Comments (8)
Well, in the past I had many concerns about operating in a higher level as the script root, because a potential attacker then could likely walk through the whole filesystem and even read files like /etc/passwd and things. I'll add this feature in the next release, but leave it disabled.
from ifm.
After thinking about this setting again - I would like to suggest the following: Instead of a general switch for allowing parent folders, I think the proper way for such a setting might be to let the user specify the root directory - i.e. where IFM should start with the file listing.
Example:
rootDir = "" .. start from the ifm.php location (default)
rootDir = "/" .. start from the server's root
rootDir = "/var/www/http/" .. start from a specific directory.
from ifm.
That is a good suggestion. I'm currently working on this.
from ifm.
I pushed a working version to the issue-26 branch. The root_dir option is currently empty, so you have to adjust it for your needs.
Could you test this and let me know if you find any issues? That would be nice.
Please note that this option has several implications:
- The direct links don't work certainly, if the files lay out of the document root. Use the download buttons instead.
- Note that zip archives of folders don't contain files and directories which the PHP user cannot read. This happens without any errors.
- If open_basedir is active, and the root_dir is inaccessible, ifm dies with an error.
from ifm.
Thank you - great feature! I found one issue when testing:
File Links (open file as URL) do not work
Setup:
- ifm is located in http://myhost.com/tools/ifm.php
- the above url would mean /var/www/myhost.com/tools/ifm.php on the server
- root_dir = "/var/www/"
Now I navigate in IFM to /var/www/myhost.com/ - and click on some text file. The file is not found, as IFM opens http://myhost.com/tools/textfile.txt instead of http://myhost.com/textfile.txt
The download button for the textfile still works well.
from ifm.
Yes, this is the case. I am not quite sure how to solve that, because I can't guess the DocumentRoot reliable due to aliases, rewrites and so on. Maybe I can add a client-side check which triggers the download instead of opening the link when clicking on a file outside the document root.
from ifm.
I added the check which works fine for me. Please let me know if you have any trouble with that.
from ifm.
Ok, I tested this feature in several environments, and think it can be merged. I'll do this during the day.
from ifm.
Related Issues (20)
- chdir(): No such file or directory (errno 2) in /app/public/files/index.php on line 5926" HOT 2
- Folder upload doesn't work HOT 1
- How to use a non-user owner:group to delete files in a folder HOT 3
- Discussion: Current state HOT 3
- Outdated release (Oct 2020) HOT 1
- Hint on where the configuration is contained HOT 2
- ZipArchive Class Not Found HOT 1
- Directory Access? HOT 2
- Corrupted picture files HOT 3
- PHP Parse error: syntax error, unexpected '=>' (T_DOUBLE_ARROW) HOT 1
- [up] arrow does not return to previous directory HOT 1
- Hi there - I need to get help with root_dir HOT 1
- Option to sort folders first HOT 4
- $initialWD is deprecated HOT 1
- Confirm Download Dialog ? HOT 1
- Enable logs HOT 5
- Invalid argument supplied for foreach HOT 1
- Long load time HOT 1
- Error during build Docker Image HOT 1
- Using Docker, unable to login using authentication HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ifm.