Update filenew.php
This commit is contained in:
FusionPBX
GitHub
parent
b6be273a8a
commit
6c171fc437
|
|
@ -17,78 +17,101 @@
|
||||||
|
|
||||||
The Initial Developer of the Original Code is
|
The Initial Developer of the Original Code is
|
||||||
Mark J Crane <markjcrane@fusionpbx.com>
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
Portions created by the Initial Developer are Copyright (C) 2008-2012
|
Portions created by the Initial Developer are Copyright (C) 2008-2019
|
||||||
the Initial Developer. All Rights Reserved.
|
the Initial Developer. All Rights Reserved.
|
||||||
|
|
||||||
Contributor(s):
|
Contributor(s):
|
||||||
Mark J Crane <markjcrane@fusionpbx.com>
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
James Rose <james.o.rose@gmail.com>
|
James Rose <james.o.rose@gmail.com>
|
||||||
*/
|
*/
|
||||||
include "root.php";
|
|
||||||
require_once "resources/require.php";
|
//includes
|
||||||
require_once "resources/check_auth.php";
|
include "root.php";
|
||||||
if (permission_exists('script_editor_save')) {
|
require_once "resources/require.php";
|
||||||
//access granted
|
require_once "resources/check_auth.php";
|
||||||
}
|
|
||||||
else {
|
//check permissions
|
||||||
echo "access denied";
|
if (permission_exists('script_editor_save')) {
|
||||||
exit;
|
//access granted
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
echo "access denied";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
//add multi-lingual support
|
//add multi-lingual support
|
||||||
$language = new text;
|
$language = new text;
|
||||||
$text = $language->get();
|
$text = $language->get();
|
||||||
|
|
||||||
$folder = $_GET["folder"];
|
//handle the directory and file
|
||||||
$folder = str_replace ("\\", "/", $folder);
|
$folder = $_REQUEST["folder"];
|
||||||
if (substr($folder, -1) != "/") { $folder = $folder.'/'; }
|
$folder = str_replace ("\\", "/", $folder);
|
||||||
$file = $_GET["file"];
|
if (substr($folder, -1) != "/") { $folder = $folder.'/'; }
|
||||||
|
$file = $_REQUEST["file"];
|
||||||
|
|
||||||
if (strlen($folder) > 0 && strlen($file) > 0) {
|
//write the file or show the html form
|
||||||
//create new file
|
if (strlen($folder) > 0 && strlen($file) > 0) {
|
||||||
$handle = fopen($folder.$file, 'wb') or die("Error!!");
|
//compare the tokens
|
||||||
$content = "<?php\n\n?>";
|
$key_name = '/app/edit/file_new';
|
||||||
fwrite($handle, $content);
|
$hash = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]);
|
||||||
fclose($handle);
|
if (!hash_equals($hash, $_POST['token'])) {
|
||||||
header("Location: fileoptions.php");
|
echo "access denied";
|
||||||
}
|
exit;
|
||||||
else {
|
}
|
||||||
require_once "header.php";
|
|
||||||
|
|
||||||
echo "<br>";
|
//create new file
|
||||||
echo "<div align='left'>";
|
$handle = fopen($folder.$file, 'wb') or die("Error!!");
|
||||||
echo "<form method='get' action=''>";
|
$content = "<?php\n\n?>";
|
||||||
echo "<table>";
|
fwrite($handle, $content);
|
||||||
echo " <tr>";
|
fclose($handle);
|
||||||
echo " <td>Path:</td>";
|
header("Location: fileoptions.php");
|
||||||
echo " </tr>";
|
}
|
||||||
echo " <tr>";
|
else {
|
||||||
echo " <td>".$folder.$file."</td>";
|
|
||||||
echo " </tr>";
|
|
||||||
echo "</table>";
|
|
||||||
|
|
||||||
echo "<br />";
|
//create a token
|
||||||
|
$key_name = '/app/edit/file_new';
|
||||||
|
$_SESSION['keys'][$key_name] = bin2hex(random_bytes(32));
|
||||||
|
$_SESSION['token'] = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]);
|
||||||
|
|
||||||
echo "<table>";
|
//include the header
|
||||||
echo " <tr>";
|
require_once "header.php";
|
||||||
echo " <td>".$text['label-file-name']."</td>";
|
|
||||||
echo " </tr>";
|
|
||||||
|
|
||||||
echo " <tr>";
|
//show the content
|
||||||
echo " <td><input type='text' name='file' value=''></td>";
|
echo "<br>";
|
||||||
echo " </tr>";
|
echo "<div align='left'>";
|
||||||
|
echo "<form method='POST' action=''>";
|
||||||
|
echo "<table>";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td>Path:</td>";
|
||||||
|
echo " </tr>";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td>".$folder.$file."</td>";
|
||||||
|
echo " </tr>";
|
||||||
|
echo "</table>";
|
||||||
|
|
||||||
echo " <tr>";
|
echo "<br />";
|
||||||
echo " <td colspan='1' align='right'>";
|
|
||||||
echo " <input type='hidden' name='folder' value='$folder'>";
|
|
||||||
echo " <input type='button' value='".$text['button-back']."' onclick='history.back()'><input type='submit' value='".$text['button-new-file']."'>";
|
|
||||||
echo " </td>";
|
|
||||||
echo " </tr>";
|
|
||||||
echo "</table>";
|
|
||||||
echo "</form>";
|
|
||||||
echo "</div>";
|
|
||||||
|
|
||||||
require_once "footer.php";
|
echo "<table>";
|
||||||
}
|
echo " <tr>";
|
||||||
|
echo " <td>".$text['label-file-name']."</td>";
|
||||||
|
echo " </tr>";
|
||||||
|
|
||||||
?>
|
echo " <tr>";
|
||||||
|
echo " <td><input type='text' name='file' value=''></td>";
|
||||||
|
echo " </tr>";
|
||||||
|
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td colspan='1' align='right'>";
|
||||||
|
echo " <input type='hidden' name='folder' value='$folder'>";
|
||||||
|
echo " <input type='hidden' name='token' id='token' value='". $_SESSION['token']. "'>";
|
||||||
|
echo " <input type='button' value='".$text['button-back']."' onclick='history.back()'><input type='submit' value='".$text['button-new-file']."'>";
|
||||||
|
echo " </td>";
|
||||||
|
echo " </tr>";
|
||||||
|
echo "</table>";
|
||||||
|
echo "</form>";
|
||||||
|
echo "</div>";
|
||||||
|
|
||||||
|
require_once "footer.php";
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue