Skip to content

Commit f4f7a22

Browse files
imcraftsmanimcraftsman
committed
add proxy to show image/vedio out of the webserver root directory
add proxy to show image/vedio out of the webserver root directory when we login as an ordinary client, our folders which assigned by the administrator are usually not in the webserver root directory. so, we could not get the file's hyperlink, and we could not preview our pictures and watch our video online. now, the problem is solved. I add a proxy to settle this. modified list: 1) add a proxy; 2) modify image's/video's hyperlinks 3) modify file's 'direct link' related with open button. in addition: There is a clerical error in lin "$fileTypes['jfif'] = 'image/jpg';" it should be "$fileTypes['jfif'] = 'image/jfif';" in my another PR(PR id= prasathmani#1269)
1 parent e870873 commit f4f7a22

File tree

1 file changed

+113
-9
lines changed

1 file changed

+113
-9
lines changed

tinyfilemanager.php

Lines changed: 113 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -458,6 +458,79 @@ function getClientIP()
458458

459459
/*************************** ACTIONS ***************************/
460460

461+
// file proxy
462+
if (isset($_GET['proxy_file'])) {
463+
header('Access-Control-Allow-Origin: *');
464+
header('Access-Control-Allow-Methods: GET');
465+
466+
function sanitizePath($path) {
467+
if (substr($path, 0, 1) !== '/') {
468+
die('Invalid file path.');
469+
}
470+
if ($path === '/')
471+
return '/';
472+
return realpath($path);
473+
}
474+
475+
// get file path
476+
$filePath = isset($_GET['path'])?$_GET['path']:"/";
477+
478+
$filePath = sanitizePath($filePath);
479+
480+
if ($filePath === false || !file_exists($filePath)) {
481+
http_response_code(404);
482+
die('File not found or inaccessible.');
483+
}
484+
485+
if (is_dir($filePath)) {
486+
// if it is dir,list the content
487+
$fileList = getFileList($filePath);
488+
echo generateDirectoryListing($filePath, $fileList);
489+
exit;
490+
} else {
491+
// if it is image or vedio file ,return the immage file content
492+
if (!is_readable($filePath)) {
493+
http_response_code(403);
494+
die("File is not readable.");
495+
}
496+
$mimeType = mime_content_type($filePath);
497+
header('Content-Type: ' . $mimeType);
498+
header('Content-Length: ' . filesize($filePath));
499+
readfile($filePath);
500+
exit;
501+
}
502+
}
503+
504+
// get file lists
505+
function getFileList($dir)
506+
{
507+
$files = array();
508+
$entries = scandir($dir);
509+
foreach ($entries as $entry) {
510+
if ($entry != "." && $entry != "..") {
511+
$files[] = $entry;
512+
}
513+
}
514+
return $files;
515+
}
516+
// create file lists HTML
517+
function generateDirectoryListing($dir, $fileList)
518+
{
519+
$html = "<html><head><title>Index of {$dir}</title></head><body>";
520+
$html .= "<h1>Index of {$dir}</h1><hr><ul>";
521+
if($dir != "/"){
522+
$html .= "<li><a href='?proxy_file=1&path=" . urlencode(dirname($dir)) . "'>Parent Directory/</a></li>";
523+
}
524+
foreach($fileList as $entry){
525+
$filePath = $dir. "/".$entry;
526+
$linkPath = "?proxy_file=1&path=".urlencode($filePath);
527+
$type = is_dir($filePath) ? "Directory": "File";
528+
$html .= "<li><a href='$linkPath'>$entry</a> ($type)</li>";
529+
}
530+
$html .= "</ul><hr></body></html>";
531+
return $html;
532+
}
533+
461534
// Handle all AJAX Request
462535
