Changeset 2240484
- Timestamp:
- 02/07/2020 01:29:56 PM (6 years ago)
- Location:
- secure-file-manager/trunk
- Files:
-
- 4 edited
-
includes/admin.php (modified) (5 diffs)
-
readme.txt (modified) (2 diffs)
-
secure-file-manager.php (modified) (3 diffs)
-
vendor/elfinder/php/connector.minimal.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
secure-file-manager/trunk/includes/admin.php
r2069351 r2240484 3 3 * Code for Admin Options 4 4 * 5 * @since 2. 15 * @since 2.4 6 6 * @package Secure File Manager 7 7 * @author Themexa … … 26 26 __( 'Settings', 'secure-file-manager' ), 27 27 __( 'Settings', 'secure-file-manager' ), 28 ' read',28 'administrator', 29 29 'sfm_settings', 30 30 'sfm_settings_display' … … 34 34 function sfm_file_manager_display() { 35 35 36 if ( get_option( 'sfm_auth_user' ) ) { 37 $currentUser = get_current_user_id(); 38 $currentUserRole = wp_get_current_user(); 39 $roles = ( array ) $currentUserRole->roles; 36 if ( ! get_option( 'sfm_auth_user' ) ) { 37 update_option( 'sfm_auth_user', (array)'' ); 38 } 39 $currentUser = get_current_user_id(); 40 $currentUserRole = wp_get_current_user(); 41 $roles = ( array ) $currentUserRole->roles; 40 42 41 if ( ! (current_user_can('update_core') || in_array( $currentUser, get_option( 'sfm_auth_user' ) ) || array_intersect( get_option( 'sfm_auth_roles' ), $roles ) ) ) { 42 wp_die( '<h1>Unauthorized Access. Please contact Site Administrator.</h1>' ); 43 } 43 if ( ! (current_user_can('update_core') || in_array( $currentUser, get_option( 'sfm_auth_user' ) ) || array_intersect( get_option( 'sfm_auth_roles' ), $roles ) ) ) { 44 wp_die( '<h1>Unauthorized Access. Please contact Site Administrator.</h1>' ); 44 45 } 45 46 … … 51 52 <div class="jumbotron" style="background-image: url( <?php echo plugin_dir_url( dirname( __FILE__ ) ); ?>assets/images/tinypixi_pluginman_head.png ); "> 52 53 <h1 class="display-3"><?php _e( 'Secure File Manager', 'secure-file-manager' ); ?></h1> 53 <p class="lead"><?php _e( 'WordPress file editing made easy (and secure)', ' bwpse' ); ?></p>54 <p class="lead"><?php _e( 'WordPress file editing made easy (and secure)', 'secure-file-manager' ); ?></p> 54 55 </div> 55 56 </div> … … 93 94 ?> 94 95 <strong><label><?php _e( 'Which user should have access to the File Manager?', 'secure-file-manager' ); ?></label></strong> 95 <input type="text" name="sfm_auth_user" id="sfm_auth_user" placeholder="e.g. 1, 2, 3" class="form-control" value="<?php echo implode(', ', get_option( 'sfm_auth_user' )); ?>">96 <input type="text" name="sfm_auth_user" id="sfm_auth_user" placeholder="e.g. 1, 2, 3" class="form-control" value="<?php echo implode(', ', (array) get_option( 'sfm_auth_user' )); ?>"> 96 97 <small class="form-text text-muted"><?php _e( 'Enter specific user ID. Enter comma ( , ) between IDs if there are more than one.', 'secure-file-manager' ); ?></small> 97 98 </div> -
secure-file-manager/trunk/readme.txt
r2239547 r2240484 6 6 Tested up to: 5.3 7 7 Requires PHP: 5.6 8 Stable tag: 2. 38 Stable tag: 2.4 9 9 License: GPLv2 or later 10 10 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 103 103 * CSS Filetype Allowed to Upload and Edit. 104 104 105 = 2.4 = 106 * Critical Fix: Direct Access to download files without authentication - Fixed. 107 * User Specific Permission Warning Fixed. 108 105 109 == Upgrade Notice == 106 110 = 1.0 = -
