diff --git a/README b/README old mode 100755 new mode 100644 index 329db2e..c8cc7ac --- a/README +++ b/README @@ -1,13 +1,20 @@ --- SOFM --- -SOFM (Simple online file manager) is a file manager written in PHP. +SOFM (Simple online file manager) is a file manager written in PHP. This software is released under the GPLv3. --- Usage --- -*Extract SOFM anywhere and chmod 776 users/ +*Extract SOFM anywhere and chmod 776 users/ *Modify config.php to your standards. *Connect to SOFM from any web browser. --- Changelog --- +11/22/2020 - v1.2.1 +*CSS modifications +*Directory creation bug fixes +*Redirection fixes, navigation bar modifications +*Check for directory backspacing (..) +*Added file mimetypes for upload (extensions included) + 11/4/2020 - v1.1.0 *Other subtle CSS changes, W3S verified *Fixed some mimetypes, and added file extensions to database @@ -21,4 +28,4 @@ This software is released under the GPLv3. *Modified header / footer files from parsing text to parsing via php for usage of the server side functions --- Licensing and copyright: -(C) Copyright 2014 Chris Dorman - Some rights reserved +(C) Copyright 2014-2020 Chris Dorman - Some rights reserved diff --git a/config.php b/config.php index 8b6a83d..f25827d 100755 --- a/config.php +++ b/config.php @@ -1,18 +1,18 @@ diff --git a/ctrl.php b/ctrl.php index c77040c..7048ad4 100755 --- a/ctrl.php +++ b/ctrl.php @@ -22,6 +22,8 @@ if($password!=$user_password) header("Location: index.php"); } +$strlength = "60"; + // Check to see if someone is backtracking in pathfinder if(isset($_GET['p'])) { @@ -44,11 +46,11 @@ if(isset($_GET['f'])) if(isset($_GET['p'])) { $path = $_GET['p']; - header("Location: users/$username/$path/$file"); + header("Location: https://ho.st.us.to/$username/$path/$file"); } else { - header("Location: users/$username/$file"); + header("Location: https://ho.st.us.to/$username/$file"); } } @@ -312,15 +314,25 @@ EOD; $dirname = $_POST['dirname']; $badchars = array("*", "'", "\"", "(", ")", "[", "]", "#", "$", "@", "!", "%", "^", "|", "+", "&", "="); $dirname = stripslashes(htmlentities(str_replace($badchars, '', $dirname))); + + if(stristr($dirname, "..") == true) + { + header("Location: ctrl.php?action=backtracking_error"); + } + if(file_exists("users/$username/$path/$dirname")) { echo "Error: Directory exists."; } else { - mkdir("users/$username/$path/$dirname", 0777); - //file_put_contents("users/$username/$path/$dirname/index.html", ""); - header("Location: ctrl.php?p=$path"); + if(!preg_match("/^[A-Za-z0-9-_]+$/", $dirname)) { + echo "Only characters A-Z, 0-9, '_' and '-' in directory names"; + } else { + mkdir("users/$username/$path/$dirname", 0777); + //file_put_contents("users/$username/$path/$dirname/index.html", ""); + header("Location: ctrl.php?p=$path"); + } } } } @@ -335,9 +347,13 @@ EOD; } else { - mkdir("users/$username/$dirname", 0777); - //file_put_contents("users/$username/$dirname/index.html", ""); - header("Location: ctrl.php"); + if(!preg_match("/^[A-Za-z0-9-_]+$/", $dirname)) { + echo "Characters only A-Z, 0-9, '_' and '-' in directory names"; + } else { + mkdir("users/$username/$dirname", 0777); + //file_put_contents("users/$username/$dirname/index.html", ""); + header("Location: ctrl.php"); + } } } } @@ -361,7 +377,7 @@ EOD; if(is_dir("users/$username/$path")) { if(isset($_GET['rf'])) { - $file = $_GET['rf']; + $file = stripslashes(htmlentities($_GET['rf'])); if(stristr($file, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); @@ -375,7 +391,7 @@ EOD; { file_put_contents("users/$username.usage", $usage); unlink("users/$username/$path/$file"); - header("Location: ctrl.php"); + header("refresh: 0,url=ctrl.php?p=$path"); } else { @@ -387,15 +403,15 @@ EOD; }// Close rf check // }// Close is_dir check // - header("Location: ctrl.php"); + header("refresh: 0,url=ctrl.php?p=$path"); } - header("Location: ctrl.php"); + header("refresh: 0,url=ctrl.php?p=$path"); } else { if(isset($_GET['rf'])) { - $file = $_GET['rf']; + $file = stripslashes(htmlentities($_GET['rf'])); if(stristr($file, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); @@ -424,7 +440,7 @@ EOD; if($action=="removedir") { if(isset($_GET['d'])) { - $dir = $_GET['d']; + $dir = stripslashes(htmlentities($_GET['d']));; if(stristr($dir, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); @@ -464,7 +480,7 @@ else echo "
\n"; if(isset($_GET['p'])) { - $path = $_GET['p']; + $path = stripslashes(htmlentities($_GET['p'])); echo "Home • \n"; echo "Back to / • \n"; echo "Upload • \n"; @@ -494,7 +510,7 @@ else { if(is_dir("users/$username/" . $_GET['p'])) { - $path = $_GET['p']; + $path = stripslashes(htmlentities($_GET['p'])); $userdb = opendir("users/$username/$path"); } else @@ -514,22 +530,34 @@ else { if(is_dir("users/$username/$path/$file") && $file!=".." && $file!=".") { - echo "Folder$fileDelete Directory
\n"; + echo "Folder"; + echo substr($file, 0, $strlength); + if(strlen($file) > $strlength) { echo "..."; } + echo "Delete Directory
\n"; } else if($file!=".." && $file!=".") { - echo "File$fileDelete File
\n"; + echo "File"; + echo substr($file, 0, $strlength); + if(strlen($file) > $strlength) { echo "..."; } + echo "Delete File
\n"; } } else { if(is_dir("users/$username/$file") && $file!=".." && $file!=".") { - echo "Folder$fileDelete Directory
\n"; + echo "Folder"; + echo substr($file, 0, $strlength); + if(strlen($file) > $strlength) { echo "..."; } + echo "Delete Directory
\n"; } else if($file!=".." && $file!=".") { - echo "File$fileDelete File
\n"; + echo "File"; + echo substr($file, 0, $strlength); + if(strlen($file) > $strlength) { echo "..."; } + echo "Delete File
\n"; } } } diff --git a/data/log.txt b/data/log.txt deleted file mode 100755 index 8bf402d..0000000 --- a/data/log.txt +++ /dev/null @@ -1,26 +0,0 @@ -Backtracking: 127.0.0.1Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 127.0.0.1 -Backtracking: 69.255.179.102 -Backtracking: 69.255.179.102 -Backtracking: 69.255.179.102 -Backtracking: 66.172.12.166 -Backtracking: 66.172.12.166 -Backtracking: 66.172.12.166 -Backtracking: 69.255.179.102 -Backtracking: 66.172.12.166 diff --git a/footer.php b/footer.php index fa75e6a..dfb4684 100755 --- a/footer.php +++ b/footer.php @@ -2,12 +2,12 @@ include("config.php"); ?> -
SOFM , 2014-2020 • Terms Of Service
Powered by:
Valid CSS!
+ diff --git a/header.php b/header.php index 7996f58..87cb5fd 100755 --- a/header.php +++ b/header.php @@ -2,11 +2,12 @@ - SOFM <?php echo $version; ?> + FreeHost ~ Free File/Web Hosting + - +
diff --git a/index.php b/index.php index d892944..3c1f72e 100755 --- a/index.php +++ b/index.php @@ -50,14 +50,15 @@ echo "
$title: $desc
\n"; The shared location for each users static storage / web hosting is secured by SSL (https). The downside is, CGI is disabled for users. is more-so here for static hosting, but do remember if you have a small repository, or want to use - for mirroring FOSS (free and open source software); please feel to do so!

