1<?php
2
3// Pandora FMS - http://pandorafms.com
4// ==================================================
5// Copyright (c) 2005-2010 Artica Soluciones Tecnologicas
6// Please see http://pandorafms.org for full contribution list
7
8// This program is free software; you can redistribute it and/or
9// modify it under the terms of the GNU General Public License
10// as published by the Free Software Foundation for version 2.
11// This program is distributed in the hope that it will be useful,
12// but WITHOUT ANY WARRANTY; without even the implied warranty of
13// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14// GNU General Public License for more details.
15
16// Load global vars
17global $config;
18
19check_login ();
20
21if (! check_acl ($config['id_user'], 0, "PM")) {
22	db_pandora_audit("ACL Violation", "Trying to access File manager");
23	require ("general/noaccess.php");
24	return;
25}
26
27require_once ("include/functions_filemanager.php");
28
29// Header
30ui_print_page_header (__('File manager'), "", false, "", true);
31
32if (isset($config['filemanager']['message'])) {
33	echo $config['filemanager']['message'];
34	$config['filemanager']['message'] = null;
35}
36
37$directory = (string) get_parameter ('directory', "/");
38$directory = str_replace("\\", "/", $directory);
39
40// A miminal security check to avoid directory traversal
41if (preg_match ("/\.\./", $directory))
42	$directory = "images";
43if (preg_match ("/^\//", $directory))
44	$directory = "images";
45if (preg_match ("/^manager/", $directory))
46	$directory = "images";
47
48/* Add custom directories here */
49$fallback_directory = "images";
50
51$banned_directories['include'] = true;
52$banned_directories['godmode'] = true;
53$banned_directories['operation'] = true;
54$banned_directories['reporting'] = true;
55$banned_directories['general'] = true;
56$banned_directories[ENTERPRISE_DIR] = true;
57
58if (isset ($banned_directories[$directory]))
59	$directory = $fallback_directory;
60
61$real_directory = realpath ($config['homedir'] . '/' . $directory);
62
63echo '<h4>' . __('Index of %s', $directory) . '</h4>';
64
65$homedir_filemanager = isset ($config['homedir_filemanager']) ? $config['homedir_filemanager'] : false;
66
67filemanager_file_explorer($real_directory,
68	$directory,
69	'index.php?sec=gsetup&sec2=godmode/setup/file_manager',
70	'',
71	false,
72	false,
73	'',
74	false,
75	'',
76	$homedir_filemanager);
77?>
78