}$!%()]/; error("$fm->{MESSAGES}->{err_upl_disabled}!") if !$fm->allowFile(lc $_); if (CGI::param('overwrite') && -e "$dir/$_"){ print "\n"; } else { my $filename=$fm->saveFile($_, $dir, $fm->{CGI}->{mode}); push @uploaded, $filename; $fm->addNote("$dir/$filename", $fDesc[$ind]); $ind++; $fm->logger("File '$filename' uploaded to '".$fm->getUserPath($fm->{CGI}->{dir})."'"); } } my $content=1; my ($descriptionString,$uploadInfo); my $time = localtime; if($ind && $fm->{sendConfirmUpload}){ my $message="$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:\n ". join ",\n",@uploaded; if($fm->{sendAsHtml}){ $message = $fm->get_record( $fm->read_file($fm->{templateDir}."/".$fm->{emlFileUpload}), { MESSAGE=>$message, login=>$fm->currentUser->{login}, first=>$fm->currentUser->{first}, last=>$fm->currentUser->{last}, files=>join ('
',@uploaded), descriptions=>join('
' ,@descLine), upload_to=>$fm->getAdminPath($fm->{CGI}->{dir}), } ); } $fm->male($fm->{toAdmin}, $fm->{fromAdmin}, "$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", $message); if ($fm->{currentUser}->{currentShared}){ if ($fm->{currentUser}->{currentShared}->{groupemail} && $fm->{currentUser}->{currentShared}->{groupemail} ne $fm->{currentUser}->{email}){ $fm->male($fm->{currentUser}->{currentShared}->{groupemail}, $fm->{fromAdmin}, "$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", $message); } if ($fm->{sendToGroupUser}){ $fm->sendToGroup( group=>$fm->{currentUser}->{currentShared}->{groupId}, message=>$message, subject=>"$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", ); } } else{$fm->sendToFolderOwner($dir,$message);} } my $banned = $fm->currentDisabled; my $bannedFile; if (ref $banned eq 'HASH'){ my @ban = keys %$banned; for (@ban){$_="'$_'";} $bannedFile = join(',', @ban); } $bannedFile = "bannedFile =new Array($bannedFile);"; print qq~ $fm->{MESSAGES}->{upload_file_to} $dir ~; print qq~ ~ ; my $onchange=qq~ onchange="checkFile(this)"~; print qq~ 1; $text =" saved in $fm->{CGI}->{dir}\n"; print " onload=go()>",$text; print ""; exit; } my $fileDesc=qq~$fm->{MESSAGES}->{description}: ~ if $fm->{fileDescriptionOn}; print qq~>
$fm->{MESSAGES}->{upload}
$fm->{MESSAGES}->{upload} Flash $fm->{MESSAGES}->{upload}
$fileDesc $fileDesc $fileDesc $fileDesc $fileDesc $fileDesc $fileDesc $fileDesc $fileDesc $fileDesc
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
Prevent files from being overwritten
~; print ""; exit; } sub uplja{ print "Content-type: text/html; charset=utf-8\n\n"; $fm->currentUser($fm->{CGI}->{user}); if ($fm->{CGI}->{cip} eq Digest::MD5::md5_hex($fm->{CGI}->{user}.$fm->{secretWord}) ){ unless ($fm->currentfreeSpace($ENV{CONTENT_LENGTH})){ die "Can't upload files\n"; } my $base_directory = $fm->getCurrentPath($fm->{CGI}->{dir}); my $query = new CGI; my @files; $fm->logger("test - $base_directory"); foreach my $ptmp ($query->param){ next if $ptmp !~ /userfile/; my @tmps = $query->param($ptmp); my @infiles = $query->upload($ptmp); my $i = 0; foreach my $tmp (@tmps){ my $infile = $tmps[$i++]; $tmp =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg; $tmp =~ s/\+/ /sg; $tmp =~ s/\\/\//g; $tmp =~ s/^\/(.+)$/$1/g; $tmp =~ s/\.\././g; if ($tmp=~m/[\*\?\|:;\{\}<>\@\#~]/){ next; } unless ($fm->currentRights->{'u'} && $fm->allowFile($tmp)){ next; } my $filename = $base_directory.'/'. $tmp; my $dir = $filename; $dir =~ s/^(.+\/)[^\/]+$/$1/; my @dirs = split('/', $dir); my $cur = ''; foreach my $d (@dirs) { $cur = $cur . $d . '/'; if ($cur !