5 Replies - 324 Views - Last Post: 05 November 2019 - 07:26 PM Rate Topic: -----

#1 judgedredd   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 04-November 19

Dir' Listing script slightly updated but still doesn't work co

Posted 04 November 2019 - 04:21 PM

Hi,

I have a directory and file listing script that shows all directories and files to infinite levels and allows the files to be downloaded (it can be set for them to open in a new window too, if appropriate).

It was recently updated from working with PHP 5.4-5.6 (where it had no problems whatsoever) to work with PHP 7.1 and up. The update, though, has caused the script to not show all the files in some directories. Can anyone tell me why?
[Note: the updated code is from using 'split' to 'explode'. There is a note of this given in the code below.]

The raw PHP code is shown on a page on one of my sites because I was prevented from doing so here by cloudflare. Here is the link.

Is This A Good Question/Topic? 0
  • +

Replies To: Dir' Listing script slightly updated but still doesn't work co

#2 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2494
  • View blog
  • Posts: 7,551
  • Joined: 15-January 14

Re: Dir' Listing script slightly updated but still doesn't work co

Posted 04 November 2019 - 05:12 PM

It's got a list of strings where any file containing any of those is not going to be displayed, is that the issue?

That code definitely looks old, it also looks like it might allow people to download any arbitrary file that they know the path for. That's not good.
Was This Post Helpful? 0
  • +
  • -

#3 judgedredd   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 04-November 19

Re: Dir' Listing script slightly updated but still doesn't work co

Posted 05 November 2019 - 06:37 AM

Quote

It's got a list of strings where any file containing any of those is not going to be displayed, is that the issue?


No, that's not the issue. For example I have some mp3 files that won't display for download in some folders yet the mp3 file extension is not in the string that says not to show those files. i.e. mp3 files appear in various folders for most of the time but for some reason, in certain folders they don't.

The script is designed to allow anyone to download the files in the folder (and sub folders) of where this script is. It does not allow anyone to go up a level beyond where this script's directory is.
Was This Post Helpful? 0
  • +
  • -

#4 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2494
  • View blog
  • Posts: 7,551
  • Joined: 15-January 14

Re: Dir' Listing script slightly updated but still doesn't work co

Posted 05 November 2019 - 10:42 AM

Quote

mp3 files appear in various folders for most of the time but for some reason, in certain folders they don't.

That sounds like it's because of that $hide array. If the characters "ico" appear in any filename or folder, for example, it won't show that.

Quote

It does not allow anyone to go up a level beyond where this script's directory is.

Not from what I see. From what I see you can enter any filename, e.g. script.php?download=/etc/passwd or script.php?download=../../../.htaccess and it will send that file. There's a real easy way to make sure a given path is under a certain directory, and it's not doing that.
Was This Post Helpful? 0
  • +
  • -

#5 judgedredd   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 04-November 19

Re: Dir' Listing script slightly updated but still doesn't work co

Posted 05 November 2019 - 07:15 PM

ArtificialSoldier, Thanks for the info about the $hide array. I will look at the code again and see what is going on there.

As to your other point, I hadn't thought of it that way (and it wasn't me that wrote the code).

Thanks for all your input.
Was This Post Helpful? 0
  • +
  • -

#6 judgedredd   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 04-November 19

Re: Dir' Listing script slightly updated but still doesn't work co

Posted 05 November 2019 - 07:26 PM

[quote name='ArtificialSoldier' date='05 November 2019 - 10:42 AM' timestamp='1572975745' post='2408056']

Quote

That sounds like it's because of that $hide array. If the characters "ico" appear in any filename or folder, for example, it won't show that.


Well, it looks as though it was as simple as placing a . in front of ico. The files that were not showing had those combination of letters together in the filename.

Thanks for pointing this out.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1