-
Notifications
You must be signed in to change notification settings - Fork 59
/
edit.php
102 lines (95 loc) · 3.72 KB
/
edit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
require_once 'inc/lib.php';
session_start();
if (empty($_SESSION['user']) || !$user = user_info($_SESSION['user'])) {
// Not logged in, redirect to login page
header('Location: .');
exit('Not Authorized');
}
if (empty($_REQUEST['file'])) {
// Not file specified, return to file list
header('Location: files.php');
exit('No file specified');
}
// Prevent a simple directory security issue
if(strpos($_REQUEST['file'], '..') !== false) {
exit('Invalid file path.');
}
// Save file if edited
if (isset($_POST['text']) && !empty($_POST['file'])) {
$file = $user['home'] . $_POST['file'];
$text = $_POST['text'];
if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc())
$text = stripslashes($text);
$saved = file_put_contents($file, $text);
}
// Determine current directory
$dir = dirname($_REQUEST['file']);
$dir = rtrim($dir, '/');
$file = $user['home'] . sanitize_path($_REQUEST['file']);
?><!doctype html>
<html>
<head>
<title>Edit File | MCHostPanel</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/bootstrap-responsive.min.css">
<link rel="stylesheet" href="css/smooth.css" id="smooth-css">
<link rel="stylesheet" href="css/style.css">
<meta name="author" content="Alan Hardman <[email protected]>">
<script src="js/jquery-1.7.2.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script type="text/javascript">
var edited = false;
$(document).ready(function () {
$('textarea').css('height', $(window).height() - 240 + 'px')
.on('change', function () {
window.edited = true;
});
$('#cancel').click(function () {
if (window.edited)
return confirm('Are you sure you want to cancel editing?\nAll changes will be lost.')
else
return true;
});
$('#reload').click(function () {
if (window.edited)
return confirm('Are you sure you want to reload the file?\nAll changes will be lost.')
else
return true;
});
window.setTimeout(function () {
$('.alert').fadeOut();
}, 4000);
});
$(document).resize(function () {
$('textarea').css('height', $(window).height() - 240 + 'px');
});
</script>
</head>
<body>
<?php require 'inc/top.php'; ?>
<div class="container-fluid">
<form action="edit.php" method="post">
<div class="row-fluid">
<h3 style="font-weight:400;" class="pull-left">Editing <?php echo htmlspecialchars($_REQUEST['file']); ?></h3>
<?php if (isset($_POST['text']) && $saved !== false) { ?>
<p class="alert alert-success pull-right"><i class="icon-ok"></i> File was successfully saved.</p>
<?php } elseif (isset($_POST['text'])) { ?>
<p class="alert alert-error pull-right"><i class="icon-remove"></i> File could not be saved!</p>
<?php } elseif (isset($_GET['action']) && $_GET['action'] == 'reload') { ?>
<p class="alert alert-info pull-right">File reloaded.</p>
<?php } ?>
<div class="clearfix"></div>
<input type="hidden" name="file" value="<?php echo htmlspecialchars($_REQUEST['file']); ?>">
<textarea name="text" style="width:100%;box-sizing:border-box;-moz-box-sizing:border-box;font-family:monospace;"><?php echo htmlspecialchars(file_get_contents($file)); ?></textarea>
<div class="btn-toolbar" style="text-align: right;">
<a href="files.php?dir=<?php echo htmlspecialchars(urlencode($dir)); ?>" id="cancel" class="btn">Cancel</a>
<a href="edit.php?file=<?php echo htmlspecialchars(urlencode($_REQUEST['file'])); ?>&action=reload" id="reload" class="btn btn-danger"><i class="icon-repeat icon-white"></i> Reload File</a>
<button type="submit" class="btn btn-primary"><i class="icon-download-alt icon-white"></i> Save File</button>
</div>
</div>
</form>
</div>
</body>
</html>