| Server IP : 104.21.14.48 / Your IP : 18.117.106.130 [ Web Server : Apache System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64 User : root ( 0) PHP Version : 8.0.30.2 Disable Function : NONE Domains : 0 Domains MySQL : ON | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /var/www/wp-content/plugins/file-manager-advanced/application/ |
Upload File : |
<?php
/*
@package: File Manager Advanced
@Class: class_fma_shortcode
*/
define('fma_file',__FILE__);
if(class_exists('class_fma_shortcode')) {
return;
}
class class_fma_shortcode {
// shortcode
/**
* File Manager Advanced Operations
*/
var $opr = FMA_OPERATIONS;
/**
* Default user path
*/
var $user_path = '/file-manager-advanced/users/';
/**
* Auto function
*/
public function __construct() {
add_action( 'wp_ajax_fma_load_shortcode_fma_ui', array(&$this, 'fma_load_shortcode_fma_ui'));
add_action( 'wp_ajax_nopriv_fma_load_shortcode_fma_ui', array(&$this, 'fma_load_shortcode_fma_ui'));
}
// connection
public function fma_load_shortcode_fma_ui() {
if ( wp_verify_nonce( $_REQUEST['_fmakey'], 'fmaskey' ) ) {
$denyUploadArr = array(
'text/x-php',
'text/php',
'application/php',
'application/x-php',
'application/x-httpd-php',
'application/x-httpd-php-source',
);
$upload_dir = wp_upload_dir();
$current_user = wp_get_current_user();
$el_opr = $this->opr;
$operations = isset($_REQUEST['operations']) ? sanitize_text_field($_REQUEST['operations']) : '';
$pathtype = isset($_REQUEST['path_type']) ? sanitize_text_field($_REQUEST['path_type']) : 'inside';
$read = isset($_REQUEST['r']) ? sanitize_text_field($_REQUEST['r']) : 'true';
$write = isset($_REQUEST['w']) ? sanitize_text_field($_REQUEST['w']) : 'false';
if(!empty($operations)){
if($operations == 'all') {
$el_opr = array();
} else {
$operations = explode(',',$operations);
$el_opr = array_diff($el_opr, $operations); // getting operations
}
}
else {
$el_opr = array();
}
$pa = isset($_REQUEST['path']) ? sanitize_text_field($_REQUEST['path']) : '';
$root = site_url();
/** directory traversal @220723 */
$pa = $this->afm_sanitize_directory($pa);
if( !empty($pa) && $pa != '%' && $pa != '$') {
$path = ABSPATH.$pa;
$root = site_url().'/'.$pa;
} else if($pa == '$') {
if ( isset( $current_user->user_login ) ) {
$user_dir_path = $this->user_path; // static path
$user_dirname = $user_dir_path.$current_user->user_login;
$path = $upload_dir['basedir'].$user_dirname;
$root = $upload_dir['baseurl'].$user_dirname;
}
}
else {
$path = ABSPATH;
$root = site_url();
}
if($pathtype == 'outside') {
$paths = $pa;
$root = !empty($_REQUEST['url']) ? esc_url_raw($_REQUEST['url']) : site_url().'/'.$pa;
} else {
$paths = $path;
}
$fr = array();
$hides = !empty($_REQUEST['hide']) ? sanitize_text_field($_REQUEST['hide']) : '';
$rf = explode(',', $hides);
if(!empty($rf[0]) && is_array($rf)):
foreach($rf as $rrf):
$fr[] = array( 'pattern' => '!^/'.$rrf.'!','hidden' => true );
endforeach;
else:
$fr[] = array('hidden' => 'false', 'read' => $read, 'write' => $write);
endif;
$re = array();
if(!empty($rf[0]) && is_array($rf)):
$x = 0;
while($x <= count($rf) - 1) {
$re[$x] = $fr[$x];
$x++;
}
else:
$re[0] = $fr[0];
endif;
//hide path
if(isset($_REQUEST['hide_path']) && ($_REQUEST['hide_path'] == 'yes')) {
$root = '';
}
// max upload size 241222
// restricting max upload size
$max_upload_size = isset($_REQUEST['upload_max_size']) ? sanitize_text_field($_REQUEST['upload_max_size']) : '0';
// hide unexpected autogenerated folders
$re[] = array(
'pattern' => '/.tmb/',
'read' => false,
'write' => false,
'hidden' => true,
'locked' => false
);
$re[] = array(
