1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
<?php /** * elFinder Plugin Sanitizer * * Sanitizer of file-name and file-path etc. * * ex. binding, configure on connector options * $opts = array( * 'bind' => array( * 'upload.pre mkdir.pre mkfile.pre rename.pre archive.pre ls.pre' => array( * 'Plugin.Sanitizer.cmdPreprocess' * ), * 'ls' => array( * 'Plugin.Sanitizer.cmdPostprocess' * ), * 'upload.presave' => array( * 'Plugin.Sanitizer.onUpLoadPreSave' * ) * ), * // global configure (optional) * 'plugin' => array( * 'Sanitizer' => array( * 'enable' => true, * 'targets' => array('\\','/',':','*','?','"','<','>','|'), // target chars * 'replace' => '_' // replace to this * ) * ), * // each volume configure (optional) * 'roots' => array( * array( * 'driver' => 'LocalFileSystem', * 'path' => '/path/to/files/', * 'URL' => 'http://localhost/to/files/' * 'plugin' => array( * 'Sanitizer' => array( * 'enable' => true, * 'targets' => array('\\','/',':','*','?','"','<','>','|'), // target chars * 'replace' => '_' // replace to this * ) * ) * ) * ) * ); * * @package elfinder * @author Naoki Sawada * @license New BSD */ class elFinderPluginSanitizer extends elFinderPlugin { private $replaced = array(); private $keyMap = array( 'ls' => 'intersect', 'upload' => 'renames' );
public function __construct($opts) { $defaults = array( 'enable' => true, // For control by volume driver 'targets' => array('\\','/',':','*','?','"','<','>','|'), // target chars 'replace' => '_', // replace to this 'pathAllows' => array('/') // Characters allowed in path name of characters in `targets` array ); $this->opts = array_merge($defaults, $opts); } public function cmdPreprocess($cmd, &$args, $elfinder, $volume) { $opts = $this->getCurrentOpts($volume); if (! $opts['enable']) { return false; } $this->replaced[$cmd] = array(); $key = (isset($this->keyMap[$cmd]))? $this->keyMap[$cmd] : 'name'; if (isset($args[$key])) { if (is_array($args[$key])) { foreach($args[$key] as $i => $name) { $this->replaced[$cmd][$name] = $args[$key][$i] = $this->sanitizeFileName($name, $opts); } } else { $name = $args[$key]; $this->replaced[$cmd][$name] = $args[$key] = $this->sanitizeFileName($name, $opts); } } return true; } public function cmdPostprocess($cmd, &$result, $args, $elfinder) { if ($cmd === 'ls') { if (! empty($result['list']) && ! empty($this->replaced['ls'])) { foreach($result['list'] as $hash => $name) { if ($keys = array_keys($this->replaced['ls'], $name)) { if (count($keys) === 1) { $result['list'][$hash] = $keys[0]; } else { $result['list'][$hash] = $keys; } } } } } } // NOTE: $thash is directory hash so it unneed to process at here public function onUpLoadPreSave(&$thash, &$name, $src, $elfinder, $volume) { $opts = $this->getCurrentOpts($volume); if (! $opts['enable']) { return false; } $name = $this->sanitizeFileName($name, $opts); return true; } protected function sanitizeFileName($filename, $opts, $allows = array()) { $targets = $allows? array_diff($opts['targets'], $allows) : $opts['targets']; return str_replace($targets, $opts['replace'], $filename); } }
|