- Timestamp:
- 12/22/09 09:24:26 (14 years ago)
- Location:
- sandbox/filemanager
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
sandbox/filemanager/inc/class.uifilemanager.inc.php
r1879 r1880 616 616 $vars[css].='<link rel="stylesheet" type="text/css" href="phpgwapi/js/dftree/dftree.css">'; 617 617 $vars[preferences]='<input type="hidden" id="userPreferences" value=\''.serialize($_SESSION['phpgw_info']['user']['preferences']['filemanager']).'\'>'; 618 // Used for important operations that needs security 619 for ($key = ""; strlen($key) < 150; $key .= chr(rand(48,95))); 620 $_SESSION['phpgw_info']['filemanager']['user']['sec_key'] = $key; 621 $vars[sec_key]='<input type="hidden" id="userKey" value=\''.$key.'\'>'; 618 622 $vars[script]='<script>initDrawApi();</script>'; 619 623 … … 827 831 function removedir() 828 832 { 829 $now = intval(time() / 5); 830 for ($i=0;$i<20;$i++) 831 $now.=$now; 832 $toRemove = $this->path ^ $now; 833 $toRemove = $this->path ^ $_SESSION['phpgw_info']['filemanager']['user']['sec_key']; 833 834 if ( $this->bo->vfs->rm(array( 'string' => $toRemove, 834 835 'relatives' => array (RELATIVE_NONE) -
sandbox/filemanager/inc/class.vfs_functions.inc.php
r1869 r1880 277 277 278 278 if (strlen($this->pswd) > 0){ 279 $command = " -P ".(base64_decode($this->pswd) ^ $ this->path)." ".$command;279 $command = " -P ".(base64_decode($this->pswd) ^ $_SESSION['phpgw_info']['filemanager']['user']['sec_key'])." ".$command; 280 280 } 281 281 … … 305 305 $command = escapeshellarg($this->file); 306 306 if (strlen($this->pswd) > 0){ 307 $command = " -P ".(base64_decode($this->pswd) ^ $ this->path)." ".$command;307 $command = " -P ".(base64_decode($this->pswd) ^ $_SESSION['phpgw_info']['filemanager']['user']['sec_key'])." ".$command; 308 308 } 309 309 -
sandbox/filemanager/js/common_functions.js
r1874 r1880 75 75 } 76 76 } 77 function crypt(data1,data2){ 78 ret = ""; 79 for (var i=0;i < data1.length; i++) 80 { 81 ret += String.fromCharCode(data1.charCodeAt(i) ^ data2.charCodeAt(i)); 82 } 83 return ret; 84 } 77 78 (function( ) 79 { 80 var sec_key = null; 81 function encode( data ) 82 { 83 if (data == null) 84 return null; 85 ret = ""; 86 for ( var i=0;i < data.length; i++ ) 87 { 88 ret += String.fromCharCode(data.charCodeAt(i) ^ sec_key.charCodeAt(i)); 89 } 90 return ret; 91 } 92 93 function crypt( input ) 94 { 95 sec_key = input; 96 } 97 98 crypt.prototype.encode = encode; 99 window.crypt = crypt; 100 })( ); 101 85 102 /* 86 103 * base64.js - Base64 encoding and decoding functions -
sandbox/filemanager/js/draw_api.js
r1879 r1880 148 148 149 149 function initDrawApi(){ 150 SecEl = document.getElementById('userKey'); 151 crypt = new crypt(SecEl.value); 152 SecEl.parentNode.removeChild(SecEl); 153 150 154 loadPreferences(); 151 155 currentPath = document.getElementById('currentPath').value; … … 286 290 if (preferences.createdby_id =='1') retBuff += fl.td+file.creatdby+'</td>'; 287 291 if (preferences.modifiedby_id =='1') retBuff += fl.td+file.modifdby+'</td>'; 288 if (preferences.comment =='1') retBuff += fl.td+'<input id="'+file.name+'" class="inputComment" onkeydown="enterComments(event,this)" onclick="presetComments(this)" onblur="setComments(this)" value="'+ file.comm+'" alt="'+get_lang('Click to change comments')+'" title="'+get_lang('Click to change comments')+'"></input></td>';292 if (preferences.comment =='1') retBuff += fl.td+'<input id="'+file.name+'" class="inputComment" onkeydown="enterComments(event,this)" onclick="presetComments(this)" onblur="setComments(this)" value="'+(file.comm==null?'':file.comm)+'" alt="'+get_lang('Click to change comments')+'" title="'+get_lang('Click to change comments')+'"></input></td>'; 289 293 if (preferences.version =='1') retBuff += fl.td+'<span onclick="loadHistory(\''+file.name+'\')">'+file.vers+'</span></td>'; 290 294 return retBuff; … … 499 503 } 500 504 // TODO use DES, or something strong 501 var pswd = crypt (password,currentPath);505 var pswd = crypt.encode(password); 502 506 cExecute('./index.php?menuaction=filemanager.vfs_functions.archive&pswd='+base64_encode(pswd.toString())+'&path='+base64_encode(currentPath)+filesUrl,handler.archive); 503 507 break; … … 578 582 579 583 function unarchive(filename){ 580 password = prompt(get_lang('Please, type archive password or leave it empty if it is not encrypted'));584 password = crypt.encode(prompt(get_lang('Please, type archive password or leave it empty if it is not encrypted'))); 581 585 if (password == null) 582 586 return; 583 var pswd = crypt(password,currentPath); 584 cExecute('./index.php?menuaction=filemanager.vfs_functions.unarchive&pswd='+base64_encode(pswd)+'&path='+base64_encode(currentPath)+'&file='+base64_encode(filename),handler.archive); 587 cExecute('./index.php?menuaction=filemanager.vfs_functions.unarchive&pswd='+base64_encode(password)+'&path='+base64_encode(currentPath)+'&file='+base64_encode(filename),handler.archive); 585 588 } 586 589 … … 600 603 } 601 604 else 602 if (operation == 'remove'){605 if (operation == 'remove'){ 603 606 var Dfolder = document.getElementById('folders_box').value; 604 607 if (confirm(get_lang('Do you really want to remove folder: %1?',Dfolder), '')) 605 608 { 606 var now = new Date(); 607 nowTs = parseInt(now.getTime()/5000).toString(); 608 for (var i=0 ;i < 20; i++) 609 nowTs+=nowTs; 610 var toRemove = crypt(Dfolder,nowTs); 611 cExecute('./index.php?menuaction=filemanager.uifilemanager.removedir&path='+base64_encode(toRemove),handler.refreshDir); 612 var lastIndex = Dfolder.lastIndexOf('/'); 609 cExecute('./index.php?menuaction=filemanager.uifilemanager.removedir&path='+base64_encode(crypt.encode(Dfolder)),handler.refreshDir); 610 var lastIndex = Dfolder.lastIndexOf('/'); 613 611 currentPath = Dfolder.substr(0,lastIndex); 614 612 close_window(); 615 613 } 616 }617 else{618 var buf = "<select id='folders_box'>";619 for (var i=0; i < folders.length; i++)620 buf += "<option value='"+folders[i]+"'>"+folders[i]+"</option>";621 buf += "</select>";622 code = "<table><tbody><tr><td>"+buf+"</td></tr><tr><td><input type='button' onclick='editFolders(\"new\")' value='"+get_lang('new folder')+"'></td><td><input type='button' onclick='editFolders(\"remove\")' value='"+get_lang('remove folder')+"'></td></tr></tbody></table>";623 draw_window(code);624 }614 } 615 else{ 616 var buf = "<select id='folders_box'>"; 617 for (var i=0; i < folders.length; i++) 618 buf += "<option value='"+folders[i]+"'>"+folders[i]+"</option>"; 619 buf += "</select>"; 620 code = "<table><tbody><tr><td>"+buf+"</td></tr><tr><td><input type='button' onclick='editFolders(\"new\")' value='"+get_lang('new folder')+"'></td><td><input type='button' onclick='editFolders(\"remove\")' value='"+get_lang('remove folder')+"'></td></tr></tbody></table>"; 621 draw_window(code); 622 } 625 623 } 626 624 -
sandbox/filemanager/js/global.js
r1879 r1880 15 15 var criteria='name'; 16 16 var order_type = '1'; // Ascending is 1, descending is 0 17 var crypt; // Used to send encrypted stuff 17 18 18 19 // Store permissions of current path use it BUT DO NOT rely on it -
sandbox/filemanager/js/handler.js
r1879 r1880 127 127 var rootFold = new dNode({id:'root', caption:get_lang("filemanager")}); 128 128 folders_tree.add(rootFold,'root'); 129 var myfolder = new dNode({id:folders[0], caption:get_lang("My Folder"), onClick:'load(\''+folders[0]+'\',this)'});129 var myfolder = new dNode({id:folders[0], caption:get_lang("My Folder"), plusSign:(folders[1].indexOf(folders[0]+'/') == 0), onClick:'load(\''+folders[0]+'\',this)'}); 130 130 folders_tree.add(myfolder,'root'); 131 131 for (var i=1;i<folders.length;i++) … … 135 135 var parentDir = folders[i].substr(0,lastIndex); 136 136 if (parentDir == '/home') 137 {138 137 parentDir = 'root'; 139 folder = new dNode({id:folders[i], caption:name, plusSign:true, onClick:'load(\''+folders[i]+'\',this)'}); 140 } 141 else 142 folder = new dNode({id:folders[i], caption:name, plusSign:false, onClick:'load(\''+folders[i]+'\',this)'}); 138 next = (folders[i+1]?folders[i+1]:""); 139 folder = new dNode({id:folders[i], caption:name, plusSign:(next.indexOf(folders[i]+'/') == 0), onClick:'load(\''+folders[i]+'\',this)'}); 143 140 folders_tree.add(folder,parentDir); 144 141 } -
sandbox/filemanager/templates/default/main.tpl
r1879 r1880 65 65 </div> 66 66 {preferences} 67 {sec_key} 67 68 {script} 68 69 <!-- END filemanager_footer -->
Note: See TracChangeset
for help on using the changeset viewer.