elFinderConnector.class.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380
  1. <?php
  2. /**
  3. * Default elFinder connector
  4. *
  5. * @author Dmitry (dio) Levashov
  6. **/
  7. class elFinderConnector
  8. {
  9. /**
  10. * elFinder instance
  11. *
  12. * @var elFinder
  13. **/
  14. protected $elFinder;
  15. /**
  16. * Options
  17. *
  18. * @var array
  19. **/
  20. protected $options = array();
  21. /**
  22. * Must be use output($data) $data['header']
  23. *
  24. * @var string
  25. * @deprecated
  26. **/
  27. protected $header = '';
  28. /**
  29. * HTTP request method
  30. *
  31. * @var string
  32. */
  33. protected $reqMethod = '';
  34. /**
  35. * Content type of output JSON
  36. *
  37. * @var string
  38. */
  39. protected static $contentType = 'Content-Type: application/json; charset=utf-8';
  40. /**
  41. * Constructor
  42. *
  43. * @param $elFinder
  44. * @param bool $debug
  45. *
  46. * @author Dmitry (dio) Levashov
  47. */
  48. public function __construct($elFinder, $debug = false)
  49. {
  50. $this->elFinder = $elFinder;
  51. $this->reqMethod = strtoupper($_SERVER["REQUEST_METHOD"]);
  52. if ($debug) {
  53. self::$contentType = 'Content-Type: text/plain; charset=utf-8';
  54. }
  55. }
  56. /**
  57. * Execute elFinder command and output result
  58. *
  59. * @return void
  60. * @throws Exception
  61. * @author Dmitry (dio) Levashov
  62. */
  63. public function run()
  64. {
  65. $isPost = $this->reqMethod === 'POST';
  66. $src = $isPost ? array_merge($_GET, $_POST) : $_GET;
  67. $maxInputVars = (!$src || isset($src['targets'])) ? ini_get('max_input_vars') : null;
  68. if ((!$src || $maxInputVars) && $rawPostData = file_get_contents('php://input')) {
  69. // for max_input_vars and supports IE XDomainRequest()
  70. $parts = explode('&', $rawPostData);
  71. if (!$src || $maxInputVars < count($parts)) {
  72. $src = array();
  73. foreach ($parts as $part) {
  74. list($key, $value) = array_pad(explode('=', $part), 2, '');
  75. $key = rawurldecode($key);
  76. if (preg_match('/^(.+?)\[([^\[\]]*)\]$/', $key, $m)) {
  77. $key = $m[1];
  78. $idx = $m[2];
  79. if (!isset($src[$key])) {
  80. $src[$key] = array();
  81. }
  82. if ($idx) {
  83. $src[$key][$idx] = rawurldecode($value);
  84. } else {
  85. $src[$key][] = rawurldecode($value);
  86. }
  87. } else {
  88. $src[$key] = rawurldecode($value);
  89. }
  90. }
  91. $_POST = $this->input_filter($src);
  92. $_REQUEST = $this->input_filter(array_merge_recursive($src, $_REQUEST));
  93. }
  94. }
  95. if (isset($src['targets']) && $this->elFinder->maxTargets && count($src['targets']) > $this->elFinder->maxTargets) {
  96. $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_MAX_TARGTES)));
  97. }
  98. $cmd = isset($src['cmd']) ? $src['cmd'] : '';
  99. $args = array();
  100. if (!function_exists('json_encode')) {
  101. $error = $this->elFinder->error(elFinder::ERROR_CONF, elFinder::ERROR_CONF_NO_JSON);
  102. $this->output(array('error' => '{"error":["' . implode('","', $error) . '"]}', 'raw' => true));
  103. }
  104. if (!$this->elFinder->loaded()) {
  105. $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_CONF, elFinder::ERROR_CONF_NO_VOL), 'debug' => $this->elFinder->mountErrors));
  106. }
  107. // telepat_mode: on
  108. if (!$cmd && $isPost) {
  109. $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_UPLOAD, elFinder::ERROR_UPLOAD_TOTAL_SIZE), 'header' => 'Content-Type: text/html'));
  110. }
  111. // telepat_mode: off