secure-file-manager/trunk/secure-file-manager.php
r2239547 r2240484 3 3 /** 4 4 * @package Secure File Manager 5 * @version 2. 35 * @version 2.4 6 6 */ 7 7 … … 11 11 Description: Most Beautiful and Secure WordPress File Manager 12 12 Author: Themexa 13 Version: 2. 313 Version: 2.4 14 14 Author URI: https://www.themexa.com 15 15 License: GPL2 … … 25 25 * Current plugin version. 26 26 */ 27 define( 'secure-file-manager', '2. 3' );27 define( 'secure-file-manager', '2.4' ); 28 28 29 29 /** -
secure-file-manager/trunk/vendor/elfinder/php/connector.minimal.php
r2239547 r2240484 1 1 <?php 2 3 require( $_SERVER['DOCUMENT_ROOT'].'/wp-load.php' ); 2 4 3 5 set_time_limit(0); // just in case it too long, not recommended for production … … 14 16 } 15 17 16 // // To Enable(true) handling of PostScript files by ImageMagick17 // // It is disabled by default as a countermeasure18 // // of Ghostscript multiple -dSAFER sandbox bypass vulnerabilities19 // // see https://www.kb.cert.org/vuls/id/33292820 // define('ELFINDER_IMAGEMAGICK_PS', true);21 // ===============================================22 23 // load composer autoload before load elFinder autoload If you need composer24 //require './vendor/autoload.php';25 26 18 // elFinder autoload 27 19 require './autoload.php'; … … 32 24 // =============================================== 33 25 34 // // Required for Dropbox network mount35 // // Installation by composer36 // // `composer require kunalvarma05/dropbox-php-sdk`37 // // Enable network mount38 // elFinder::$netDrivers['dropbox2'] = 'Dropbox2';39 // // Dropbox2 Netmount driver need next two settings. You can get at https://www.dropbox.com/developers/apps40 // // AND reuire regist redirect url to "YOUR_CONNECTOR_URL?cmd=netmount&protocol=dropbox2&host=1"41 // define('ELFINDER_DROPBOX_APPKEY', '');42 // define('ELFINDER_DROPBOX_APPSECRET', '');43 // ===============================================44 45 // // Required for Google Drive network mount46 // // Installation by composer47 // // `composer require google/apiclient:^2.0`48 // // Enable network mount49 // elFinder::$netDrivers['googledrive'] = 'GoogleDrive';50 // // GoogleDrive Netmount driver need next two settings. You can get at https://console.developers.google.com51 // // AND reuire regist redirect url to "YOUR_CONNECTOR_URL?cmd=netmount&protocol=googledrive&host=1"52 // define('ELFINDER_GOOGLEDRIVE_CLIENTID', '');53 // define('ELFINDER_GOOGLEDRIVE_CLIENTSECRET', '');54 // // Required case of without composer55 // define('ELFINDER_GOOGLEDRIVE_GOOGLEAPICLIENT', '/path/to/google-api-php-client/vendor/autoload.php');56 // ===============================================57 58 // // Required for Google Drive network mount with Flysystem59 // // Installation by composer60 // // `composer require nao-pon/flysystem-google-drive:~1.1 nao-pon/elfinder-flysystem-driver-ext`61 // // Enable network mount62 // elFinder::$netDrivers['googledrive'] = 'FlysystemGoogleDriveNetmount';63 // // GoogleDrive Netmount driver need next two settings. You can get at https://console.developers.google.com64 // // AND reuire regist redirect url to "YOUR_CONNECTOR_URL?cmd=netmount&protocol=googledrive&host=1"65 // define('ELFINDER_GOOGLEDRIVE_CLIENTID', '');66 // define('ELFINDER_GOOGLEDRIVE_CLIENTSECRET', '');67 // ===============================================68 69 // // Required for One