Server IP : 104.21.14.48 / Your IP : 18.117.106.130 [ Web Server : Apache System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64 User : root ( 0) PHP Version : 8.0.30.2 Disable Function : NONE Domains : 0 Domains MySQL : ON | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /var/www/wp-content/plugins/file-manager-advanced/application/ |
Upload File : |
<?php /* @package: File Manager Advanced @Class: class_fma_shortcode */ define('fma_file',__FILE__); if(class_exists('class_fma_shortcode')) { return; } class class_fma_shortcode { // shortcode /** * File Manager Advanced Operations */ var $opr = FMA_OPERATIONS; /** * Default user path */ var $user_path = '/file-manager-advanced/users/'; /** * Auto function */ public function __construct() { add_action( 'wp_ajax_fma_load_shortcode_fma_ui', array(&$this, 'fma_load_shortcode_fma_ui')); add_action( 'wp_ajax_nopriv_fma_load_shortcode_fma_ui', array(&$this, 'fma_load_shortcode_fma_ui')); } // connection public function fma_load_shortcode_fma_ui() { if ( wp_verify_nonce( $_REQUEST['_fmakey'], 'fmaskey' ) ) { $denyUploadArr = array( 'text/x-php', 'text/php', 'application/php', 'application/x-php', 'application/x-httpd-php', 'application/x-httpd-php-source', ); $upload_dir = wp_upload_dir(); $current_user = wp_get_current_user(); $el_opr = $this->opr; $operations = isset($_REQUEST['operations']) ? sanitize_text_field($_REQUEST['operations']) : ''; $pathtype = isset($_REQUEST['path_type']) ? sanitize_text_field($_REQUEST['path_type']) : 'inside'; $read = isset($_REQUEST['r']) ? sanitize_text_field($_REQUEST['r']) : 'true'; $write = isset($_REQUEST['w']) ? sanitize_text_field($_REQUEST['w']) : 'false'; if(!empty($operations)){ if($operations == 'all') { $el_opr = array(); } else { $operations = explode(',',$operations); $el_opr = array_diff($el_opr, $operations); // getting operations } } else { $el_opr = array(); } $pa = isset($_REQUEST['path']) ? sanitize_text_field($_REQUEST['path']) : ''; $root = site_url(); /** directory traversal @220723 */ $pa = $this->afm_sanitize_directory($pa); if( !empty($pa) && $pa != '%' && $pa != '$') { $path = ABSPATH.$pa; $root = site_url().'/'.$pa; } else if($pa == '$') { if ( isset( $current_user->user_login ) ) { $user_dir_path = $this->user_path; // static path $user_dirname = $user_dir_path.$current_user->user_login; $path = $upload_dir['basedir'].$user_dirname; $root = $upload_dir['baseurl'].$user_dirname; } } else { $path = ABSPATH; $root = site_url(); } if($pathtype == 'outside') { $paths = $pa; $root = !empty($_REQUEST['url']) ? esc_url_raw($_REQUEST['url']) : site_url().'/'.$pa; } else { $paths = $path; } $fr = array(); $hides = !empty($_REQUEST['hide']) ? sanitize_text_field($_REQUEST['hide']) : ''; $rf = explode(',', $hides); if(!empty($rf[0]) && is_array($rf)): foreach($rf as $rrf): $fr[] = array( 'pattern' => '!^/'.$rrf.'!','hidden' => true ); endforeach; else: $fr[] = array('hidden' => 'false', 'read' => $read, 'write' => $write); endif; $re = array(); if(!empty($rf[0]) && is_array($rf)): $x = 0; while($x <= count($rf) - 1) { $re[$x] = $fr[$x]; $x++; } else: $re[0] = $fr[0]; endif; //hide path if(isset($_REQUEST['hide_path']) && ($_REQUEST['hide_path'] == 'yes')) { $root = ''; } // max upload size 241222 // restricting max upload size $max_upload_size = isset($_REQUEST['upload_max_size']) ? sanitize_text_field($_REQUEST['upload_max_size']) : '0'; // hide unexpected autogenerated folders $re[] = array( 'pattern' => '/.tmb/', 'read' => false, 'write' => false, 'hidden' => true, 'locked' => false ); $re[] = array( 