~ /\/[^\/]+/) { next; } mkdir $cur; if ($! ne '' && $! ne 'File exists') { print "could not make dir $cur"; # premature header error exit; } } open FILE, ">$filename" or die "Can't open file $filename"; binmode FILE; binmode $infile; while (<$infile>) { print FILE $_; } close FILE; close $infile; $fm->logger("File '$filename' uploaded to '".$fm->getUserPath($fm->{CGI}->{dir})."'"); push @files, $tmp; } } if(@files && $fm->{sendConfirmUpload}){ my $message="$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:\n ". join ",\n",@files; if($fm->{sendAsHtml}){ $fm->getMessages( $fm->{currentUser}->{language} || 'en'); $message = $fm->get_record( $fm->read_file($fm->{templateDir}."/".$fm->{emlFileUpload}), { MESSAGE=>$message, login=>$fm->currentUser->{login}, first=>$fm->currentUser->{first}, last=>$fm->currentUser->{last}, files=>join ('
',@files), upload_to=>$fm->getAdminPath($fm->{CGI}->{dir}), } ); } $fm->male($fm->{toAdmin}, $fm->{fromAdmin}, "$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", $message); if ($fm->{currentUser}->{currentShared}){ if ($fm->{currentUser}->{currentShared}->{groupemail} && $fm->{currentUser}->{currentShared}->{groupemail} ne $fm->{currentUser}->{email}){ $fm->male($fm->{currentUser}->{currentShared}->{groupemail}, $fm->{fromAdmin}, "$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", $message); } if ($fm->{sendToGroupUser}){ $fm->sendToGroup( group=>$fm->{currentUser}->{currentShared}->{groupId}, message=>$message, subject=>"$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", ); } } else{$fm->sendToFolderOwner($dir,$message);} } } else{die "Can't upload file\n";} exit; } sub uploadja{ $dir = URI::Escape::uri_escape(encode("UTF-8",$dir)); print "Content-Type: text/html; charset=utf-8\n\n"; my $md5 = Digest::MD5::md5_hex($fm->currentUser->{login}.$fm->{secretWord}); print qq~ $fm->{MESSAGES}->{upload} ~; exit; } sub uploadok{ print "Content-Type: text/html; charset=utf-8\n\n"; print qq~ Upload Process finished! ~; exit; } sub uploadfl{ print "Content-Type: text/html; charset=utf-8\n\n"; my $url = $fm->{sslUri}? $fm->{sslUri} : $ENV{SCRIPT_NAME}; my $md5 = Digest::MD5::md5_hex($fm->currentUser->{login}.$fm->{secretWord}); print qq~ $fm->{MESSAGES}->{upload}
$fm->{MESSAGES}->{upload}
$fm->{MESSAGES}->{upload} Flash $fm->{MESSAGES}->{upload}
~; exit; } sub flu{ for (keys %{$fm->{CGI}}){ (my $tmp=$_)=~s/amp;//; $fm->{CGI}->{$tmp}=$fm->{CGI}->{$_}; } if ($fm->{CGI}->{cip} eq Digest::MD5::md5_hex($fm->{CGI}->{user}.$fm->{secretWord}) ){ $fm->currentUser($fm->{CGI}->{user}); my $folder=$fm->getCurrentPath($fm->{CGI}->{dir},'u'); unless ($fm->currentfreeSpace($ENV{CONTENT_LENGTH})){ print "Status: 503\n\n"; exit; } my $file=$fm->{CGI}->{'Filedata'}; if (!$fm->allowFile(lc $file)){ print "Status: 501\n\n"; exit; } if ($file=~m/[\*\?<>\|\:\&;\^\@\'\~\{\}\!\%\(\)]/){ print "Status: 504\n\n"; exit; } unless ($folder){ print "Status: 502\n\n"; exit; } $fm->saveFile($file, $folder, $fm->{CGI}->{mode}); if ($fm->{sendConfirmFlashUpload}){ my $message="$folder/$file uploaded via flash mode"; if($fm->{sendAsHtml}){ $fm->getMessages( $fm->{currentUser}->{language} || 'en'); $message = $fm->get_record( $fm->read_file($fm->{templateDir}."/".$fm->{emlFileUpload}), { MESSAGE=>$message, login=>$fm->currentUser->{login}, first=>$fm->currentUser->{first}, last=>$fm->currentUser->{last}, files=>join ('
