WordPress.org
Get WordPress

Plugin Directory

Changeset 3058403


Ignore:
Timestamp:
03/25/2024 02:58:43 PM (2 years ago)
Author:
modalweb
Message:

V 5.2.3

Location:
file-manager-advanced/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • file-manager-advanced/trunk/application/library/js/elfinder_script.js

    r3004748 r3058403  
    1111                        height: 500,
    1212                        lang : fma_locale,
    13                         requestType: 'post',
    1413                        ui: afm_object.ui,
    1514                        commandsOptions: {

  • file-manager-advanced/trunk/application/library/php/elFinder.class.php

    r3004748 r3058403  
    18951895                    $name .= '.' . $dlres['ext'];
    18961896                    $uniqid = uniqid();
    1897                     $this->session->set('zipdl' . $uniqid, basename($path));
     1897                    if(ZEND_THREAD_SAFE){
     1898                        set_transient("zipdl$uniqid", basename($path),MINUTE_IN_SECONDS);
     1899                    } else {
     1900                        $this->session->set('zipdl' . $uniqid, basename($path));
     1901                    }
    18981902                    $result = array(
    18991903                        'zipdl' => array(
     
    19211925            }
    19221926            // data check
    1923             if (count($targets) !== 4 || ($volume = $this->volume($targets[0])) == false || !($file = $CriOS? $targets[1] : $this->session->get('zipdl' . $targets[1]))) {
     1927            if (count($targets) !== 4 ||
     1928                ($volume = $this->volume($targets[0])) == false ||
     1929                !($file = $CriOS ? $targets[1] : ( ZEND_THREAD_SAFE ? get_transient( "zipdl$targets[1]" ) : $this->session->get( 'zipdl' . $targets[1] ) ) )) {
    19241930                return array('error' => 'File not found', 'header' => $h404, 'raw' => true);
    19251931            }
    19261932            $path = $volume->getTempPath() . DIRECTORY_SEPARATOR . basename($file);
    19271933            // remove session data of "zipdl..."
    1928             $this->session->remove('zipdl' . $targets[1]);
     1934            if(ZEND_THREAD_SAFE){
     1935                delete_transient("zipdl$targets[1]");
     1936            } else {
     1937                $this->session->remove('zipdl' . $targets[1]);
     1938            }
    19291939            if (!$CriOSinit) {
    19301940                // register auto delete on shutdown
     
    22052215        }
    22062216
     2217        if (strpos($name,'..') !== false) {
     2218            return array('error' => $this->error('Invalid request', 'mkdir'));
     2219        }
     2220
    22072221        if (($volume = $this->volume($target)) == false) {
    22082222            return array('error' => $this->error(self::ERROR_MKDIR, $name, self::ERROR_TRGDIR_NOT_FOUND, '#' . $target));
     
    22172231            $mkdirs = array();
    22182232            foreach ($dirs as $dir) {
     2233                if(strpos($dir,'..') !== false){
     2234                    return array('error' => $this->error('Invalid request', 'mkdir'));
     2235                }
    22192236                $tgt =& $mkdirs;
    22202237                $_names = explode('/', trim($dir, '/'));
     
    22542271    {
    22552272        $target = $args['target'];
    2256         $name = $args['name'];
     2273        $name = str_replace('..', '', $args['name']);
    22572274
    22582275        if (($volume = $this->volume($target)) == false) {
     
    22602277        }
    22612278
    2262         return ($file = $volume->mkfile($target, $args['name'])) == false
     2279        return ($file = $volume->mkfile($target, $name)) == false
    22632280            ? array('error' => $this->error(self::ERROR_MKFILE, $name, $volume->error()))
    22642281            : array('added' => array($file));
     
    22922309        if (!($volume = $this->volume($target))) {
    22932310            return array('error' => $this->error(self::ERROR_RENAME, '#' . $target, self::ERROR_FILE_NOT_FOUND));
     2311        }
     2312        if (strpos($name,'..') !== false) {
     2313            return array('error' => $this->error('Invalid request', 'rename'));
    22942314        }
    22952315
     
    38903910        $makedir = isset($args['makedir']) ? (bool)$args['makedir'] : null;
    38913911
     3912        if(strpos($target,'..') !== false){
     3913            return array('error' => $this->error(self::ERROR_EXTRACT, '#' . $target, self::ERROR_FILE_NOT_FOUND));
     3914        }
     3915       
    38923916        if (($volume = $this->volume($target)) == false
    38933917            || ($file = $volume->file($target)) == false) {
     
