diff --git a/action.php b/action.php index 16e6337..f638d53 100644 --- a/action.php +++ b/action.php @@ -236,7 +236,7 @@ switch ($VARS['action']) { $errors[] = htmlspecialchars($f['name']) . " $err"; continue; } - + $filename = basename($f['name']); $filename = preg_replace("/[^a-z0-9\._\-]/", "_", strtolower($filename)); $n = 1; @@ -262,6 +262,29 @@ switch ($VARS['action']) { returnToSender("upload_success", "&path=" . $VARS['path']); break; + case "filedelete": + $file = FILE_UPLOAD_PATH . $VARS['file']; + if (strpos(realpath($file), FILE_UPLOAD_PATH) !== 0) { + returnToSender("file_security_error"); + } + if (!file_exists($file)) { + // Either way the file is gone + returnToSender("file_deleted"); + } + if (!is_writable($file) || realpath($file) == realpath(FILE_UPLOAD_PATH)) { + returnToSender("undeletable_file"); + } + if (is_dir($file)) { + if (!rmdir($file)) { + returnToSender("folder_not_empty"); + } + } else { + if (!unlink($file)) { + returnToSender("file_not_deleted"); + } + } + returnToSender("file_deleted"); + break; case "signout": session_destroy(); header('Location: index.php'); diff --git a/lang/en_us.php b/lang/en_us.php index 491bd84..dd7e771 100644 --- a/lang/en_us.php +++ b/lang/en_us.php @@ -109,4 +109,9 @@ define("STRINGS", [ "destination folder does not exist" => "Destination folder does not exist.", "destination folder does not allow uploads" => "Destination folder does not allow uploads.", "uploaded data too large" => "Uploaded data too large.", + "undeletable file" => "The file could not be deleted.", + "folder not empty" => "Folder must be empty to be deleted.", + "file not deleted" => "The file could not be deleted.", + "file deleted" => "File deleted.", + "folder deleted" => "Folder deleted.", ]); \ No newline at end of file diff --git a/lang/messages.php b/lang/messages.php index 7e8a789..115010a 100644 --- a/lang/messages.php +++ b/lang/messages.php @@ -57,4 +57,24 @@ define("MESSAGES", [ "string" => "uploaded data too large", "type" => "danger" ], + "undeletable_file" => [ + "string" => "undeletable file", + "type" => "danger" + ], + "folder_not_empty" => [ + "string" => "folder not empty", + "type" => "danger" + ], + "file_not_deleted" => [ + "string" => "file not deleted", + "type" => "danger" + ], + "file_deleted" => [ + "string" => "file deleted", + "type" => "success" + ], + "folder_deleted" => [ + "string" => "folder deleted", + "type" => "success" + ], ]); diff --git a/pages/files.php b/pages/files.php index 4097c09..38d86cd 100644 --- a/pages/files.php +++ b/pages/files.php @@ -73,7 +73,6 @@ $fullpath = $base . $folder; $files = scandir($fullpath); foreach ($files as $f) { if (strpos($f, '.') !== 0) { - echo "
\n"; $link = "$folder/$f"; $target = "_BLANK"; $isdir = false; @@ -105,9 +104,19 @@ $fullpath = $base . $folder; } } } - echo "\t"; - echo " "; - echo $f . "\n
\n"; + ?> +
+ + + +
+ + + " /> + +
+
+ diff --git a/public/files/test/logo.png b/public/files/test/logo.png deleted file mode 100755 index 445b771..0000000 Binary files a/public/files/test/logo.png and /dev/null differ