vsgallery/index.php

171 lines
5.5 KiB
PHP
Raw Normal View History

2022-01-08 16:22:16 +00:00
<?php
// Classes
require_once('lib/helpers.class.php');
require_once('lib/template.class.php');
// Settings
require('conf/config.php');
// Prepare Some Basic Variables
$imagedir = Helpers::end_dir($conf['fs_imagedir']);
$imageurl = Helpers::end_dir($conf['web_imagedir']);
2022-01-10 17:11:45 +00:00
$galleryname = $conf['gallery_name'];
2022-01-11 16:02:35 +00:00
// Prepare Path Traversal Check
$r_basedir=realpath($imagedir);
2022-01-08 16:22:16 +00:00
// Get Parameters or Set Defaults
$page = $_GET['p'] ?? $conf['defpage'];
$slice = $_GET['s'] ?? $conf['defslice'];
$gslice = $_GET['gs'] ?? $conf['defslice'];
$dir = $_GET['d'] ?? $conf['defdir'];
2022-02-03 16:16:26 +00:00
$sort = $_GET['so'] ?? 1;
2022-01-08 16:22:16 +00:00
2022-02-18 09:08:22 +00:00
// Input Validation and Sanitazion
$page = Helpers::validate_int($page, 1, PHP_INT_MAX) ? $page : $conf['defpage'];
$slice = Helpers::validate_int($slice, 1, 100) ? $slice : $conf['defslice'];
$gslice = Helpers::validate_int($gslice, 1, 100) ? $gslice : $conf['defslice'];
$sort = Helpers::validate_int($sort, 0, 1) ? $sort : $conf['defslice'];
// Set Some Variables
$host = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
$proto = isset($_SERVER['HTTP_X_FORWARDED_PROTO']) ? $_SERVER['HTTP_X_FORWARDED_PROTO'] : $_SERVER['REQUEST_SCHEME'];
$secure = ($proto == 'https');
2022-01-08 16:22:16 +00:00
// Create or Load Session
2022-02-18 09:08:22 +00:00
session_set_cookie_params([ 'lifetime' => 3600, 'path' => '/', 'domain' => $host, 'secure' => $secure, 'httponly' => true, 'samesite' => 'lax' ]);
2022-01-08 16:22:16 +00:00
session_start();
// Filelist Cache Handling
2022-01-11 16:19:02 +00:00
$cdir = $dir;
if (empty($cdir))
$cdir = '/';
if (isset($_SESSION[$cdir])
&& (time() - $_SESSION[$cdir]['t']) < $conf['flcache']
2022-01-08 16:22:16 +00:00
&& !isset($_GET['refcache']))
{
2022-01-11 16:19:02 +00:00
$files = $_SESSION[$cdir]['f'];
$dirs = $_SESSION[$cdir]['d'];
2022-01-08 16:22:16 +00:00
} else {
2022-01-11 16:02:35 +00:00
$r_imagedir = realpath($imagedir.$dir);
2022-01-11 16:10:11 +00:00
if ($r_imagedir === false || strpos(Helpers::end_dir($r_imagedir), $r_basedir.DIRECTORY_SEPARATOR) !== 0) {
2022-02-18 09:08:22 +00:00
$data['script'] = $_SERVER['PHP_SELF'];
$data['errormsg'] = 'A Path Traversal was Detected';
Template::view('tpl/error.html', $data);
2022-01-11 16:02:35 +00:00
exit();
}
2022-01-11 15:32:12 +00:00
$tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR);
2022-01-11 15:52:11 +00:00
if (!empty($tmpdirs)) {
foreach ($tmpdirs as $tmpdir)
$dirs[] = basename($tmpdir);
$rmdirs = $dirs;
}
2022-01-11 15:25:49 +00:00
$rmdirs[] = '.';
$rmdirs[] = '..';
$files = array_diff(scandir($imagedir.$dir, SCANDIR_SORT_DESCENDING), $rmdirs);
2022-01-11 16:52:40 +00:00
// Filter Unsupported Files
2023-12-06 15:40:43 +00:00
$files = array_values(preg_grep('/.*\.(?!(db|sh)).*/i', $files));
$_SESSION[$cdir]['f'] = isset($files) ? $files : null;
$_SESSION[$cdir]['d'] = isset($dirs) ? $dirs : null;
2022-01-11 16:19:02 +00:00
$_SESSION[$cdir]['t'] = time();
2022-01-08 16:22:16 +00:00
}
// Apply Filters to Filelist
$filter='';
if (isset($_GET['f'])) {
if ($_GET['f'] != '') {
2022-02-18 09:08:22 +00:00
if (Helpers::validate_search($_GET['f'])) {
$tr = array('(' => '\(', ')' => '\)');
$f = strtr($_GET['f'], $tr);
if (!empty($files))
$files = array_values(preg_grep('/.*'.$f.'.*/i', $files));
if (!empty($dirs))
$dirs = array_values(preg_grep('/.*'.$f.'.*/i', $dirs));
$filter='&f='.$_GET['f'];
} else {
$data['script'] = $_SERVER['PHP_SELF'];
$data['errormsg'] = 'An Invalid Search String was detected';
Template::view('tpl/error.html', $data);
exit();
}
2022-01-08 16:22:16 +00:00
}
}
2022-01-11 17:02:30 +00:00
2022-01-08 16:22:16 +00:00
// Sort and Reverse Filelist
natcasesort($files);
2022-02-03 16:49:28 +00:00
if ($sort == 1) {
2022-02-03 16:16:26 +00:00
$files = array_reverse($files);
2022-02-03 16:49:28 +00:00
} else {
$files = array_values($files);
}
2022-02-03 16:16:26 +00:00
2022-01-11 16:27:47 +00:00
if (!empty($dirs))
$files = array_merge($dirs, $files);
2022-01-08 16:22:16 +00:00
// Get Files for current Page
$curfiles = array_slice($files, ($page-1)*$slice ,$slice, true);
if (!empty($curfiles)| !empty($dirs)) {
2022-01-10 14:47:35 +00:00
// Prepare Generic Data for Template
2022-01-10 17:11:45 +00:00
$data['galleryname'] = $galleryname;
2022-01-10 17:41:27 +00:00
$data['startpage'] = $_SERVER['PHP_SELF'];
2022-01-10 14:47:35 +00:00
$data['dir'] = $dir;
2022-02-03 16:16:26 +00:00
$data['sort'] = $sort;
2022-01-10 14:47:35 +00:00
$data['slice'] = $slice;
$data['filter'] = $filter;
2022-01-11 19:16:19 +00:00
$data['pretty_filter'] = substr($filter,3);
2022-01-10 14:47:35 +00:00
$data['page'] = $page;
$data['prev_page'] = $page - 1;
if ($data['prev_page'] < 1)
$data['prev_page'] = 1;
$data['next_page'] = $page + 1;
if ($data['next_page'] > ceil(count($files)/$slice))
$data['next_page'] = $page;
$data['last_page'] = ceil(count($files)/$slice);
// Prepare Mode Specific Data and Render Template
if ($slice > 1) {
if (!empty($curfiles)) {
2022-01-11 15:37:31 +00:00
foreach ($curfiles as $index => $image) {
2022-01-11 17:11:13 +00:00
if (!empty($dirs) && in_array($image, $dirs)) {
2022-01-11 16:26:51 +00:00
$data['dirs'][] = $image;
} else {
$tmp['n'] = $image;
$tmp['i'] = $index+1;
2024-02-24 17:58:34 +00:00
$tmp['t'] = 'thumb.php?d='.Helpers::end_dir($imagedir.$dir).'&i='.$image;
2022-01-11 16:26:51 +00:00
$data['images'][] = $tmp;
}
2022-01-11 15:37:31 +00:00
}
2022-01-11 19:10:23 +00:00
if (!empty($dir)) {
$tmpdirs = array_filter(explode(DIRECTORY_SEPARATOR, $dir));
2022-01-11 19:06:10 +00:00
$tmppath = '';
2022-01-11 19:10:23 +00:00
foreach($tmpdirs as $tmpdir) {
2022-01-11 19:06:10 +00:00
$tmppath=$tmppath.DIRECTORY_SEPARATOR.$tmpdir;
$data['crumbs'][$tmpdir] = $tmppath;
}
}
}
2022-01-10 14:47:35 +00:00
Template::view('tpl/gallery.html', $data);
} else {
$data['gallery_page'] = ceil($page/$gslice);
$data['gallery_slice'] = $gslice;
foreach ($curfiles as $index => $image) {
2022-09-02 18:59:30 +00:00
$data['imageurl'] = str_replace("'", "&#39;", $imageurl.$dir.'/'.$image);
2022-01-10 14:47:35 +00:00
$data['imagename'] = $image;
2023-12-06 15:40:43 +00:00
$data['filetype'] = mime_content_type(Helpers::end_dir($imagedir.$dir).$image);
2022-02-08 19:55:21 +00:00
$data['tags'] = array_filter(explode(" ", pathinfo(trim(strstr(strtolower($image), ' - '), " -"))['filename']));
2022-01-10 14:47:35 +00:00
}
Template::view('tpl/single.html', $data);
2022-01-08 16:22:16 +00:00
}
} else {
2022-01-10 14:51:02 +00:00
$data['filter'] = substr($filter,3);
2022-01-10 14:47:35 +00:00
$data['script'] = $_SERVER['PHP_SELF'];
Template::view('tpl/notfound.html', $data);
2022-01-08 16:22:16 +00:00
}
2022-02-03 16:16:26 +00:00
?>