  112. if (!$this->elFinder->commandExists($cmd)) {
  113. $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_UNKNOWN_CMD)));
  114. }
  115. // collect required arguments to exec command
  116. $hasFiles = false;
  117. foreach ($this->elFinder->commandArgsList($cmd) as $name => $req) {
  118. if ($name === 'FILES') {
  119. if (isset($_FILES)) {
  120. $hasFiles = true;
  121. } elseif ($req) {
  122. $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_INV_PARAMS, $cmd)));
  123. }
  124. } else {
  125. $arg = isset($src[$name]) ? $src[$name] : '';
  126. if (!is_array($arg) && $req !== '') {
  127. $arg = trim($arg);
  128. }
  129. if ($req && $arg === '') {
  130. $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_INV_PARAMS, $cmd)));
  131. }
  132. $args[$name] = $arg;
  133. }
  134. }
  135. $args['debug'] = isset($src['debug']) ? !!$src['debug'] : false;
  136. $args = $this->input_filter($args);
  137. if ($hasFiles) {
  138. $args['FILES'] = $_FILES;
  139. }
  140. try {
  141. $this->output($this->elFinder->exec($cmd, $args));
  142. } catch (elFinderAbortException $e) {
  143. // connection aborted
  144. // unlock session data for multiple access
  145. $this->elFinder->getSession()->close();
  146. // HTTP response code
  147. header('HTTP/1.0 204 No Content');
  148. // clear output buffer
  149. while (ob_get_level() && ob_end_clean()) {
  150. }
  151. exit();
  152. }
  153. }
  154. /**
  155. * Sets the header.
  156. *
  157. * @param array|string $value HTTP header(s)
  158. */
  159. public function setHeader($value)
  160. {
  161. $this->header = $value;
  162. }
  163. /**
  164. * Output json
  165. *
  166. * @param array data to output
  167. *
  168. * @return void
  169. * @throws elFinderAbortException
  170. * @author Dmitry (dio) Levashov
  171. */
  172. protected function output(array $data)
  173. {
  174. // unlock session data for multiple access
  175. $this->elFinder->getSession()->close();
  176. // client disconnect should abort
  177. ignore_user_abort(false);
  178. if ($this->header) {
  179. self::sendHeader($this->header);
  180. }
  181. if (isset($data['pointer'])) {
  182. // set time limit to 0
  183. elFinder::extendTimeLimit(0);
  184. // send optional header
  185. if (!empty($data['header'])) {
  186. self::sendHeader($data['header']);
  187. }
  188. // clear output buffer
  189. while (ob_get_level() && ob_end_clean()) {
  190. }
  191. $toEnd = true;
  192. $fp = $data['pointer'];
  193. $sendData = !($this->reqMethod === 'HEAD' || !empty($data['info']['xsendfile']));
  194. $psize = null;
  195. if (($this->reqMethod === 'GET' || !$sendData)
  196. && (elFinder::isSeekableStream($fp) || elFinder::isSeekableUrl($fp))
  197. && (array_search('Accept-Ranges: none', headers_list()) === false)) {
  198. header('Accept-Ranges: bytes');
  199. if (!empty($_SERVER['HTTP_RANGE'])) {
  200. $size = $data['info']['size'];
  201. $end = $size - 1;
  202. if (preg_match('/bytes=(\d*)-(\d*)(,?)/i', $_SERVER['HTTP_RANGE'], $matches)) {
  203. if (empty($matches[3])) {
  204. if (empty($matches[1]) && $matches[1] !== '0') {
  205. $start = $size - $matches[2];
  206. } else {
  207. $start = intval($matches[1]);
  208. if (!empty($matches[2])) {
  209. $end = intval($matches[2]);
  210. if ($end >= $size) {
  211. $end = $size - 1;
  212. }
  213. $toEnd = ($end == ($size - 1));
  214. }
  215. }
  216. $psize = $end - $start + 1;
  217. header('HTTP/1.1 206 Partial Content');
  218. header('Content-Length: ' . $psize);