'pattern' => '/.quarantine/',
'read' => false,
'write' => false,
'hidden' => true,
'locked' => false
);
$re[] = array(
'pattern' => '/.gitkeep/',
'read' => false,
'write' => false,
'hidden' => true,
'locked' => false
);
$re[] = array(
'pattern' => '/.htaccess/',
'read' => false,
'write' => false,
'hidden' => true,
'locked' => false
);
require 'library/php/autoload.php';
// getting allowed upload
$allowUpload = array();
$uploadDiff = array();
if(isset($_REQUEST['upload_allow']) && !empty($_REQUEST['upload_allow'])) {
$sanitized_upload_allow = sanitize_text_field($_REQUEST['upload_allow']);
$allowUpload = explode(',', $sanitized_upload_allow);
$uploadDiff = array_intersect($allowUpload, $denyUploadArr);
}
/**
* Disallow default php mime upload
*/
if(count($allowUpload) == 0 || in_array('all', $allowUpload)) {
$denyUpload = $denyUploadArr;
$allowUpload = array();
} else if(count($uploadDiff) != 0) {
$denyUpload = $denyUploadArr;
$allowUpload = array_diff($allowUpload, $uploadDiff);
} else {
$denyUpload = array('all');
}
if(isset($_REQUEST['enable_trash']) && ($_REQUEST['enable_trash'] == 'yes')) {
$trash = array(
'id' => '1',
'driver' => 'Trash',
'path' => FMAFILEPATH.'application/library/files/.trash/',
'tmbURL' => site_url() . '/application/library/files/.trash/.tmb/',
'winHashFix' => DIRECTORY_SEPARATOR !== '/', // to make hash same to Linux one on windows too
'uploadDeny' => $denyUpload, // Recomend the same settings as the original volume that uses the trash
'uploadAllow' => $allowUpload,// Same as above
'uploadOrder' => array('deny', 'allow'), // Same as above
'accessControl' => 'access', // Same as above
'attributes' => $re,
);
$trash_f = 't1_Lw';
} else {
$trash = array();
$trash_f = '';
}
/**
* Connector
*/
$opts = array(
'roots' => array(
// Items volume
array(
'driver' => 'LocalFileSystem', // driver for accessing file system (REQUIRED)
'path' => $paths, // path to files (REQUIRED)
'URL' => $root, // URL to files (REQUIRED)
'trashHash' => $trash_f,
'winHashFix' => DIRECTORY_SEPARATOR !== '/', // to make hash same to Linux one on windows too
'uploadDeny' => $denyUpload, // All Mimetypes not allowed to upload
'uploadAllow' => $allowUpload,// Mimetype `image` and `text/plain` allowed to upload
'uploadOrder' => array('deny', 'allow'), // allowed Mimetype `image` and `text/plain` only
'accessControl' => 'fma_plugin_file_access', // disable and hide dot starting files (OPTIONAL)
'acceptedName' => 'fma_plugin_file_validName',
'uploadMaxSize' => $max_upload_size,
'disabled' => $el_opr,
'attributes' => $re,
),
$trash
)
);
// run elFinder
$fmaconnector = new elFinderConnector(new elFinder($opts));
$fmaconnector->run();
}
die;
}
/**
* Sanitize directory path
*/
public function afm_sanitize_directory($path = '') {
if(!empty($path)) {
$path = str_replace('..', '', htmlentities(trim($path)));
}
return $path;
}
}
new class_fma_shortcode;
/**
* Hook to fix invalid and malicious files
*/
function fma_plugin_file_validName($name) {
if(!empty($name)) {
$name = sanitize_file_name($name);
if(strpos($name, '.php') || strpos($name, '.ini') || strpos($name, '.htaccess') || strpos($name, '.config')) {
return false;
} else {
return strpos($name, '.') !== 0;
}
}
}
/**
* Access
*/
function fma_plugin_file_access($attr, $path, $data, $volume, $isDir, $relpath) {
return $basename[0] === '.' // if file/folder begins with '.' (dot)
&& strlen($relpath) !== 1 // but with out volume root
? !($attr == 'read' || $attr == 'write') // set read+write to false, other (locked+hidden) set to true
: null; // else elFinder decide it itself
}
?>