-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathtool-edit-file.php
More file actions
99 lines (95 loc) · 2.22 KB
/
tool-edit-file.php
File metadata and controls
99 lines (95 loc) · 2.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
include_once dirname(__FILE__)."/functions.php";
include_once dirname(__FILE__)."/auth.php";
include dirname(__FILE__)."/conf.php";
if($cfg->authentification_needed && !$userlogin)
{
exit();
}
if(@$_GET['option']=='openfile')
{
$filepath = path_decode(kh_filter_input(INPUT_GET, 'filepath'), $cfg->rootdir);
if(file_exists($filepath))
{
$cnt = file_get_contents($filepath);
}
else
{
$cnt = "";
}
?>
<form id="filetexteditor" name="filetexteditor" method="post" action="">
<div class="filename-area">
<table width="100%" cellpadding="0" cellspacing="0">
<tr>
<td>
<input type="text" class="input-text" name="filepath" id="filepath" value="<?php echo htmlspecialchars(path_encode($filepath, $cfg->rootdir));?>" autocomplete="off" />
</td>
<td width="64" align="right">
<input type="button" name="open" id="open" value="Open" class="com-button" onclick="openFile($('#filepath').val())" />
</td>
</tr>
</table>
</div>
<div class="fileeditor">
<textarea name="filecontent" id="filecontent" spellcheck="false"><?php echo htmlspecialchars($cnt);?></textarea>
</div>
</form>
<?php
}
if(@$_GET['option']=='savefile' && isset($_POST['filepath']))
{
if($cfg->readonly){
die('READONLY');
}
$filepath = path_decode(kh_filter_input(INPUT_POST, 'filepath'));
// prepare dir
$dir = dirname($filepath);
$dir = str_replace("\\","/",$dir);
$arr = explode("/", $dir);
if(is_array($arr))
{
$d2c = "";
foreach($arr as $k=>$v)
{
$d2c .= $v;
if(strlen($d2c)>=strlen($cfg->rootdir))
{
if(!file_exists($d2c))
{
mkdir($d2c);
}
}
$d2c .= "/";
}
}
$content = kh_filter_input(INPUT_POST, 'filecontent');
$content = str_replace(array("\n"), array("\r\n"), $content);
$content = str_replace(array("\r\r\n"), array("\r\n"), $content);
$tt = getMIMEType($filepath);
if(in_array($tt->extension, $cfg->forbidden_extension)){
die('FORBIDDENEXT');
}
if(!is_writable($filepath) && file_exists($filepath))
{
die('READONLYFILE');
}
if(filetype($filepath) == 'dir' && file_exists($filepath))
{
die('ISDIR');
}
$md51 = md5_file($filepath);
$fp = fopen($filepath, "w");
fwrite($fp, $content);
fclose($fp);
$md52 = md5_file($filepath);
if($md51 != $md52)
{
echo 'SAVED';
}
else
{
echo 'NOTMODIFIED';
}
}
?>