prevents debug users from exploring system's directory structure
* ex: $root = $_SERVER['DOCUMENT_ROOT'];
*/
function path($dir) {
return mb_substr($dir,-1) == '/' ? $dir : $dir.'/';
}
function is_top($dir) {
global $root;
return mb_strlen($dir) > mb_strlen($root);
}
function is_low($dir) {
global $root;
return mb_substr($dir,0,mb_strlen($root)) == $root;
}
$root = path(realpath($_POST['root']));
if (!$root) exit("ERROR: Root filesystem directory not set in jqueryFileTree.php");
$docroot = '/usr/local/emhttp';
require_once "$docroot/webGui/include/Secure.php";
$rootdir = path(realpath($_POST['dir']));
$filters = (array)$_POST['filter'];
$match = $_POST['match'];
$checkbox = $_POST['multiSelect'] == 'true' ? "" : "";
/* Excluded folders to not show in the dropdown in the '/mnt/' directory only. */
$excludedFolders = ['RecycleBin', 'addons', 'rootshare'];
$udShares = ['addons','disks','remotes'];
echo "";
if ($_POST['show_parent'] == 'true' && is_top($rootdir)) {
echo "- $checkbox..
";
}
if (is_low($rootdir) && is_dir($rootdir)) {
$dirs = $files = [];
$names = array_filter(scandir($rootdir, SCANDIR_SORT_NONE), function($n){return $n != '.' && $n != '..';});
if (is_top($rootdir)) {
// add unassigned devices top level shares
foreach ($udShares as $name) if (is_dir($rootdir.$name) && !in_array($name, $names)) $names[] = $rootdir.$name;
}
natcasesort($names);
foreach ($names as $name) {
if (is_dir($rootdir.$name)) {
$dirs[] = $name;
} else {
$files[] = $name;
}
}
foreach ($dirs as $name) {
$htmlRel = htmlspecialchars($rootdir.$name);
$htmlName = htmlspecialchars(mb_strlen($name) <= 33 ? $name : mb_substr($name, 0, 30).'...');
/* Exclude '.Recycle.Bin' from all directories */
if ($name === '.Recycle.Bin') continue;
/* Exclude folders only when directory is '/mnt/' */
if (in_array($name, $excludedFolders) && $rootdir === '/mnt/') continue;
if (empty($match) || preg_match("/$match/", $rootdir.$name.'/')) {
echo "- $checkbox$htmlName
";
}
}
foreach ($files as $name) {
$htmlRel = htmlspecialchars($rootdir . $name);
$htmlName = htmlspecialchars($name);
$ext = mb_strtolower(pathinfo($name, PATHINFO_EXTENSION));
foreach ($filters as $filter) {
if (empty($filter) || $ext == $filter) {
if (empty($match) || preg_match("/$match/", $name)) {
echo "- $checkbox$htmlName
";
}
}
}
}
}
echo "
";
?>