if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) || !FM_USE_AUTH) && isset($_POST['ajax'], $_POST['token']) && !FM_READONLY) {
463536
if (!verifyToken($_POST['token'])) {
@@ -1816,8 +1889,14 @@ function getSelected($l)
18161889
<?php if (!FM_READONLY): ?>
18171890
<a class="fw-bold btn btn-outline-primary" title="<?php echo lng('Delete') ?>" href="?p=<?php echo urlencode(FM_PATH) ?>&amp;del=<?php echo urlencode($file) ?>" onclick="confirmDailog(event, 1209, '<?php echo lng('Delete') . ' ' . lng('File'); ?>','<?php echo urlencode($file); ?>', this.href);"> <i class="fa fa-trash"></i> Delete</a>
18181891
<?php endif; ?>
1819-
<a class="fw-bold btn btn-outline-primary" href="<?php echo fm_enc($file_url) ?>" target="_blank"><i class="fa fa-external-link-square"></i> <?php echo lng('Open') ?></a></b>
1820-
<?php
1892+
<a class="fw-bold btn btn-outline-primary" href="<?php
1893+
if($_SERVER['DOCUMENT_ROOT'] === $root_path){
1894+
echo fm_enc($file_url);}
1895+
else{
1896+
echo '?p=&proxy_file=1&path=' . urlencode($file_path);
1897+
}
1898+
?>" target="_blank"><i class="fa fa-external-link-square"></i> <?php echo lng('Open') ?></a></b>
1899+
<?php
18211900
// ZIP actions
18221901
if (!FM_READONLY && ($is_zip || $is_gzip) && $filenames !== false) {
18231902
$zip_name = pathinfo($file_path, PATHINFO_FILENAME);
@@ -1871,8 +1950,15 @@ class="edit-file"><i class="fa fa-pencil-square"></i> <?php echo lng('AdvancedEd
18711950
}
18721951
} elseif ($is_image) {
18731952
// Image content
1874-
if (in_array($ext, array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg', 'webp', 'avif'))) {
1875-
echo '<p><input type="checkbox" id="preview-img-zoomCheck"><label for="preview-img-zoomCheck"><img src="' . fm_enc($file_url) . '" alt="image" class="preview-img"></label></p>';
1953+
if (in_array($ext, array('gif', 'jpg', 'jpeg','jfif', 'png', 'bmp', 'ico', 'svg', 'webp', 'avif'))) {
1954+
if($_SERVER['DOCUMENT_ROOT'] === $root_path){
1955+
echo '<p><input type="checkbox" id="preview-img-zoomCheck"><label for="preview-img-zoomCheck"><img src="' .fm_enc($file_url). '" alt="image"
1956+
class="preview-img"></label></p>';
1957+
}
1958+
else{
1959+
echo '<p><input type="checkbox" id="preview-img-zoomCheck"><label for="preview-img-zoomCheck"><img src="' . '?p=&proxy_file=1&path=' . urlencode($file_path) . '" alt="image"
1960+
class="preview-img"></label></p>';
1961+
}
18761962
}
18771963
} elseif ($is_audio) {
18781964
// Audio content
@@ -2209,7 +2295,16 @@ class="edit-file"><i class="fa fa-pencil-square"></i> <?php echo lng('AdvancedEd
22092295
<a title="<?php echo lng('Rename') ?>" href="#" onclick="rename('<?php echo fm_enc(addslashes(FM_PATH)) ?>', '<?php echo fm_enc(addslashes($f)) ?>');return false;"><i class="fa fa-pencil-square-o" aria-hidden="true"></i></a>
22102296
<a title="<?php echo lng('CopyTo') ?>..." href="?p=&amp;copy=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>"><i class="fa fa-files-o" aria-hidden="true"></i></a>
22112297
<?php endif; ?>
2212-
<a title="<?php echo lng('DirectLink') ?>" href="<?php echo fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f . '/') ?>" target="_blank"><i class="fa fa-link" aria-hidden="true"></i></a>
2298+
<?php
2299+
$foldDirectLink ='';
2300+
if( $_SERVER['DOCUMENT_ROOT'] === $root_path ){
2301+
$foldDirectLink = fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f. '/') ;
2302+
}
2303+
else{
2304+
