Source for file ajax_file_browser_inc.php
Documentation is available at ajax_file_browser_inc.php
* Copyright (c) 2008 bitweaver.org
* All Rights Reserved. See below for details and a complete list of authors.
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See http://www.gnu.org/copyleft/lesser.html for details
* Quick guide to this file:
* $_REQUEST['ajax_path_conf'] is the kernel configuration name that contains the absolute path to the directory where the files are.
* This method was chosen to provide a measure of security since we never pass in an absolute path via the URL this way.
* Another safety measure is provided that the configuration value set in $gBitSystem->mConfig['$_REQUEST['ajax_path_conf']] is used as 'jail'.
* Paths outside this 'jail' will be ignored including ../../ or symbolic links.
* Evil extensions as defined in EVIL_EXTENSION_PATTERN will be ignored as are [dot] files e.g.: .private.txt
* /home/ftp/public/ is the 'jail'
* /home/ftp/public/ftp -> /home/ftp/ is a symbolic link that points outside the 'jail' and will therefore be ignored completely.
* Also makes it impossible to import stuff like /home/ftp/public/../../../../../etc/passwd
* You can define ajax_path_conf in two places with different effects:
* 1. define the ajax_path_conf when you include the template:
* {include file="bitpackage:kernel/ajax_file_browser.tpl" ajax_path_conf=treasury_file_import_path}
* This will show a link to "Load Files" which will then load the file list when you click on the link.
* 2. If you provide $_REQUEST['ajax_path_conf'] when you include it from your php file, all files in the root directory will already be loaded.
* $_REQUEST['ajax_path_conf'] = 'treasury_file_import_path';
* require_once( KERNEL_PKG_PATH.'ajax_file_browser.php' );
* NOTE: when you process the imported files, make sure you use realpath() to check of files are really in your 'jail'.
require_once( 'setup_inc.php' );
// we need to set these global that we can include this file from functions
global $gBitThemes, $gBitSystem, $gBitSmarty;
if( !empty( $_REQUEST['ajax_path_conf'] ) && $gBitSystem->isFeatureActive( $_REQUEST['ajax_path_conf'] ) ) {
$fileList = ajax_dir_list( $gBitSystem->getConfig( $_REQUEST['ajax_path_conf'] ), ( !empty( $_REQUEST['relpath'] ) ? $_REQUEST['relpath']. "/" : NULL ));
$gBitSmarty->assign( 'fileList', $fileList );
$gBitThemes->loadAjax( 'mochikit', array( 'Iter.js', 'DOM.js', 'Async.js' ));
$gBitThemes->loadJavascript( KERNEL_PKG_PATH. "scripts/BitFileBrowser.js", TRUE );
if( $gBitThemes->isAjaxRequest() ) {
$gBitSmarty->display( 'bitpackage:kernel/ajax_file_browser_inc.tpl' );
* @param array $pDir Base directory
* @param array $pRelPath relative path on top of base directory
* @return TRUE on success, FALSE on failure - mErrors will contain reason for failure
if( !empty( $pDir ) && is_dir( $pDir. $pRelPath )) {
if( $handle = opendir( $pDir. $pRelPath )) {
while( FALSE !== ( $file = readdir( $handle ))) {
foreach( $files as $i ) {
if( strpos( $file, $pDir ) === 0 ) {
$ret['file'][$i] = $info;
|