From a9c0b38711aa90963beb88fb1b69de734901efb2 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Sun, 19 Jul 2020 17:24:42 +0200 Subject: [PATCH] Switch FileManager from ftp to sftp --- var/www/html/files.php | 135 ++++++++++++++--------------------------- 1 file changed, 45 insertions(+), 90 deletions(-) diff --git a/var/www/html/files.php b/var/www/html/files.php index 109f759..9a2ac35 100644 --- a/var/www/html/files.php +++ b/var/www/html/files.php @@ -9,11 +9,12 @@ if(empty($_SESSION['ftp_pass'])){ send_login(); exit; } -$ftp=ftp_connect('127.0.0.1') or die ('No Connection to FTP server!'); -if(@!ftp_login($ftp, $user[system_account], $_SESSION['ftp_pass'])){ +$ssh=ssh2_connect('127.0.0.1') or die ('No Connection to SFTP server!'); +if(@!ssh2_auth_password($ssh, $user[system_account], $_SESSION['ftp_pass'])){ send_login(); exit; } +$sftp = ssh2_sftp($ssh); //prepare reusable data const TYPES=[ 'jpg'=>'img', @@ -97,9 +98,9 @@ if(!empty($_REQUEST['path'])){ }else{ $dir='/www/'; } -if(@!ftp_chdir($ftp, $dir)){ +if(!is_dir("ssh2.sftp://$sftp$dir")){ $dir=rtrim($dir, '/'); - if(@ftp_fget($ftp, $tmpfile=tmpfile(), $dir, FTP_BINARY)){ + if($tmpfile = @fopen("ssh2.sftp://$sftp$dir", 'r')){ //output file header('Content-Type: ' . mime_content_type($tmpfile)); header('Content-Disposition: filename="'.basename($dir).'"'); @@ -111,6 +112,7 @@ if(@!ftp_chdir($ftp, $dir)){ while (($buffer = fgets($tmpfile, 4096)) !== false) { echo $buffer; } + fclose($tmpfile); }else{ send_not_found(); } @@ -122,17 +124,14 @@ if(!empty($_POST['mkdir']) && !empty($_POST['name'])){ if($error=check_csrf_error()){ die($error); } - ftp_mkdir($ftp, $_POST['name']); + ssh2_sftp_mkdir($sftp, "$dir/$_POST[name]", 0750); } if(!empty($_POST['mkfile']) && !empty($_POST['name'])){ if($error=check_csrf_error()){ die($error); } - $tmpfile='/tmp/'.uniqid(); - touch($tmpfile); - @ftp_put($ftp, $_POST['name'], $tmpfile, FTP_BINARY); - unlink($tmpfile); + file_put_contents("ssh2.sftp://$sftp$dir$_POST[name]", ''); } if(!empty($_POST['delete']) && !empty($_POST['files'])){ @@ -140,7 +139,7 @@ if(!empty($_POST['delete']) && !empty($_POST['files'])){ die($error); } foreach($_POST['files'] as $file){ - ftp_recursive_delete($ftp, $file); + sftp_recursive_delete($sftp, $dir, $file); } } @@ -149,7 +148,7 @@ if(!empty($_POST['rename_2']) && !empty($_POST['files'])){ die($error); } foreach($_POST['files'] as $old=>$new){ - @ftp_rename($ftp, $old, $new); + @ssh2_sftp_rename($sftp, "$dir/$old", "$dir/$new"); } } @@ -165,19 +164,16 @@ if(!empty($_POST['edit_2']) && !empty($_POST['files'])){ if($error=check_csrf_error()){ die($error); } - $tmpfile='/tmp/'.uniqid(); foreach($_POST['files'] as $name=>$content){ - file_put_contents($tmpfile, $content); - @ftp_put($ftp, $name, $tmpfile, FTP_BINARY); + file_put_contents("ssh2.sftp://$sftp$dir/$name", $content); } - unlink($tmpfile); } if(!empty($_POST['edit']) && !empty($_POST['files'])){ if($error=check_csrf_error()){ die($error); } - send_edit($ftp, $dir); + send_edit($sftp, $dir); exit; } @@ -185,36 +181,11 @@ if(!empty($_POST['unzip']) && !empty($_POST['files'])){ if($error=check_csrf_error()){ die($error); } - $zip = new ZipArchive(); foreach($_POST['files'] as $file){ if(!preg_match('/\.zip$/', $file)){ continue; } - $tmpfile='/tmp/'.uniqid().'.zip'; - if(@!ftp_get($ftp, $tmpfile, $file, FTP_BINARY)){ - continue; - } - //prevent zip-bombs - $size=0; - $resource=zip_open($tmpfile); - if(!is_resource($resource)){ - unlink($tmpfile); - continue; - } - while($dir_resource=zip_read($resource)) { - $size+=zip_entry_filesize($dir_resource); - } - zip_close($resource); - if($size<=1073741824){ //1GB limit - $zip->open($tmpfile); - $tmpdir='/tmp/'.uniqid().'