Drive network mount70 // // * cURL PHP extension required71 // // * HTTP server PATH_INFO supports required72 // // Enable network mount73 // elFinder::$netDrivers['onedrive'] = 'OneDrive';74 // // GoogleDrive Netmount driver need next two settings. You can get at https://dev.onedrive.com75 // // AND reuire regist redirect url to "YOUR_CONNECTOR_URL/netmount/onedrive/1"76 // define('ELFINDER_ONEDRIVE_CLIENTID', '');77 // define('ELFINDER_ONEDRIVE_CLIENTSECRET', '');78 // ===============================================79 80 // // Required for Box network mount81 // // * cURL PHP extension required82 // // Enable network mount83 // elFinder::$netDrivers['box'] = 'Box';84 // // Box Netmount driver need next two settings. You can get at https://developer.box.com85 // // AND reuire regist redirect url to "YOUR_CONNECTOR_URL"86 // define('ELFINDER_BOX_CLIENTID', '');87 // define('ELFINDER_BOX_CLIENTSECRET', '');88 // ===============================================89 90 // // Zoho Office Editor APIKey91 // // https://www.zoho.com/docs/help/office-apis.html92 // define('ELFINDER_ZOHO_OFFICE_APIKEY', '');93 // ===============================================94 95 // // Online converter (online-convert.com) APIKey96 // // https://apiv2.online-convert.com/docs/getting_started/api_key.html97 26 // define('ELFINDER_ONLINE_CONVERT_APIKEY', ''); 98 27 define('ELFINDER_DISABLE_ONLINE_CONVERT', true); // set `true` to disable Online converter … … 328 257 $logger = new elFinderSimpleLogger('../files/temp/log.txt'); 329 258 330 331 332 $opts = array( 333 'locale' => 'en_US.UTF-8', 334 'bind' => array( 335 // '*' => 'logger', 336 'mkdir mkfile rename duplicate upload rm paste' => 'logger' 337 ), 338 'debug' => true, 339 'netVolumesSessionKey' => 'netVolumes', 340 'roots' => array( 341 array( 342 'driver' => 'LocalFileSystem', 343 'path' => getcwd().'../../../../../../../', 344 'startPath' => getcwd().'../../../../../../../', 345 'URL' => dirname($_SERVER['PHP_SELF']) . '/../files/', 346 'trashHash' => 't1_Lw', // elFinder's hash of trash folder 347 'winHashFix' => DIRECTORY_SEPARATOR !== '/', // to make hash same to Linux one on windows too 348 // 'treeDeep' => 3, 349 // 'alias' => 'File system', 350 'mimeDetect' => 'internal', 351 'tmbPath' => '.tmb', 352 'utf8fix' => true, 353 'tmbCrop' => false, 354 'tmbBgColor' => 'transparent', 355 'accessControl' => 'access', 356 'acceptedName' => '/^[^\.].*$/', 357 // 'disabled' => array('extract', 'archive'), 358 // 'tmbSize' => 128, 359 'attributes' => array( 360 array( 361 'pattern' => '/\.js$/', 362 'read' => true, 363 'write' => false 259 function runConnector() { 260 261 $opts = array( 262 'locale' => 'en_US.UTF-8', 263 'bind' => array( 264 // '*' => 'logger', 265 'mkdir mkfile rename duplicate upload rm paste' => 'logger' 266 ), 267 'debug' => true, 268 'netVolumesSessionKey' => 'netVolumes', 269 'roots' => array( 270 array( 271 'driver' => 'LocalFileSystem', 272 'path' => getcwd().'../../../../../../../', 273 'startPath' => getcwd().'../../../../../../../', 274 'URL' => dirname($_SERVER['PHP_SELF']) . '/../files/', 275 'trashHash' => 't1_Lw', // elFinder's hash of trash folder 276 'winHashFix' => DIRECTORY_SEPARATOR !== '/', // to make hash same to Linux one on windows too 277 // 'treeDeep' => 3, 278 // 'alias' => 'File system', 279 'mimeDetect' => 'internal', 280 'tmbPath' => '.tmb', 281 'utf8fix' => true, 282 'tmbCrop' => false, 283 'tmbBgColor' => 'transparent', 284 'accessControl' => 'access', 285 'acceptedName' => '/^[^\.].*$/', 286 // 'disabled' => array('extract', 'archive'), 287 // 'tmbSize' => 128, 288 'attributes' => array( 289 array( 290 'pattern' => '/\.js$/', 291 'read' => true, 292 'write' => false 293 ), 294 array( 295 'pattern' => '/^\/icons$/', 296 'read' => true, 297 'write' => false 298 ) 364 299 ), 365 array( 366 'pattern' => '/^\/icons$/', 367 'read' => true, 368 'write' => false 369 ) 300 'uploadDeny' => array('all'), // All Mimetypes not allowed to upload 301 'uploadAllow' => array('image/x-ms-bmp', 'image/gif', 'image/jpeg', 'image/png', 'image/x-icon', 'text/plain', 'text/x-php', 'application/zip', 'application/pdf', 'text/css'), // Mimetype `image` and `text/plain` allowed to upload 302 'uploadOrder' => array('deny', 'allow'), // allowed Mimetype `image` and `text/plain` only 370 303 ), 371 'uploadDeny' => array('all'), // All Mimetypes not allowed to upload 372 'uploadAllow' => array('image/x-ms-bmp', 'image/gif', 'image/jpeg', 'image/png', 'image/x-icon', 'text/plain', 'text/x-php', 'application/zip', 'application/pdf', 'text/css'), // Mimetype `image` and `text/plain` allowed to upload 373 'uploadOrder' => array('deny', 'allow'), // allowed Mimetype `image` and `text/plain` only 374 ), 375 // Trash volume 376 array( 377 'id' => '1', 378 'driver' => 'Trash', 379 'path' => '../files/.trash/', 380 'tmbURL' => dirname($_SERVER['PHP_SELF']) . '/../files/.trash/.tmb/', 381 'winHashFix' => DIRECTORY_SEPARATOR !== '/', // to make hash same to Linux one on windows too 382 'uploadDeny' => array('all'), // Recomend the same settings as the original volume that uses the trash 383 'uploadAllow' => array('image/x-ms-bmp', 'image/gif', 'image/jpeg', 'image/png', 'image/x-icon', 'text/plain', 'text/x-php', 'application/zip'), // Same as above 384 'uploadOrder' => array('deny', 'allow'), // Same as above 385 'accessControl' => 'access', // Same as above 386 ), 387 // array( 388 // 'driver' => 'LocalFileSystem', 389 // 'path' => '../files2/', 390 // // 'URL' => dirname($_SERVER['PHP_SELF']) . '/../files2/', 391 // 'alias' => 'File system', 392 // 'winHashFix' => DIRECTORY_SEPARATOR !== '/', // to make hash same to Linux one on windows too 393 // 'mimeDetect' => 'internal', 394 // 'tmbPath' => '.tmb', 395 // 'utf8fix' => true, 396 // 'tmbCrop' => false, 397 // 'startPath' => '../files/test', 398 // // 'separator' => ':', 399 // 'attributes' => array( 400 // array( 401 // 'pattern' => '~/\.~', 402 // // 'pattern' => '/^\/\./', 403 // 'read' => false, 404 // 'write' => false, 405 // 'hidden' => true, 406 // 'locked' => false 407 // ), 408 // array( 409 // 'pattern' => '~/replace/.+png$~', 410 // // 'pattern' => '/^\/\./', 411 // 'read' => false, 412 // 'write' => false, 413 // // 'hidden' => true, 414 // 'locked' => true 415 // ) 416 // ), 417 // // 'defaults' => array('read' => false, 'write' => true) 418 // ), 419 420 // array( 421 // 'driver' => 'FTP', 422 // 'host' => '192.168.1.38', 423 // 'user' => 'dio', 424 // 'pass' => 'hane', 425 // 'path' => '/Users/dio/Documents', 426 // 'tmpPath' => '../files/ftp', 427 // 'utf8fix' => true, 428 // 'attributes' => array( 429 // array( 430 // 'pattern' => '~/\.~', 431 // 'read' => false, 432 // 'write' => false, 433 // 'hidden' => true, 434 // 'locked' => false 435 // ), 436 // 437 // ) 438 // ), 439 //array( 440 // 'driver' => 'FTP', 441 // 'host' => 'work.std42.ru', 442 // 'user' => 'dio', 443 // 'pass' => 'wallrus', 444 // 'path' => '/', 445 // 'tmpPath' => '../files/ftp', 446 //), 447 // array( 448 // 'driver' => 'FTP', 449 // 'host' => '10.0.1.3', 450 // 'user' => 'frontrow', 451 // 'pass' => 'frontrow', 452 // 'path' => '/', 453 // 'tmpPath' => '../files/ftp', 454 // ), 455 456 // array( 457 // 'driver' => 'LocalFileSystem', 458 // 'path' => '../files2/', 459 // 'URL' => dirname($_SERVER['PHP_SELF']) . '/../files2/', 460 // 'winHashFix' => DIRECTORY_SEPARATOR !== '/', // to make hash same to Linux one on windows too 461 // 'alias' => 'Files', 462 // 'mimeDetect' => 'internal', 463 // 'tmbPath' => '.tmb', 464 // // 'copyOverwrite' => false, 465 // 'utf8fix' => true, 466 // 'attributes' => array( 467 // array( 468 // 'pattern' => '~/\.~', 469 // // 'pattern' => '/^\/\./', 470 // // 'read' => false, 471 // // 'write' => false, 472 // 'hidden' => true, 473 // 'locked' => false 474 // ), 475 // ) 476 // ), 477 478 // array( 479 // 'driver' => 'MySQL', 480 // 'path' => 1, 481 // // 'treeDeep' => 2, 482 // // 'socket' => '/opt/local/var/run/mysql5/mysqld.sock', 483 // 'user' => 'root', 484 // 'pass' => 'hane', 485 // 'db' => 'elfinder', 486 // 'user_id' => 1, 487 // // 'accessControl' => 'access', 488 // // 'separator' => ':', 489 // 'tmbCrop' => true, 490 // // thumbnails background color (hex #rrggbb or 'transparent') 491 // 'tmbBgColor' => '#000000', 492 // 'files_table' => 'elfinder_file', 493 // // 'imgLib' => 'imagick', 494 // // 'uploadOverwrite' => false, 495 // // 'copyTo' => false, 496 // // 'URL' => 'http://localhost/git/elfinder', 497 // 'tmpPath' => '../filesdb/tmp', 498 // 'tmbPath' => '../filesdb/tmb', 499 // 'tmbURL' => dirname($_SERVER['PHP_SELF']) . '/../filesdb/tmb/', 500 // // 'attributes' => array( 501 // // array(), 502 // // array( 503 // // 'pattern' => '/\.jpg$/', 504 // // 'read' => false, 505 // // 'write' => false, 506 // // 'locked' => true, 507 // // 'hidden' => true 508 // // ) 509 // // ) 510 // 511 // ) 512 ) 513 514 ); 515 516 517 518 // sleep(3); 519 header('Access-Control-Allow-Origin: *'); 520 $connector = new elFinderConnector(new elFinder($opts), true); 521 $connector->run(); 304 // Trash volume 305 array( 306 'id' => '1', 307 'driver' => 'Trash', 308 'path' => '../files/.trash/', 309 'tmbURL' => dirname($_SERVER['PHP_SELF']) . '/../files/.trash/.tmb/', 310 'winHashFix' => DIRECTORY_SEPARATOR !== '/', // to make hash same to Linux one on windows too 311 'uploadDeny' => array('all'), // Recomend the same settings as the original volume that uses the trash 312 'uploadAllow' => array('image/x-ms-bmp', 'image/gif', 'image/jpeg', 'image/png', 'image/x-icon', 'text/plain', 'text/x-php', 'application/zip'), // Same as above 313 'uploadOrder' => array('deny', 'allow'), // Same as above 314 'accessControl' => 'access', // Same as above 315 ), 316 317 ) 318 319 ); 320 321 // sleep(3); 322 header('Access-Control-Allow-Origin: *'); 323 $connector = new elFinderConnector(new elFinder($opts), true); 324 $connector->run(); 325 326 } 327 328 if ( wp_validate_auth_cookie() ){ 329 runConnector(); 330 } 522 331 523 332 // echo '<pre>';
Note: See TracChangeset
for help on using the changeset viewer.