Update file_save.php
This commit is contained in:
FusionPBX
GitHub
parent
2ea4eed72c
commit
d2fcc4091c
|
|
@ -51,8 +51,72 @@
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
//run the code if file path exists
|
//get the directory
|
||||||
|
if (!isset($_SESSION)) { session_start(); }
|
||||||
|
switch ($_SESSION["app"]["edit"]["dir"]) {
|
||||||
|
case 'scripts':
|
||||||
|
$edit_directory = $_SESSION['switch']['scripts']['dir'];
|
||||||
|
break;
|
||||||
|
case 'php':
|
||||||
|
$edit_directory = $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH;
|
||||||
|
break;
|
||||||
|
case 'grammer':
|
||||||
|
$edit_directory = $_SESSION['switch']['grammar']['dir'];
|
||||||
|
break;
|
||||||
|
case 'provision':
|
||||||
|
switch (PHP_OS) {
|
||||||
|
case "Linux":
|
||||||
|
if (file_exists('/etc/fusionpbx/resources/templates/provision')) {
|
||||||
|
$edit_directory = '/etc/fusionpbx/resources/templates/provision';
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "FreeBSD":
|
||||||
|
if (file_exists('/usr/local/etc/fusionpbx/resources/templates/provision')) {
|
||||||
|
$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "NetBSD":
|
||||||
|
$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
||||||
|
break;
|
||||||
|
case "OpenBSD":
|
||||||
|
$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 'xml':
|
||||||
|
$edit_directory = $_SESSION['switch']['conf']['dir'];
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (!isset($edit_directory)) {
|
||||||
|
foreach ($_SESSION['editor']['path'] as $path) {
|
||||||
|
if ($_SESSION["app"]["edit"]["dir"] == $path) {
|
||||||
|
$edit_directory = $path;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//set the file variable
|
||||||
$file_path = $_POST["filepath"];
|
$file_path = $_POST["filepath"];
|
||||||
|
|
||||||
|
//remove attempts to change the directory
|
||||||
|
$file_path = str_replace('..', '', $file_path);
|
||||||
|
$file_path = str_replace ("\\", "/", $file_path);
|
||||||
|
|
||||||
|
//break the path into an array
|
||||||
|
$path_array = pathinfo($file_path);
|
||||||
|
$path_prefix = substr($path_array['dirname'], 0, strlen($edit_directory));
|
||||||
|
|
||||||
|
//validate the path
|
||||||
|
if ($path_prefix == $edit_directory) {
|
||||||
if ($file_path != '') {
|
if ($file_path != '') {
|
||||||
try {
|
try {
|
||||||
//save file content
|
//save file content
|
||||||
|
|
@ -78,7 +142,7 @@
|
||||||
//alert error
|
//alert error
|
||||||
echo $e->getMessage();
|
echo $e->getMessage();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue