github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 02:28:05 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

🔒 ♻️ Implement secure exec wrapper functions.

Browse source
This commit is contained in:
Flat 2015-12-02 21:24:34 +09:00
commit 8e951ac72e
115 changed files with 1345 additions and 1986 deletions
Download patch file Download diff file Expand all files Collapse all files

12
web/file_manager/fm_api.php
View file

@ -10,13 +10,12 @@ include($_SERVER['DOCUMENT_ROOT']."/file_manager/fm_core.php");
// todo: set in session?
if (empty($panel)) {
$command = VESTA_CMD."v-list-user '".$user."' 'json'";
exec ($command, $output, $return_var);
if ( $return_var > 0 ) {
$return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
if ($return_var > 0) {
header("Location: /error/");
exit;
}
$panel = json_decode(implode('', $output), true);
$panel = json_decode($output, true);
}
$fm = new FileManager($user);
@ -31,27 +30,23 @@ switch ($_REQUEST['action']) {
break;
case 'check_file_type':
$dir = $_REQUEST['dir'];
print json_encode($fm->checkFileType($dir));
break;
case 'rename_file':
$dir = $_REQUEST['dir'];
$item = $_REQUEST['item'];
$target_name = $_REQUEST['target_name'];
print json_encode($fm->renameFile($dir, $item, $target_name));
break;
case 'rename_directory':
$dir = $_REQUEST['dir'];
$item = $_REQUEST['item'];
$target_name = $_REQUEST['target_name'];
print json_encode($fm->renameDirectory($dir, $item, $target_name));
break;
case 'delete_files':
$dir = $_REQUEST['dir'];
$item = $_REQUEST['item'];
print json_encode($fm->deleteItem($dir, $item));
break;
case 'create_file':
@ -64,7 +59,6 @@ switch ($_REQUEST['action']) {
$dirname = $_REQUEST['dirname'];
print json_encode($fm->createDir($dir, $dirname));
break;
case 'open_file':
$dir = $_REQUEST['dir'];
print json_encode($fm->open_file($dir));

199
web/file_manager/fm_core.php
View file

@ -1,7 +1,9 @@
<?php
require_once(__DIR__.'/../inc/exec.php');
class FileManager {
protected $delimeter = '|';
protected $info_positions = array(
'TYPE' => 0,
@ -13,26 +15,45 @@ class FileManager {
'SIZE' => 6,
'NAME' => 7
);
protected $user = null;
public $ROOT_DIR = null;
static function v_exec($command, array $arguments=[], $checkReturn=true, &$output=null) {
$output = '';
$return_var = v_exec($command, $arguments, false, $output);
return $checkReturn ? self::check_return_code($return_var, explode("\n", $output)) : null;
}
static function check_return_code($return_var, $output) {
if ($return_var != 0) {
$error = implode('<br>', $output);
return $error;
//if (empty($error)) $error = __('Error code:',$return_var);
//$_SESSION['error_msg'] = $error;
}
return null;
}
public function setRootDir($root = null) {
if (null != $root) {
$root = realpath($root);
$root = realpath($root);
}
$this->ROOT_DIR = $root;
}
public function __construct($user) {
$this->user = $user;
}
/*public function init() {
$path = !empty($_REQUEST['dir']) ? $_REQUEST['dir'] : '';
$start_url = !empty($path) ? $this->ROOT_DIR . '/' . $path : $this->ROOT_DIR;
$listing = $this->getDirectoryListing($path);
return $data = array(
'result' => true,
'ROOT_DIR' => $this->ROOT_DIR,
@ -41,55 +62,52 @@ class FileManager {
'listing' => $listing
);
}*/
public function checkFileType($dir) {
$dir = $this->formatFullPath($dir);
exec(VESTA_CMD . "v-get-fs-file-type {$this->user} {$dir}", $output, $return_var);
$error = self::check_return_code($return_var, $output);
$error = self::v_exec('v-get-fs-file-type', [$this->user, $dir]);
if (empty($error)) {
return array(
'result' => true,
'data' => implode('', $output)
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
);
}
}
public function formatFullPath($path_part = '') {
if (substr($path_part, 0, strlen($this->ROOT_DIR)) === $this->ROOT_DIR) {
$path = $path_part;
}
else {
} else {
$path = $this->ROOT_DIR . '/' . $path_part;
}
//var_dump($path);die();
//$path = str_replace(' ', '\ ', $path);
return escapeshellarg($path);
return $path;
}
function deleteItem($dir, $item) {
$dir = $this->formatFullPath($item);
exec (VESTA_CMD . "v-delete-fs-directory {$this->user} {$dir}", $output, $return_var);
$error = self::check_return_code($return_var, $output);
$error = self::v_exec('v-delete-fs-directory', [$this->user, $dir]);
if (empty($error)) {
return array(
'result' => true
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
);
}
/*if (is_readable($item)) {
unlink($item);
}
@ -103,100 +121,76 @@ class FileManager {
'result' => true
);*/
}
function copyFile($item, $dir, $target_dir, $filename) {
$src = $this->formatFullPath($item);
$dst = $this->formatFullPath($target_dir);
exec (VESTA_CMD . "v-copy-fs-file {$this->user} {$src} {$dst}", $output, $return_var);
$error = self::check_return_code($return_var, $output);
$error = self::v_exec('v-copy-fs-file', [$this->user, $src, $dst]);
if (empty($error)) {
return array(
'result' => true
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
);
}
}
function copyDirectory($item, $dir, $target_dir, $filename) {
$src = $this->formatFullPath($item);
$dst = $this->formatFullPath($target_dir);
exec (VESTA_CMD . "v-copy-fs-directory {$this->user} {$src} {$dst}", $output, $return_var);
$error = self::v_exec('v-copy-fs-directory', [$this->user, $src, $dst]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) {
return array(
'result' => true
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
);
}
}
static function check_return_code($return_var, $output) {
if ($return_var != 0) {
$error = implode('<br>', $output);
return $error;
//if (empty($error)) $error = __('Error code:',$return_var);
//$_SESSION['error_msg'] = $error;
}
return null;
}
function createFile($dir, $filename) {
$dir = $this->formatFullPath($dir . '/' . $filename);
exec (VESTA_CMD . "v-add-fs-file {$this->user} {$dir}", $output, $return_var);
$error = self::v_exec('v-add-fs-file', [$this->user, $dir]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) {
return array(
'result' => true
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
);
}
}
function packItem($item, $dir, $target_dir, $filename) {
$item = $this->formatFullPath($item);
$dst_item = $this->formatFullPath($target_dir);
$dst_item = str_replace('.tar.gz', '', $dst_item);
//$item = str_replace($dir . '/', '', $item);
//var_dump(VESTA_CMD . "v-add-fs-archive {$this->user} {$dst_item} {$item}");die();
exec (VESTA_CMD . "v-add-fs-archive {$this->user} {$dst_item} {$item}", $output, $return_var);
$error = self::check_return_code($return_var, $output);
$error = self::v_exec('v-add-fs-archive', [$this->user, $dst_item, $item]);
if (empty($error)) {
return array(
'result' => true
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
@ -205,83 +199,58 @@ class FileManager {
}
function backupItem($item) {
$src_item = $this->formatFullPath($item);
$dst_item_name = $item . '~' . date('Ymd_His');
$dst_item = $this->formatFullPath($dst_item_name);
//print VESTA_CMD . "v-add-fs-archive {$this->user} {$item} {$dst_item}";die();
exec (VESTA_CMD . "v-copy-fs-file {$this->user} {$src_item} {$dst_item}", $output, $return_var);
$error = self::check_return_code($return_var, $output);
$error = self::v_exec('v-copy-fs-file', [$this->user, $src_item, $dst_item]);
if (empty($error)) {
return array(
'result' => true,
'filename' => $dst_item_name
);
}
else {
return array(
'result' => false,
'message' => $error
);
}
$error = self::check_return_code($return_var, $output);
if (empty($error)) {
return array(
'result' => true
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
);
}
}
function unpackItem($item, $dir, $target_dir, $filename) {
$item = $this->formatFullPath($item);
$dst_item = $this->formatFullPath($target_dir);
exec (VESTA_CMD . "v-extract-fs-archive {$this->user} {$item} {$dst_item}", $output, $return_var);
$error = self::v_exec('v-extract-fs-archive', [$this->user, $item, $dst_item]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) {
return array(
'result' => true
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
);
}
}
function renameFile($dir, $item, $target_name) {
$item = $this->formatFullPath($dir . '/' . $item);
$dst_item = $this->formatFullPath($dir . '/' . $target_name);
// var_dump(VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}");die();
exec (VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}", $output, $return_var);
//var_dump(VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}");die();
$error = self::v_exec('v-move-fs-file', [$this->user, $item, $dst_item]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) {
return array(
'result' => true
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
@ -298,51 +267,43 @@ class FileManager {
);
}
$error = self::v_exec('v-move-fs-directory', [$this->user, $item, $dst_item]);
exec (VESTA_CMD . "v-move-fs-directory {$this->user} {$item} {$dst_item}", $output, $return_var);
$error = self::check_return_code($return_var, $output);
if (empty($error)) {
return array(
'result' => true
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
);
}
}
function createDir($dir, $dirname) {
$dir = $this->formatFullPath($dir . '/' . $dirname);
exec (VESTA_CMD . "v-add-fs-directory {$this->user} {$dir}", $output, $return_var);
$error = self::v_exec('v-add-fs-directory', [$this->user, $dir]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) {
return array(
'result' => true
);
}
else {
} else {
return array(
'result' => false,
'message' => $error
);
}
}
function getDirectoryListing($dir = '') {
$dir = $this->formatFullPath($dir);
exec (VESTA_CMD . "v-list-fs-directory {$this->user} {$dir}", $output, $return_var);
return $this->parseListing($output);
self::v_exec('v-list-fs-directory', [$this->user, $dir], false, $output);
return $this->parseListing(explode("\n", $output));
}
public function ls($dir = '') {
$listing = $this->getDirectoryListing($dir);
@ -351,7 +312,7 @@ class FileManager {
'listing' => $listing
);
}
public function open_file($dir = '') {
$listing = $this->getDirectoryListing($dir);
@ -360,7 +321,7 @@ class FileManager {
'listing' => $listing
);
}
public function parseListing($raw) {
$data = array();
foreach ($raw as $o) {
@ -376,7 +337,7 @@ class FileManager {
'name' => $info[$this->info_positions['NAME']]
);
}
return $data;
}