  219. header('Content-Range: bytes ' . $start . '-' . $end . '/' . $size);
  220. // Apache mod_xsendfile dose not support range request
  221. if (isset($data['info']['xsendfile']) && strtolower($data['info']['xsendfile']) === 'x-sendfile') {
  222. if (function_exists('header_remove')) {
  223. header_remove($data['info']['xsendfile']);
  224. } else {
  225. header($data['info']['xsendfile'] . ':');
  226. }
  227. unset($data['info']['xsendfile']);
  228. if ($this->reqMethod !== 'HEAD') {
  229. $sendData = true;
  230. }
  231. }
  232. $sendData && !elFinder::isSeekableUrl($fp) && fseek($fp, $start);
  233. }
  234. }
  235. }
  236. if ($sendData && is_null($psize)) {
  237. elFinder::rewind($fp);
  238. }
  239. } else {
  240. header('Accept-Ranges: none');
  241. if (isset($data['info']) && !$data['info']['size']) {
  242. if (function_exists('header_remove')) {
  243. header_remove('Content-Length');
  244. } else {
  245. header('Content-Length:');
  246. }
  247. }
  248. }
  249. if ($sendData) {
  250. if ($toEnd || elFinder::isSeekableUrl($fp)) {
  251. // PHP < 5.6 has a bug of fpassthru
  252. // see https://bugs.php.net/bug.php?id=66736
  253. if (version_compare(PHP_VERSION, '5.6', '<')) {
  254. file_put_contents('php://output', $fp);
  255. } else {
  256. fpassthru($fp);
  257. }
  258. } else {
  259. $out = fopen('php://output', 'wb');
  260. stream_copy_to_stream($fp, $out, $psize);
  261. fclose($out);
  262. }
  263. }
  264. if (!empty($data['volume'])) {
  265. $data['volume']->close($fp, $data['info']['hash']);
  266. } else {
  267. fclose($fp);
  268. }
  269. exit();
  270. } else {
  271. self::outputJson($data);
  272. exit(0);
  273. }
  274. }
  275. /**
  276. * Remove null & stripslashes applies on "magic_quotes_gpc"
  277. *
  278. * @param mixed $args
  279. *
  280. * @return mixed
  281. * @author Naoki Sawada
  282. */
  283. protected function input_filter($args)
  284. {
  285. static $magic_quotes_gpc = NULL;
  286. if ($magic_quotes_gpc === NULL)
  287. $magic_quotes_gpc = (version_compare(PHP_VERSION, '5.4', '<') && get_magic_quotes_gpc());
  288. if (is_array($args)) {
  289. return array_map(array(& $this, 'input_filter'), $args);
  290. }
  291. $res = str_replace("\0", '', $args);
  292. $magic_quotes_gpc && ($res = stripslashes($res));
  293. return $res;
  294. }
  295. /**
  296. * Send HTTP header
  297. *
  298. * @param string|array $header optional header
  299. */
  300. protected static function sendHeader($header = null)
  301. {
  302. if ($header) {
  303. if (is_array($header)) {
  304. foreach ($header as $h) {
  305. header($h);
  306. }
  307. } else {
  308. header($header);
  309. }
  310. }
  311. }
  312. /**
  313. * Output JSON
  314. *
  315. * @param array $data
  316. */
  317. public static function outputJson($data)
  318. {
  319. // send header
  320. $header = isset($data['header']) ? $data['header'] : self::$contentType;
  321. self::sendHeader($header);
  322. unset($data['header']);
  323. if (!empty($data['raw']) && isset($data['error'])) {
  324. $out = $data['error'];
  325. } else {
  326. if (isset($data['debug']) && isset($data['debug']['backendErrors'])) {
  327. $data['debug']['backendErrors'] = array_merge($data['debug']['backendErrors'], elFinder::$phpErrors);
  328. }
  329. $out = json_encode($data);
  330. }
  331. // clear output buffer
  332. while (ob_get_level() && ob_end_clean()) {
  333. }
  334. header('Content-Length: ' . strlen($out));
  335. echo $out;
  336. flush();
  337. }
  338. }// END class