',$file), upload_to=>$fm->getAdminPath($fm->{CGI}->{dir}), } ); } $fm->male($fm->{toAdmin}, $fm->{fromAdmin}, "$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", $message); if ($fm->{currentUser}->{currentShared}){ if ($fm->{currentUser}->{currentShared}->{groupemail} && $fm->{currentUser}->{currentShared}->{groupemail} ne $fm->{currentUser}->{email}){ $fm->male($fm->{currentUser}->{currentShared}->{groupemail}, $fm->{fromAdmin}, "$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", $message); } if ($fm->{sendToGroupUser}){ $fm->sendToGroup( group=>$fm->{currentUser}->{currentShared}->{groupId}, message=>$message, subject=>"$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", ); } } else{$fm->sendToFolderOwner($dir,$message);} } print "Content-type: text/html\n\n"; print qq~ Upload Page

Upload Successful

~; $fm->logger("File '$file' uploaded to '".$fm->getUserPath($fm->{CGI}->{dir})."'"); } else{ print "Status: 501\n\n"; exit; } exit; } sub uploadX{ print "Content-Type: text/html; charset=utf-8\n\n"; print qq~ $fm->{MESSAGES}->{upload}
$fm->{MESSAGES}->{upload}
$fm->{MESSAGES}->{upload} Flash $fm->{MESSAGES}->{upload}
$fm->{MESSAGES}->{file}:

{MESSAGES}->{cancel}>

~; exit; } sub upload{ #error_right('u') unless $Rights->{'u'}; print "Content-Type: text/html; charset=utf-8\n\n"; my $dir = $fm->{CGI}->{dir}; if ($fm->{CGI}->{session}){ use Fcntl qw(:DEFAULT :flock); my ($bufferSize, $buffer, $bytesRead) = (1024*8,0,0); $fm->{tmpDir} = "./status"; mkdir "$fm->{tmpDir}",0755 unless -d $fm->{tmpDir} or die "Can't create tmp folder $fm->{tmpDir} $!!"; my $startTime=time; unless (-f "$fm->{tmpDir}/$fm->{CGI}->{session}"){ open (ST , ">$fm->{tmpDir}/$fm->{CGI}->{session}") or error("Can't open status file $!"); flock(ST, LOCK_EX); print ST "$ENV{'CONTENT_LENGTH'} 0 $startTime\n"; close ST; } #create template file for content open (TMP , ">$fm->{tmpDir}/$fm->{CGI}->{session}.tmp") or error("Can't open tmp session file $!", '1', $fm->{CGI}->{session}); binmode TMP; flock(TMP, LOCK_EX); my $bytesRead; while (read(STDIN, my $buffer,$bufferSize)){ $bytesRead+=length $buffer; print TMP $buffer; my $proz = int($bytesRead/$ENV{'CONTENT_LENGTH'} *100); $proz = 99 if $proz>=100; open (ST , ">$fm->{tmpDir}/$fm->{CGI}->{session}"); flock(ST, LOCK_EX); print ST "$ENV{'CONTENT_LENGTH'} $proz $startTime\n"; close ST; select(undef, undef, undef, 0.002); } close TMP; #upload finished open (ST , ">$fm->{tmpDir}/$fm->{CGI}->{session}"); flock(ST, LOCK_EX); print ST "$ENV{'CONTENT_LENGTH'} 100 $startTime\n"; close ST; open(STDIN,"$fm->{tmpDir}/$fm->{CGI}->{session}.tmp") or error("Can't open temp file $fm->{CGI}->{session}.tmp $!", '1', $fm->{CGI}->{session}); use CGI; for(CGI::param()){$fm->{CGI}->{$_}=CGI::param($_);} #protect from access over main root folder $fm->{CGI}->{dir} =~ s/\.\.\///g; $dir = $fm->getCurrentPath($fm->{CGI}->{dir},'u'); my @fDesc = CGI::param('fileDescription') if $fm->{fileDescriptionOn}; #protect html my @descLine; for (@fDesc){ $_ =~ s///g; $_ =~ s/<([^>]|\n)*>//g; push @descLine,$_ if $_; } my $descriptionString; my $ind=0; my $time=localtime; my $uploadInfo = ''; my @files; for(CGI::param('file')){ unless ($_){$ind++; next;} (my $fn = $_) =~s/^.*([^\/\\]+)$/$1/; if ($fn=~m/[\*\?<>\|:&;\[\]\^\+\@\'\~\{\}\$%\(\)]/){$ind++; error("A File Name $_ or Description cannot contain any of the following illegal characters: * ? <> | : & ! ; [ ] ^ + @ ' \~ { } $ ! % ( )", 2); next;} if (!