*** dir.php 2008-05-08 01:38:06.000000000 +0200 --- dir.modified.php 2007-11-14 10:52:47.992541972 +0100 *************** *** 31,37 **** $del = getRequestVar('del'); $down = getRequestVar('down'); $tar = getRequestVar('tar'); ! $dir = stripslashes(urldecode(getRequestVar('dir'))); if (strpos(stripslashes($dir),"../")===false) {} else {echo "Can't go to parent directories!";exit;} // Are we to delete something? --- 31,39 ---- $del = getRequestVar('del'); $down = getRequestVar('down'); $tar = getRequestVar('tar'); ! //$dir = stripslashes(urldecode(getRequestVar('dir'))); ! $dir = stripslashes(getRequestVar('dir')); ! $dir = html_entity_decode($dir, ENT_QUOTES); if (strpos(stripslashes($dir),"../")===false) {} else {echo "Can't go to parent directories!";exit;} // Are we to delete something? *************** *** 52,57 **** --- 54,60 ---- // "test/tester's file/test.txt" $del = stripslashes(stripslashes($del)); + $del = html_entity_decode($del, ENT_QUOTES); if (!ereg("(\.\.\/)", $del)) { *************** *** 75,81 **** AuditAction($cfg["constants"]["error"], "ILLEGAL DELETE: ".$cfg['user']." tried to delete ".$del); } ! header("Location: dir.php?dir=".urlencode($current)); } // Are we to download something? --- 78,84 ---- AuditAction($cfg["constants"]["error"], "ILLEGAL DELETE: ".$cfg['user']." tried to delete ".$del); } ! header("Location: dir.php?dir=".rawurlencode($current)); } // Are we to download something? *************** *** 92,97 **** --- 95,101 ---- // "test/tester's file/test.txt" $down = stripslashes(stripslashes($down)); + $down = html_entity_decode($down, ENT_QUOTES); if (!ereg("(\.\.\/)", $down)) { *************** *** 136,142 **** { AuditAction($cfg["constants"]["error"], "ILLEGAL DOWNLOAD: ".$cfg['user']." tried to download ".$down); } ! header("Location: dir.php?dir=".urlencode($current)); } // Are we to download something? --- 140,146 ---- { AuditAction($cfg["constants"]["error"], "ILLEGAL DOWNLOAD: ".$cfg['user']." tried to download ".$down); } ! header("Location: dir.php?dir=".rawurlencode($current)); } // Are we to download something? *************** *** 153,158 **** --- 157,163 ---- // "test/tester's file/test.txt" $tar = stripslashes(stripslashes($tar)); + $tar = html_entity_decode($tar, ENT_QUOTES); if (!ereg("(\.\.\/)", $tar)) { *************** *** 214,220 **** { AuditAction($cfg["constants"]["error"], "ILLEGAL TAR DOWNLOAD: ".$cfg['user']." tried to download ".$tar); } ! header("Location: dir.php?dir=".urlencode($current)); } if ($dir == "") --- 219,225 ---- { AuditAction($cfg["constants"]["error"], "ILLEGAL TAR DOWNLOAD: ".$cfg['user']." tried to download ".$tar); } ! header("Location: dir.php?dir=".rawurlencode($current)); } if ($dir == "") *************** *** 271,277 **** if (!file_exists($cfg["path"].$dir)) { ! echo "".htmlentities($dir)." could not be found or is not valid."; } else { --- 276,282 ---- if (!file_exists($cfg["path"].$dir)) { ! echo "".$dir." could not be found or is not valid."; } else { *************** *** 304,310 **** //get the real parentURL if (preg_match("/^(.+)\/.+$/",$dir,$matches) == 1) { ! $parentURL="dir.php?dir=" . urlencode($matches[1]); } echo ""; --- 309,315 ---- //get the real parentURL if (preg_match("/^(.+)\/.+$/",$dir,$matches) == 1) { ! $parentURL="dir.php?dir=" . rawurlencode($matches[1]); } echo "

"; *************** *** 332,350 **** { if (@is_dir($dirName.$entry)) { ! echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo "

$\"".$entry."\"$ ".$entry."			"; if ($cfg["enable_maketorrent"]) { ! echo " $\"Make$ "; } if ($cfg["enable_file_download"]) { ! echo " $\"Download$ "; } // The following lines of code were suggested by Jody Steele jmlsteele@stfu.ca --- 337,355 ---- { if (@is_dir($dirName.$entry)) { ! echo "
$\"".$entry."\"$ ".$entry."			"; if ($cfg["enable_maketorrent"]) { ! echo " $\"Make$ "; } if ($cfg["enable_file_download"]) { ! echo " $\"Download$ "; } // The following lines of code were suggested by Jody Steele jmlsteele@stfu.ca ************* * 353,360 ** // the ability to delete sub directories if(IsAdmin($cfg["user"]) \|\| preg_match("/^" . $cfg["user"] . "/",$dir)) { ! echo " $\""._DELETE."\"$ "; ! echo ""; } else { --- 358,365 ---- // the ability to delete sub directories if(IsAdmin($cfg["user"]) \|\| preg_match("/^" . $cfg["user"] . "/",$dir)) { ! echo " $\""._DELETE."\"$ "; ! echo ""; } else { *********** * 423,431 ** if ($cfg["enable_file_download"]) { // Yes, let them download ! echo ""; echo " $\"".$entry."\"$ "; ! echo "".$entry.""; } else { --- 428,436 ---- if ($cfg["enable_file_download"]) { // Yes, let them download ! echo ""; echo " $\"".$entry."\"$ "; ! echo "".$entry.""; } else { *********** * 441,458 ** if( $cfg["enable_view_nfo"] && (( substr( strtolower($entry), -4 ) == ".nfo" ) \|\| ( substr( strtolower($entry), -4 ) == ".txt" )) ) { ! echo " $\"View$ "; } if ($cfg["enable_maketorrent"]) { ! echo " $\"Make$ "; } if ($cfg["enable_file_download"]) { // Show the download button ! echo ""; echo " $\"Download\"$ "; echo ""; } --- 446,463 ---- if( $cfg["enable_view_nfo"] && (( substr( strtolower($entry), -4 ) == ".nfo" ) \|\| ( substr( strtolower($entry), -4 ) == ".txt" )) ) { ! echo " $\"View$ "; } if ($cfg["enable_maketorrent"]) { ! echo " $\"Make$ "; } if ($cfg["enable_file_download"]) { // Show the download button ! echo ""; echo " $\"Download\"$ "; echo ""; } *********** * 463,470 **** // the ability to delete files if(IsAdmin($cfg["user"]) \|\| preg_match("/^" . $cfg["user"] . "/",$dir)) { ! echo " $\""._DELETE."\"$ "; ! echo ""; } else { --- 468,475 ---- // the ability to delete files if(IsAdmin($cfg["user"]) \|\| preg_match("/^" . $cfg["user"] . "/",$dir)) { ! echo " $\""._DELETE."\"$ "; ! echo ""; } else {