/'; - mkdir($tmpdir); - $zip->extractTo($tmpdir); - ftp_recursive_upload($ftp, $tmpdir); - rmdir($tmpdir); - $zip->close(); - } - unlink($tmpfile); + ssh2_exec($ssh, 'cd '. escapeshellarg($dir) . ' && /usr/bin/unzip -qo ' . escapeshellarg($file)); } } @@ -226,7 +197,13 @@ if(!empty($_FILES['files'])){ $c=count($_FILES['files']['name']); for($i=0; $i<$c; ++$i){ if($_FILES['files']['error'][$i]===UPLOAD_ERR_OK){ - @ftp_put($ftp, $dir.$_FILES['files']['name'][$i], $_FILES['files']['tmp_name'][$i], FTP_BINARY); + $tmpfile = fopen($_FILES['files']['tmp_name'][$i], 'r'); + $upload = @fopen("ssh2.sftp://$sftp$dir/".$_FILES['files']['name'][$i], 'w'); + while($buffer=fread($tmpfile, 4096)){ + fwrite($upload, $buffer); + } + fclose($upload); + fclose($tmpfile); unlink($_FILES['files']['tmp_name'][$i]); } } @@ -235,17 +212,19 @@ if(!empty($_FILES['files'])){ $files=$dirs=[]; -$list=ftp_rawlist($ftp, '.'); -if(is_array($list)){ - foreach($list as $file){ - preg_match('/^([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+(.*)$/', $file, $match); - if($match[0][0]==='d'){ - $dirs[$match[9]]=['name'=>"$match[9]/", 'mtime'=>strtotime("$match[6] $match[7] $match[8]"), 'size'=>'-']; - }else{ - $files[$match[9]]=['name'=>$match[9], 'mtime'=>ftp_mdtm($ftp, $match[9]), 'size'=>$match[5]]; - } +$dir_handle = opendir("ssh2.sftp://$sftp$dir"); +while(($file = readdir($dir_handle)) !== false){ + if(in_array($file, ['.', '..'], true)){ + continue; + } + $stat = stat("ssh2.sftp://$sftp$dir/$file"); + if(is_dir("ssh2.sftp://$sftp$dir/$file")){ + $dirs[$file]=['name'=>"$file/", 'mtime' => $stat['mtime'], 'size'=>'-']; + }else{ + $files[$file]=['name'=>$file, 'mtime' => $stat['mtime'], 'size' => $stat['size']]; } } +closedir($dir_handle); //sort our files if($sort==='M'){ @@ -382,39 +361,19 @@ function send_login(){ read()) !== false) { - if(is_dir($dir->path.$file)) { - if($file === '.' || $file === '..'){ +function sftp_recursive_delete($sftp, $dir, $file){ + if(is_dir("ssh2.sftp://$sftp$dir/$file")){ + $dir_handle = opendir("ssh2.sftp://$sftp$dir/$file"); + while(($list = readdir($dir_handle)) !== false){ + if(in_array($list, ['.', '..'], true)){ continue; } - if(@!ftp_chdir($ftp, $file)){ - ftp_mkdir($ftp, $file); - ftp_chdir($ftp, $file); - } - ftp_recursive_upload($ftp, $dir->path.$file.'/'); - ftp_chdir($ftp, '..'); - rmdir($dir->path.$file); - }else{ - @ftp_put($ftp, $file, $dir->path.$file, FTP_BINARY); - unlink($dir->path.$file); + sftp_recursive_delete($sftp, "$dir/$file", $list); } - } - $dir->close(); -} - -function ftp_recursive_delete($ftp, $file){ - if(@ftp_chdir($ftp, $file)){ - if($list = ftp_nlist($ftp, '.')){ - foreach($list as $tmp){ - ftp_recursive_delete($ftp, $tmp); - } - } - ftp_chdir($ftp, '..'); - @ftp_rmdir($ftp, $file); + closedir($dir_handle); + rmdir("ssh2.sftp://$sftp$dir/$file"); }else{ - @ftp_delete($ftp, $file); + unlink("ssh2.sftp://$sftp$dir/$file"); } } @@ -433,22 +392,18 @@ function send_rename($dir){ echo ''; } -function send_edit($ftp, $dir){ +function send_edit($sftp, $dir){ print_header('FileManager - Edit file'); echo '
'; echo ''; echo ''; echo ''; - $tmpfile='/tmp/'.uniqid(); foreach($_POST['files'] as $file){ - echo ''; } - echo ''; - } - if(file_exists($tmpfile)){ - unlink($tmpfile); } echo '
'.htmlspecialchars($file).'
'; echo '
';