    39223946        $name = isset($args['name']) ? $args['name'] : '';
    39233947
     3948        if(strpos($name,'..') !== false){
     3949            return $this->error('Invalid Request.', self::ERROR_TRGDIR_NOT_FOUND);
     3950        }
     3951
    39243952        $targets = array_filter($targets, array($this, 'volume'));
    39253953        if (!$targets || ($volume = $this->volume($targets[0])) === false) {
     
    39283956
    39293957        foreach ($targets as $target) {
     3958            $explodedStr = explode('l1_', $target);
     3959            $targetFolderName = base64_decode($explodedStr[1]);
     3960            if(strpos($targetFolderName,'..') !== false){
     3961                return $this->error('Invalid Request.', self::ERROR_TRGDIR_NOT_FOUND);
     3962            }
    39303963            $this->itemLock($target);
    39313964        }

  • file-manager-advanced/trunk/application/library/php/elFinderVolumeDriver.class.php

    r3026923 r3058403  
    22652265            return $this->setError(elFinder::ERROR_PERM_DENIED);
    22662266        }
     2267        if (substr($name, 0, 1) === '/' || substr($name, 0, 1) === '\\') {
     2268            return $this->setError(elFinder::ERROR_INVALID_DIRNAME);
     2269        }
    22672270
    22682271        $dst = $this->joinPathCE($path, $name);
     
    23002303        if (!$this->nameAccepted($name, false)) {
    23012304            return $this->setError(elFinder::ERROR_INVALID_NAME);
     2305        }
     2306        if (substr($name, 0, 1) === '/' || substr($name, 0, 1) === '\\') {
     2307            return $this->setError(elFinder::ERROR_INVALID_DIRNAME);
    23022308        }
    23032309
     
    34693475            $tempPath = str_replace('/', DIRECTORY_SEPARATOR, $tempPath);
    34703476        }
    3471         return $tempPath;
     3477        if(opendir($tempPath)){
     3478            return $tempPath;
     3479        } else if (defined( 'WP_TEMP_DIR' )) {
     3480            return get_temp_dir();
     3481        } else {
     3482            $custom_temp_path = WP_CONTENT_DIR.'/temp';
     3483            if (!is_dir($custom_temp_path)) {
     3484                mkdir($custom_temp_path, 0777, true);
     3485            }
     3486            return $custom_temp_path;
     3487        }
    34723488    }
    34733489
     
    39503966            // replace HTML safe base64 to normal
    39513967            $h = base64_decode(strtr($h, '-_.', '+/='));
    3952             /**
    3953              * Logic to fix directory Traversal - Modal Web
    3954              */
    3955             $h = str_replace('..', '', $h);
    39563968            // TODO uncrypt hash and return path
    39573969            $path = $this->uncrypt($h);

  • file-manager-advanced/trunk/constants.php

    r3026923 r3058403  
    55 */
    66if ( !defined('FMA_VERSION') ) {
    7    define('FMA_VERSION', '5.2.2');
     7   define('FMA_VERSION', '5.2.3');
    88}
    99/**

  • file-manager-advanced/trunk/file_manager_advanced.php

    r3026923 r3058403  
    55  Description: Cpanel for files management in wordpress
    66  Author: modalweb
    7   Version: 5.2.2
     7  Version: 5.2.3
    88  Author URI: https://advancedfilemanager.com
    99  License: GPLv2

  • file-manager-advanced/trunk/readme.txt

    r3026923 r3058403  
    33Tags: file manager, wordpress file manager, wp file manager, file manager pro, document management,file-manager, wp-filemanager, elfinder, wp-file-manager, ftp, filemanager
    44Requires at least: 4.0
    5 Tested up to: 6.4.2
     5Tested up to: 6.4.3
    66Requires PHP: 7.0
    7 Stable tag: 5.2.2
     7Stable tag: 5.2.3
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    113113== Changelog ==
    114114
     115= 5.2.3 (25th Mar, 2024) =
     116
     117* Directory opening failure issue resolved.
     118* Directory Traversal issues resolved.
     119
    115120= 5.2.2 (25th Jan, 2024) =
    116121
Note: See TracChangeset for help on using the changeset viewer.