$foldDirectLink = '?p=&proxy_file=1&path=' . urlencode(FM_ROOT_PATH . '/'.FM_PATH .$f. '/');
2305+
}
2306+
?>
2307+
<a title="<?php echo lng('DirectLink') ?>" href="<?php echo $foldDirectLink; ?>" target="_blank"><i class="fa fa-link" aria-hidden="true"></i></a>
22132308
</td>
22142309
</tr>
22152310
<?php
@@ -2263,8 +2358,8 @@ class="edit-file"><i class="fa fa-pencil-square"></i> <?php echo lng('AdvancedEd
22632358
<td data-sort=<?php echo fm_enc($f) ?>>
22642359
<div class="filename">
22652360
<?php
2266-
if (in_array(strtolower(pathinfo($f, PATHINFO_EXTENSION)), array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg', 'webp', 'avif'))): ?>
2267-
<?php $imagePreview = fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f); ?>
2361+
if (in_array(strtolower(pathinfo($f, PATHINFO_EXTENSION)), array('gif', 'jpg', 'jpeg','jfif', 'png', 'bmp', 'ico', 'svg', 'webp', 'avif'))): ?>
2362+
<?php $imagePreview = '?p=&proxy_file=1&path=' . urlencode(FM_ROOT_PATH . '/'.FM_PATH . '/'.$f); ?>
22682363
<a href="<?php echo $filelink ?>" data-preview-image="<?php echo $imagePreview ?>" title="<?php echo fm_enc($f) ?>">
22692364
<?php else: ?>
22702365
<a href="<?php echo $filelink ?>" title="<?php echo $f ?>">
@@ -2290,7 +2385,14 @@ class="edit-file"><i class="fa fa-pencil-square"></i> <?php echo lng('AdvancedEd
22902385
<a title="<?php echo lng('CopyTo') ?>..."
22912386
href="?p=<?php echo urlencode(FM_PATH) ?>&amp;copy=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>"><i class="fa fa-files-o"></i></a>
22922387
<?php endif; ?>
2293-
<a title="<?php echo lng('DirectLink') ?>" href="<?php echo fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f) ?>" target="_blank"><i class="fa fa-link"></i></a>
2388+
<a title="<?php echo lng('DirectLink') ?>" href="
2389+
<?php
2390+
if($_SERVER['DOCUMENT_ROOT'] === $root_path){
2391+
echo fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f);}
2392+
else{
2393+
echo '?p=&proxy_file=1&path=' . urlencode(FM_ROOT_PATH . '/'.FM_PATH . '/'.$f);
2394+
}
2395+
?>" target="_blank"><i class="fa fa-link"></i></a>
22942396
<a title="<?php echo lng('Download') ?>" href="?p=<?php echo urlencode(FM_PATH) ?>&amp;dl=<?php echo urlencode($f) ?>" onclick="confirmDailog(event, 1211, '<?php echo lng('Download'); ?>','<?php echo urlencode($f); ?>', this.href);"><i class="fa fa-download"></i></a>
22952397
</td>
22962398
</tr>
@@ -2907,6 +3009,7 @@ function fm_get_file_icon_class($path)
29073009
case 'gif':
29083010
case 'jpg':
29093011
case 'jpeg':
3012+
case 'jfif':
29103013
case 'jpc':
29113014
case 'jp2':
29123015
case 'jpx':
@@ -3104,7 +3207,7 @@ function fm_get_file_icon_class($path)
31043207
*/
31053208
function fm_get_image_exts()
31063209
{
3107-
return array('ico', 'gif', 'jpg', 'jpeg', 'jpc', 'jp2', 'jpx', 'xbm', 'wbmp', 'png', 'bmp', 'tif', 'tiff', 'psd', 'svg', 'webp', 'avif');
3210+
return array('ico', 'gif', 'jpg', 'jpeg','jfif', 'jpc', 'jp2', 'jpx', 'xbm', 'wbmp', 'png', 'bmp', 'tif', 'tiff', 'psd', 'svg', 'webp', 'avif');
31083211
}
31093212

31103213
/**
@@ -3288,6 +3391,7 @@ function fm_get_file_mimes($extension)
32883391
$fileTypes['gif'] = 'image/gif';
32893392
$fileTypes['png'] = 'image/png';
32903393
$fileTypes['jpeg'] = 'image/jpg';
3394+
$fileTypes['jfif'] = 'image/jfif';
32913395
$fileTypes['jpg'] = 'image/jpg';
32923396
$fileTypes['webp'] = 'image/webp';
32933397
$fileTypes['avif'] = 'image/avif';

0 commit comments

Comments
 (0)