+ for mirroring FOSS (free and open source software); please feel to do so!
+ dl.suckless.org mirror (example)

If you're looking for FreeBox, we sincerely apologize for the shut-down of our free - VPS hosting services... Due to DMCA contact over piracy of copywritten data, we've - seized usage to all users. If you were using FreeBox for web hosting, freehost is + VPS hosting services... Due to DMCA contact over piracy of copyrighted data, we've + ceased usage to all users. If you were using FreeBox for web hosting, freehost is always an option.

Remember, we charge absolutely no one, so if you like our services; please consider donating to cover a cup of coffee and maybe that internet bill! -
+

diff --git a/register.php b/register.php index 5559eff..fbab869 100755 --- a/register.php +++ b/register.php @@ -33,7 +33,6 @@ else { echo "
$title: $desc ~ register
\n"; print <<
diff --git a/style.css b/style.css index 96c3599..2083540 100755 --- a/style.css +++ b/style.css @@ -31,8 +31,9 @@ body { .contain { background: #161616; padding: 10px; - min-width: 650px; - max-width: 800px; + min-width: 550px; + max-width: 700px; + width: 70%; margin: auto; border: solid 1px #222222; border-radius: 10px; @@ -45,7 +46,8 @@ body { .footer { font-family: "DM Mono", sans-serif; text-align: center; - padding: 4px; + border-top: solid 1px #222222; + padding-top: 4px; } .indexl { @@ -124,6 +126,5 @@ a:hover { color: #3377ff; } font-size: 16px; color: #dddddd; padding: 4px; - width: 450px; text-align: center; } diff --git a/terms.php b/terms.php index 033394f..e80ea42 100755 --- a/terms.php +++ b/terms.php @@ -37,7 +37,12 @@ include_once("header.php"); + + +
- If these rules are not followed, your account will be removed without warning. + 5: All files uploaded to FreeHost can be viewed by the outside world! By no means is this a secure place for file backups. +
+ By using FreeHost as a service, you agree to these terms of usage. If these rules are not followed, your account will be removed without warning.
diff --git a/upload.php b/upload.php index 70ba317..48a57ae 100755 --- a/upload.php +++ b/upload.php @@ -46,6 +46,7 @@ for($i=0; $i