28a04a419a
[VD:LocalFileSystem] fix #3543 Can't download folder in PHP 8.1
2023-06-02 17:05:47 +09:00
bb9aaa7b09
[VD:LocalFileSystem] Security fixes, directory traversal vulnerability
...
fixes
This issue was found by Michał Majchrowicz & Livio Victoriano AFINE
Team. We give them a special thanks.
2023-06-02 00:04:05 +09:00
3b75849553
[security:CVE-2022-26960] fix a path traversal issue
...
Fixed a paste traversal vulnerability. The problem was getting out of
the configured directory and allowing the hosting server's file system
to read and write "arbitrary" files.
Special thanks to Gaetan Ferry (Synacktiv) for reporting this issue.
2022-03-14 20:59:19 +09:00
69be51eea5
[security] fix #3458 filename bypass leading to RCE on Windows server ( #3470 )
...
Windows servers do not allow "." (Dots) at the end of a file name.
2022-03-10 00:05:21 +09:00
c08bcbfa72
[VD:LocalFileSystem] fix #3429 RCE on Windows server
2021-11-01 23:04:20 +09:00
a106c350b7
Merge pull request from GHSA-wph3-44rj-92pr
...
* [php] fix multiple vulnerabilities
* fix archiver args
* fix remote Code Execution of zip command
* re-fix remote Code Execution of zip command
* re-fix Improper hostname validation in upload and put
* re-fix Directory traversal in the actions mkfile and mkdir
* Add check targets in archive()
2021-06-13 23:38:02 +09:00
37519c120f
[VD:abstract,LocalFileSystem] use symlink to getItemsInHand()
2020-04-10 17:35:21 +09:00
5614f0b0cb
[VD:LocalFileSystem] do not measure image size for empty image files in _dimensions()
2020-03-19 23:04:03 +09:00
55a967b94a
[php:core,VD] fix #3119 disallow extract of uncompressed size larger than option "maxArcFilesSize"
2020-02-28 00:15:46 +09:00
7cd73ec0fc
[VD:LocalFileSystem] fix #3095 not able to make quarantine directory
2020-01-21 10:10:03 +09:00
969b61c96c
[VD:LocalFileSystem] fix #3059 bug with handling 'tmbPath', 'tmpPath' and 'quarantine' directories on Win server
2019-12-30 20:27:38 +09:00
15cc46ea27
[php] change code style to PSR-2 of all of php files
2019-01-01 21:18:39 +09:00
896af8cb44
[php] potential bug fixes and PHPDoc fixes
...
fix #2810 , fix #2811 , fix #2812 and fix #2114
2019-01-01 20:05:30 +09:00
f05b84b0a6
[VD:LocalFileSystem] add an option statCorrector to correct stat data
...
Example for 32bit PHP on armv7l GNU/Linux see #2613
```php
array (
'driver' => 'LocalFileSystem',
'path' => '/path/to/files/',
'statCorrector' => function (&$stat, $path, $statOwner,
$volumeDriveInstance) {
if (isset($stat['size']) && $stat['mime'] !== 'directory') {
if ($stat['size'] == '0') {
// filesize problem for file larger than 4GB ( testing
// in PHP Version 5.4.16)
// https://stackoverflow.com/questions/6482211/php-filesize-over-4gb
$stat['size'] = trim(shell_exec('stat -c %s
'.escapeshellarg($path)));
}
if ($stat['ts'] === false){
// sometime filemtime will failed to return false
$stat['ts'] = (int)trim(shell_exec('stat -c %Y
'.escapeshellarg($path)));
}
}
}
)
```
2018-08-18 14:35:43 +09:00
ebb89bffa7
[VD,cmd:search] fix #2490 support custom search method
...
See the wiki - https://github.com/Studio-42/elFinder/wiki/Custom-search-function
Also closes #1037 .
2018-05-02 17:49:14 +09:00
eafa99fb57
[VD:LocalFileSystem,OneDrive] fix wrong result of isNameExists()
2018-03-21 21:29:45 +09:00
4b5a3091e0
[VD:LocalFileSystem] fix WARNING error of file stat of unreadable items
2018-02-12 00:47:24 +09:00
3e5f9ff29f
[VD:LocalFileSystem] bugfix of cacheing of options['statOwner']
2017-12-26 12:02:19 +09:00
d26ab2a94f
[VD:LocalFileSystem] do not change locale with PHP >= 7.1
2017-12-10 11:40:20 +09:00
5632f2595a
[VD] use elFinder::splitFileExtention()
2017-12-08 13:09:37 +09:00
d406b6fa41
[php] correction to PHP >= 7.1 supported UTF-8 path on Windows
2017-12-06 23:36:40 +09:00
a00985fe9b
[VD:LocalFileSystem] tiny tune of _subdirs()
2017-11-15 13:42:11 +09:00
4ecbf70969
[php:core,VD:LocalFileSystem] perfomance tune of uniqueName()
2017-11-09 13:19:19 +09:00
1b6c78820b
[api] add optional query (int)'substitute' to command dim
...
The connector can return the URL of the substitute image whose size will fit in that pixel as the value of the key 'url' of the result data when the 'substitute' parameter gives with `dim` command from the client.
Add the following two options on the client side config `commandsOptions.resize` to fixes #2251 .
```javascript
// File size (bytes) threshold when using the `dim` command for obtain the image size necessary to start editing
getDimThreshold : 204800,
// File size (bytes) to request to get substitute image (400px) with the `dim` command
dimSubImgSize : 307200
```
2017-10-30 16:46:19 +09:00
751a7fc3a9
[VD:LocalFileSystem] code briefly of 8038741556
2017-09-28 09:23:34 +09:00
8038741556
False errors using the LocalFileSystem Driver and working with empty
...
files #2226
https://github.com/Studio-42/elFinder/issues/2226
2017-09-27 19:55:19 +02:00
01d1511c59
[VD:abstract] fix #2107 do clearstatcache() in abstract class
2017-08-03 17:24:41 +09:00
1cd6cf745e
[VD] fix #2120 item copy between volumes is incomplete
2017-08-03 17:23:23 +09:00
5fcb8c7c9a
[VD:LocalFileSystem] fix problem, directory name "0" is not detected in _subdirs()
2017-06-23 13:37:19 +09:00
70650d2f99
[VD:LocalFileSystem] prevent PHP timeout on _scandir()
2017-06-09 16:23:48 +09:00
ee42f0689f
[VD:abstract,LocalFileSystem] fix #2035 support multipart rar extraction
2017-06-02 15:45:04 +09:00
ce49d6e937
[VD:LocalFileSystem] fix #2009 corrention of an option keepTimestamp(upload)
...
As for chunked `upload`, fixed time stamp was always keeps irrespective of setting, so we fixed it.
2017-05-16 22:20:30 +09:00
cd5cc691e3
[VD:LocalFileSystem] make success the extract by excluding unallowed items
2017-03-27 17:14:00 +09:00
eae1b712e3
[VD:LocalFileSystem] remove debug code
2017-02-24 23:54:41 +09:00
78c36ff2bf
[VD:LocalFileSystem] fix #1910 startPath dose not work currently
2017-02-24 12:02:35 +09:00
c9788461f3
[VD:LocalFileSystem] fix #1882 option copyJoin does not work on extract
2017-02-15 16:41:27 +09:00
1036ec6201
[VD:LocalFileSystem] fix problem in _subdirs() of unreadable dir
2017-02-15 12:16:19 +09:00
a12ea6ec9f
[VD:abstract,LocalFileSystem] fix #1744 results url must be urlencoded
2016-11-14 17:41:37 +09:00
7ef9cb8f84
[VD:LocalFileSystem] fix warning error
2016-08-04 17:49:05 +09:00
db66281569
[VD:LocalFileSystem] fix #1565 dose not support volume option searchTimeout
2016-08-04 14:37:41 +09:00
a626627201
[php] fix warning errors
2016-07-28 10:12:27 +09:00
c166e9de58
[VD:abstract] fix #1553 root stat not refresh when do chmod of root
2016-07-27 11:24:59 +09:00
f92f1be85c
[php] fix CS ^ {4} to \t
2016-07-15 09:35:54 +09:00
9e150c828b
[VD:LocalFileSystem] fix notice error of options['keepTimestamp']
...
for any extended driver
2016-07-13 22:02:09 +09:00
b329043448
[VD:LocalFileSystem] fix mkdir quarantine that option has file path
2016-07-13 21:52:20 +09:00
1b4603e621
[VD:LocalFileSystem] fix warning error in localFileSystemInotify()
2016-07-06 21:05:57 +09:00
2e9f5b3f62
[VD:LocalFileSystem] fix #1494 support root path with drive letter
2016-06-29 09:20:38 +09:00
1b8df316df
[VD:LocalFileSystem] fix warning error in localFileSystemInotify()
2016-05-29 20:31:33 +09:00
e88048a205
[php] add PHP error handler and remove @ error-control operator
2016-05-13 17:13:31 +09:00
f90ebb4b29
[VD:LocalFileSystem] fix #1370 implement function keep timestamp
2016-05-10 13:19:25 +09:00
nao-pon