Update file_save.php

file_save.php

@@ -51,34 +51,98 @@
 		exit;
 	}
 
-//run the code if file path exists
+//get the directory
+	if (!isset($_SESSION)) { session_start(); }
+	switch ($_SESSION["app"]["edit"]["dir"]) {
+		case 'scripts':
+			$edit_directory = $_SESSION['switch']['scripts']['dir'];
+			break;
+		case 'php':
+			$edit_directory = $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH;
+			break;
+		case 'grammer':
+			$edit_directory = $_SESSION['switch']['grammar']['dir'];
+			break;
+		case 'provision':
+			switch (PHP_OS) {
+				case "Linux":
+					if (file_exists('/etc/fusionpbx/resources/templates/provision')) {
+						$edit_directory = '/etc/fusionpbx/resources/templates/provision';
+					}
+					else {
+						$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+					}
+					break;
+				case "FreeBSD":
+					if (file_exists('/usr/local/etc/fusionpbx/resources/templates/provision')) {
+						$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+					}
+					else {
+						$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+					}
+					break;
+				case "NetBSD":
+					$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+					break;
+				case "OpenBSD":
+					$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+					break;
+				default:
+					$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+			}
+			break;
+		case 'xml':
+			$edit_directory = $_SESSION['switch']['conf']['dir'];
+			break;
+	}
+	if (!isset($edit_directory)) {
+		foreach ($_SESSION['editor']['path'] as $path) {
+			if ($_SESSION["app"]["edit"]["dir"] == $path) {
+				$edit_directory = $path;
+				break;
+			}
+		}
+	}
+
+//set the file variable
 	$file_path = $_POST["filepath"];
-	if ($file_path != '') {
-		try {
-			//save file content
-				$file_path = realpath($file_path);
-				$file_path = str_replace ('//', '/', $file_path);
-				$file_path = str_replace ("\\", "/", $file_path);
-				if (file_exists($file_path)) {
-					$handle = fopen($file_path, 'wb');
-					if (!$handle) {
-						throw new Exception('Write Failed - Check File Owner & Permissions');
+
+//remove attempts to change the directory
+	$file_path = str_replace('..', '', $file_path);
+	$file_path = str_replace ("\\", "/", $file_path);
+
+//break the path into an array
+	$path_array = pathinfo($file_path);
+	$path_prefix = substr($path_array['dirname'], 0, strlen($edit_directory));
+
+//validate the path
+	if ($path_prefix == $edit_directory) {
+		if ($file_path != '') {
+			try {
+				//save file content
+					$file_path = realpath($file_path);
+					$file_path = str_replace ('//', '/', $file_path);
+					$file_path = str_replace ("\\", "/", $file_path);
+					if (file_exists($file_path)) {
+						$handle = fopen($file_path, 'wb');
+						if (!$handle) {
+							throw new Exception('Write Failed - Check File Owner & Permissions');
+						}
+						fwrite($handle, $_POST["content"]);
+						fclose($handle);
 					}
-					fwrite($handle, $_POST["content"]);
-					fclose($handle);
-				}
 
-			//set the reload_xml value to true
-				$_SESSION["reload_xml"] = true;
+				//set the reload_xml value to true
+					$_SESSION["reload_xml"] = true;
 
-			//alert user of success
-				echo "Changes Saved";
-		}
-		catch(Exception $e) {
-			//alert error
-			echo $e->getMessage();
+				//alert user of success
+					echo "Changes Saved";
+			}
+			catch(Exception $e) {
+				//alert error
+				echo $e->getMessage();
+			}
 		}
-
 	}
 
 ?>