| Server IP : 80.241.246.6 / Your IP : 216.73.216.188 Web Server : Apache/2.4.25 (Debian) System : Linux kharagauli 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64 User : www-data ( 33) PHP Version : 7.0.33-0+deb9u12 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /var/www/kharagauli_new/admin/filemanager/ |
Upload File : |
<?php
$config = include 'config/config.php';
//TODO switch to array
extract($config, EXTR_OVERWRITE);
include 'include/utils.php';
if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager")
{
response('forbiden', 403)->send();
exit;
}
include 'include/mime_type_lib.php';
if (
strpos($_POST['path'], '/') === 0
|| strpos($_POST['path'], '../') !== false
|| strpos($_POST['path'], './') === 0
)
{
response('wrong path', 400)->send();
exit;
}
if (strpos($_POST['name'], '/') !== false)
{
response('wrong path', 400)->send();
exit;
}
$path = $current_path . $_POST['path'];
$name = $_POST['name'];
$info = pathinfo($name);
if ( ! in_array(fix_strtolower($info['extension']), $ext))
{
response('wrong extension', 400)->send();
exit;
}
if ( ! file_exists($path . $name))
{
response('File not found', 404)->send();
exit;
}
$img_size = (string) (filesize($path . $name)); // Get the image size as string
$mime_type = get_file_mime_type($path . $name); // Get the correct MIME type depending on the file.
response(file_get_contents($path . $name), 200, array(
'Pragma' => 'private',
'Cache-control' => 'private, must-revalidate',
'Content-Type' => $mime_type,
'Content-Length' => $img_size,
'Content-Disposition' => 'attachment; filename="' . ($name) . '"'
))->send();
exit;