wwwroot/inc/filez.inc

   1 <?php
   2 class filez {
   3
   4 //XXX function not used, remove?
   5
   6 public static function files($id) {
   7         global $db,$error;
   8         if (!is_dir(FILE_DIR.$_SESSION['user_id'])) {
   9                 mkdir(FILE_DIR.$_SESSION['user_id']);
  10         }
  11         copy($_FILES['data_file']['tmp_name'],FILE_DIR.$_SESSION['user_id'].'/'.$_FILES['data_file']['name']);
  12         return $_SESSION['user_id'].'/'.$_FILES['data_file']['name'];
  13 }
  14
  15 // Function that check if given filename is "secure" (for uploading)
  16 // Dont use for reading files, directory traversal is not checked
  17
  18 public static function filename_secure($name){
  19         $suffix = array_pop(explode('.', basename($name)));
  20
  21         // This is unfornately blacklist
  22         // TODO extend for all possible server configuations
  23         // TODO: why js?
  24         $preg_disallowed = '/([a-z]*)(php|htm|inc|js|vbs|cgi|asp|jsp|htaccess)([a-z]*)$/i';
  25         if (preg_match($preg_disallowed, $suffix) > 0) {
  26                 return false;
  27         }
  28         return true;
  29 }
  30
  31 }
  32
  33 /*
  34 *  Returns disk usage in bytes of directory $d. Limit depth level with $depth.
  35 *  Updates, documentation and examples: http://daniel.lorch.cc/projects/disk_usage/
  36 *
  37 *  Revision: 1.00
  38 */
  39
  40 function disk_usage($d, $depth = NULL) {
  41   if(is_file($d))
  42     return filesize($d);
  43
  44   if(isset($depth) && $depth < 0)
  45     return 0;
  46
  47   if($d[strlen($d)-1] != '\\' || $d[strlen($d)-1] != '/')
  48     $d .= '/';
  49
  50   $dh=@opendir($d);
  51   if(!$dh)
  52     return 0;
  53
  54   while($e = readdir($dh))
  55     if($e != '.' && $e != '..')
  56       $usage += disk_usage($d.$e, isset($depth) ? $depth - 1 : NULL);
  57
  58   closedir($dh);
  59
  60   return $usage;
  61 }
  62
  63
  64 ?>