$fm->allowFile(lc $fn)){$ind++; error("$fm->{MESSAGES}->{err_upl_disabled}!"); next;} unless ($fm->allowFile($fn)){$ind++; next;} if (CGI::param('overwrite') && -e "$dir/$_"){ print "Content-type: text/html\n\n"; print "\n"; } else { my $filename=$fm->saveFile($_, $dir, $fm->{CGI}->{mode}); $fm->addNote("$dir/$filename", $fDesc[$ind]); $ind++; $fm->logger("File '$filename' uploaded to '".$fm->getUserPath($fm->{CGI}->{dir})."'"); push @files, $filename; } if($ind && $fm->{sendConfirmUpload}){ my $message="$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:\n ". join ",\n",@files; if($fm->{sendAsHtml}){ $message = $fm->get_record( $fm->read_file($fm->{templateDir}."/".$fm->{emlFileUpload}), { MESSAGE=>$message, login=>$fm->currentUser->{login}, first=>$fm->currentUser->{first}, last=>$fm->currentUser->{last}, files=>join ('
',@files), descriptions=>join('
' ,@descLine), upload_to=>$fm->getAdminPath($fm->{CGI}->{dir}), } ); } $fm->male($fm->{toAdmin}, $fm->{fromAdmin}, "$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", $message); if ($fm->{currentUser}->{currentShared}){ if ($fm->{currentUser}->{currentShared}->{groupemail} && $fm->{currentUser}->{currentShared}->{groupemail} ne $fm->{currentUser}->{email}){ $fm->male($fm->{currentUser}->{currentShared}->{groupemail}, $fm->{fromAdmin}, "$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", $message); } if ($fm->{sendToGroupUser}){ $fm->sendToGroup( group=>$fm->{currentUser}->{currentShared}->{groupId}, message=>$message, subject=>"$fm->{MESSAGES}->{re} $fm->{currentUser}->{login} $fm->{MESSAGES}->{successfully_uploaded}:", ); } } else{$fm->sendToFolderOwner($dir,$message);} } } close STDIN; unlink "$fm->{tmpDir}/$fm->{CGI}->{session}.tmp" or die $!; print qq~ {CGI}->{session}');\"> Upload Process finished! ~; unlink "$fm->{tmpDir}/$fm->{CGI}->{session}.tmp"; #unlink "$fm->{tmpDir}/$fm->{CGI}->{session}"; exit; } my $banned = $fm->currentDisabled; my $bannedFile; if (ref $banned eq 'HASH'){ my @ban = keys %$banned; for (@ban){$_="'$_'";} $bannedFile = join(',', @ban); } $bannedFile = "bannedFile =new Array($bannedFile);"; my $onchange=qq~ onchange="checkFile(this)"~; print qq~ $fm->{MESSAGES}->{upload} ~; my $fileDesc=qq~$fm->{MESSAGES}->{description}:~ if $fm->{fileDescriptionOn}; print qq~
$fm->{MESSAGES}->{upload}
$fm->{MESSAGES}->{upload} Flash $fm->{MESSAGES}->{upload}
$fileDesc $fileDesc $fileDesc $fileDesc $fileDesc $fileDesc $fileDesc $fileDesc $fileDesc $fileDesc
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
$fm->{MESSAGES}->{file}:
Prevent files from being overwritten
{MESSAGES}->{cancel}>
~; exit; } sub forgott{ $fm->restore();exit; } sub restore{ $fm->restore();exit; } sub qbar{ return if $fm->{currentUser}->{isAdmin} && !$fm->{isShared}; my $quota = $fm->{isShared}? $fm->currentUser->{'SHARED'}->{$fm->{isShared}}->{slimit} : $fm->currentUser->{diskquota}; return unless $quota; my $bar =''; if ($fm->{quoteBarOn}){ my $used = $fm->usedSpace($fm->{isShared}? $fm->currentUser->{'SHARED'}->{$fm->{isShared}}->{path} : undef); my $len = int (($used/1024) * 200/$quota); $len = 200 if $used/1024>$quota; $used = sprintf('%0.2F',$used/1024)." $fm->{MESSAGES}->{Mb}"; my $quote = "$quota $fm->{MESSAGES}->{Mb}"; $bar ="
| $fm->{MESSAGES}->{Space}: $used
{htmlDataFolder}/Skins/$fm->{SkinFolder}/qbar.gif\" style=\"height:9px;width:".$len."px;\">
$quote
"; } return $bar; } sub play{ my $link = shift; my $name = shift; print "Content-type: text/html; charset=utf-8\n\n"; print <
  • play
  • pause
  • stop
  • min volume
  • max volume
$name
END exit; }