1<?php 2 3// Pandora FMS - http://pandorafms.com 4// ================================================== 5// Copyright (c) 2005-2010 Artica Soluciones Tecnologicas 6// Please see http://pandorafms.org for full contribution list 7 8// This program is free software; you can redistribute it and/or 9// modify it under the terms of the GNU General Public License 10// as published by the Free Software Foundation for version 2. 11// This program is distributed in the hope that it will be useful, 12// but WITHOUT ANY WARRANTY; without even the implied warranty of 13// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14// GNU General Public License for more details. 15 16// Load global vars 17global $config; 18 19check_login (); 20 21if (! check_acl ($config['id_user'], 0, "PM")) { 22 db_pandora_audit("ACL Violation", "Trying to access File manager"); 23 require ("general/noaccess.php"); 24 return; 25} 26 27require_once ("include/functions_filemanager.php"); 28 29// Header 30ui_print_page_header (__('File manager'), "", false, "", true); 31 32if (isset($config['filemanager']['message'])) { 33 echo $config['filemanager']['message']; 34 $config['filemanager']['message'] = null; 35} 36 37$directory = (string) get_parameter ('directory', "/"); 38$directory = str_replace("\\", "/", $directory); 39 40// A miminal security check to avoid directory traversal 41if (preg_match ("/\.\./", $directory)) 42 $directory = "images"; 43if (preg_match ("/^\//", $directory)) 44 $directory = "images"; 45if (preg_match ("/^manager/", $directory)) 46 $directory = "images"; 47 48/* Add custom directories here */ 49$fallback_directory = "images"; 50 51$banned_directories['include'] = true; 52$banned_directories['godmode'] = true; 53$banned_directories['operation'] = true; 54$banned_directories['reporting'] = true; 55$banned_directories['general'] = true; 56$banned_directories[ENTERPRISE_DIR] = true; 57 58if (isset ($banned_directories[$directory])) 59 $directory = $fallback_directory; 60 61$real_directory = realpath ($config['homedir'] . '/' . $directory); 62 63echo '<h4>' . __('Index of %s', $directory) . '</h4>'; 64 65$homedir_filemanager = isset ($config['homedir_filemanager']) ? $config['homedir_filemanager'] : false; 66 67filemanager_file_explorer($real_directory, 68 $directory, 69 'index.php?sec=gsetup&sec2=godmode/setup/file_manager', 70 '', 71 false, 72 false, 73 '', 74 false, 75 '', 76 $homedir_filemanager); 77?> 78