|
|
@@ -38,18 +38,83 @@
|
|
|
exit;
|
|
|
}
|
|
|
|
|
|
-//get the file name
|
|
|
+//get the directory
|
|
|
+ if (!isset($_SESSION)) { session_start(); }
|
|
|
+ switch ($_SESSION["app"]["edit"]["dir"]) {
|
|
|
+ case 'scripts':
|
|
|
+ $edit_directory = $_SESSION['switch']['scripts']['dir'];
|
|
|
+ break;
|
|
|
+ case 'php':
|
|
|
+ $edit_directory = $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH;
|
|
|
+ break;
|
|
|
+ case 'grammer':
|
|
|
+ $edit_directory = $_SESSION['switch']['grammar']['dir'];
|
|
|
+ break;
|
|
|
+ case 'provision':
|
|
|
+ switch (PHP_OS) {
|
|
|
+ case "Linux":
|
|
|
+ if (file_exists('/etc/fusionpbx/resources/templates/provision')) {
|
|
|
+ $edit_directory = '/etc/fusionpbx/resources/templates/provision';
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ $edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
|
|
+ }
|
|
|
+ break;
|
|
|
+ case "FreeBSD":
|
|
|
+ if (file_exists('/usr/local/etc/fusionpbx/resources/templates/provision')) {
|
|
|
+ $edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ $edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
|
|
+ }
|
|
|
+ break;
|
|
|
+ case "NetBSD":
|
|
|
+ $edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
|
|
+ break;
|
|
|
+ case "OpenBSD":
|
|
|
+ $edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
|
|
+ break;
|
|
|
+ default:
|
|
|
+ $edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
|
|
|
+ }
|
|
|
+ break;
|
|
|
+ case 'xml':
|
|
|
+ $edit_directory = $_SESSION['switch']['conf']['dir'];
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ if (!isset($edit_directory)) {
|
|
|
+ foreach ($_SESSION['editor']['path'] as $path) {
|
|
|
+ if ($_SESSION["app"]["edit"]["dir"] == $path) {
|
|
|
+ $edit_directory = $path;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+//set the file variable
|
|
|
$file_name = $_POST["file"];
|
|
|
+
|
|
|
+//remove attempts to change the directory
|
|
|
+ $file_name = str_replace('..', '', $file_name);
|
|
|
$file_name = str_replace ("\\", "/", $file_name);
|
|
|
|
|
|
-//get the contents of the file
|
|
|
- $handle = fopen($file_name, "r");
|
|
|
- if ($handle) {
|
|
|
- while (!feof($handle)) {
|
|
|
- $buffer = fgets($handle, 4096);
|
|
|
- echo $buffer;
|
|
|
+//break the path into an array
|
|
|
+ $path_array = pathinfo($file_name);
|
|
|
+ $path_prefix = substr($path_array['dirname'], 0, strlen($edit_directory));
|
|
|
+
|
|
|
+//validate the path
|
|
|
+ if ($path_prefix == $edit_directory) {
|
|
|
+
|
|
|
+ //get the contents of the file
|
|
|
+ $handle = fopen($file_name, "r");
|
|
|
+ if ($handle) {
|
|
|
+ while (!feof($handle)) {
|
|
|
+ $buffer = fgets($handle, 4096);
|
|
|
+ echo $buffer;
|
|
|
+ }
|
|
|
+ fclose($handle);
|
|
|
}
|
|
|
- fclose($handle);
|
|
|
+
|
|
|
}
|
|
|
|
|
|
?>
|
FusionPBX