'pattern' => '/.quarantine/', 'read' => false, 'write' => false, 'hidden' => true, 'locked' => false ); $re[] = array( 'pattern' => '/.gitkeep/', 'read' => false, 'write' => false, 'hidden' => true, 'locked' => false ); $re[] = array( 'pattern' => '/.htaccess/', 'read' => false, 'write' => false, 'hidden' => true, 'locked' => false ); require 'library/php/autoload.php'; // getting allowed upload $allowUpload = array(); $uploadDiff = array(); if(isset($_REQUEST['upload_allow']) && !empty($_REQUEST['upload_allow'])) { $sanitized_upload_allow = sanitize_text_field($_REQUEST['upload_allow']); $allowUpload = explode(',', $sanitized_upload_allow); $uploadDiff = array_intersect($allowUpload, $denyUploadArr); } /** * Disallow default php mime upload */ if(count($allowUpload) == 0 || in_array('all', $allowUpload)) { $denyUpload = $denyUploadArr; $allowUpload = array(); } else if(count($uploadDiff) != 0) { $denyUpload = $denyUploadArr; $allowUpload = array_diff($allowUpload, $uploadDiff); } else { $denyUpload = array('all'); } if(isset($_REQUEST['enable_trash']) && ($_REQUEST['enable_trash'] == 'yes')) { $trash = array( 'id' => '1', 'driver' => 'Trash', 'path' => FMAFILEPATH.'application/library/files/.trash/', 'tmbURL' => site_url() . '/application/library/files/.trash/.tmb/', 'winHashFix' => DIRECTORY_SEPARATOR !== '/', // to make hash same to Linux one on windows too 'uploadDeny' => $denyUpload, // Recomend the same settings as the original volume that uses the trash 'uploadAllow' => $allowUpload,// Same as above 'uploadOrder' => array('deny', 'allow'), // Same as above 'accessControl' => 'access', // Same as above 'attributes' => $re, ); $trash_f = 't1_Lw'; } else { $trash = array(); $trash_f = ''; } /** * Connector */ $opts = array( 'roots' => array( // Items volume array( 'driver' => 'LocalFileSystem', // driver for accessing file system (REQUIRED) 'path' => $paths, // path to files (REQUIRED) 'URL' => $root, // URL to files (REQUIRED) 'trashHash' => $trash_f, 'winHashFix' => DIRECTORY_SEPARATOR !== '/', // to make hash same to Linux one on windows too 'uploadDeny' => $denyUpload, // All Mimetypes not allowed to upload 'uploadAllow' => $allowUpload,// Mimetype `image` and `text/plain` allowed to upload 'uploadOrder' => array('deny', 'allow'), // allowed Mimetype `image` and `text/plain` only 'accessControl' => 'fma_plugin_file_access', // disable and hide dot starting files (OPTIONAL) 'acceptedName' => 'fma_plugin_file_validName', 'uploadMaxSize' => $max_upload_size, 'disabled' => $el_opr, 'attributes' => $re, ), $trash ) ); // run elFinder $fmaconnector = new elFinderConnector(new elFinder($opts)); $fmaconnector->run(); } die; } /** * Sanitize directory path */ public function afm_sanitize_directory($path = '') { if(!empty($path)) { $path = str_replace('..', '', htmlentities(trim($path))); } return $path; } } new class_fma_shortcode; /** * Hook to fix invalid and malicious files */ function fma_plugin_file_validName($name) { if(!empty($name)) { $name = sanitize_file_name($name); if(strpos($name, '.php') || strpos($name, '.ini') || strpos($name, '.htaccess') || strpos($name, '.config')) { return false; } else { return strpos($name, '.') !== 0; } } } /** * Access */ function fma_plugin_file_access($attr, $path, $data, $volume, $isDir, $relpath) { return $basename[0] === '.' // if file/folder begins with '.' (dot) && strlen($relpath) !== 1 // but with out volume root ? !($attr == 'read' || $attr == 'write') // set read+write to false, other (locked+hidden) set to true : null; // else elFinder decide it itself } ?>