-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdljson.php
More file actions
34 lines (30 loc) · 1.11 KB
/
dljson.php
File metadata and controls
34 lines (30 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?php
$dir = $_GET['dir'];
//prevent malicious use to gain access to unauthorised directories
if(strpos($dir,"/../")) die('Malicious Use');
if(strpos($dir,"/./")) die('Malicious Use');
//easiest way to prevent is to ensure the $_GET['dir'] var starts with a given directory
//you may also prepend the $_GET['dir] variable with a directory and pass "/" in the directory widget options
if(!preg_match("(^files/)",$dir)) die('Malicious Use');
if(is_file($dir)) {
$stat = stat($dir);
$size = $stat['size'];
$mod = $stat['mtime'];
$ext = end(explode('.', $dir));
$name = end(explode('/', $dir));
$contentsarray[] = array("size"=>$size,"ext"=>$ext,"mod"=>date("d-m-Y",$mod),"name"=>$name);
echo json_encode($contentsarray);
}
else if($dir) {
if ($handle = opendir($dir)) {
while (false !== ($entry = readdir($handle))) {
$dName = $dir . $entry;
if(is_file($dName)) $ext = end(explode('.', $entry));
else $ext = '';
if(!in_array($entry,array('.','..')) && substr($entry, 0, 1) != '.') $contentsarray[] = array("name"=>$entry,"ext"=>$ext);
}
echo json_encode($contentsarray);
closedir($handle);
}
}
?>