soerennb / extplorer Goto Github PK

eXtplorer is a PHP-based File Manager

License: Other

PHP 83.41% Shell 0.02% HTML 0.28% CSS 10.23% JavaScript 6.03% Batchfile 0.02%

extplorer's Introduction

----------------------------------------------------------------------------------------------------
eXtplorer 2 - README
----------------------------------------------------------------------------------------------------

Requirements:
-------------------
* PHP > 5.3

Supported Browsers:
-------------------
* Internet Explorer >= 8.0
* Firefox >= 2
* Safari >= 4
* Google Chrome/Iron >= 3
* Konqueror (KDE > 4.0)
* Opera 10.5+

Opera and Konqueror don't allow custom Context Menus. Use Double Click on a record in the grid instead.

Installation as Standalone Script
-------------------
1. Unpack the Archive (where this README.txt is contained) to a local directory
2. Login to your server via FTP and create a subdirectory for eXtplorer
3. Upload all eXtplorer files from your computer into the subdirectory on the server
4. Browse to the URL http://<YOURSERVER>/<SUBDIRECTORY> and login. Remember to immediately change the admin password.
5. If you can't change your admin password, this is most likely because the user file is not writable. With your FTP program browse to
the eXtplorer directory /config and make the file ".htusers.php" writable (CHMOD 666).

Done.

Installation into Joomla!/Mambo:
-------------------
1. Login to Joomla!'s Administration Backend /administrator
2. Go to "Components", "Install/Uninstall".
3. Browse to the file "com_eXtplorer_xx.tar.gz" on your computer and click on "Upload File & Install".

Done.
You can now access eXtplorer through "Components" => "eXtplorer"

License:
--------------------
The software is dual-licensed and subject to the
- Mozilla Public License Version 1.1 (the "License")
or
- to the terms of the GNU General Public License Version 2 or later (the "GPL");

You may not use this software except in compliance with one of these Licenses.

You may obtain a copy of the Mozilla Public License at http://www.mozilla.org/MPL/.
You may obtain a copy of the GNU General Public License at http://www.gnu.org/copyleft/gpl.html.

Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
License for the specific language governing rights and limitations under the License.

Alternatively, the software may be used under the terms of the GNU General Public License Version 2 or later (the "GPL"), in
which case the provisions of the GPL are applicable instead of those above. If you wish to allow use of your version of this software only
under the terms of the GPL and not to allow others to use your version of this file under the MPL, indicate your decision by
deleting the provisions above and replace them with the notice and other provisions required by the GPL. If you do not delete
the provisions above, a recipient may use your version of this software under either the MPL or the GPL.

Credits:
--------------------
eXtplorer is based on QuiXplorer 2.3.1 (available at http://quixplorer.sourceforge.net/).

eXtplorer makes use of the fabulous ExtJS Javascript Library by Jack Slocum, Ext JS, LCC (http://extjs.com/), and that does indeed explain
the name eXtplorer.
Please note that ExtJS is released under the terms of the GNU General Public license version 3 (GPL v3). Because the MPL and
the GPL are not compliant to each other, you are not allowed to use the ExtJS library in eXtplorer if you decide to use and/or distribute eXtplorer
under the terms of the MPL.

----------------------------------------------------------------------------------------------------
Facts, you should know of:
* If you're running in trouble, because you don't have permissions to chmod() or
write to files: That's a fact! Switch to FTP mode (or file mode if you're in ftp mode)
* eXtplorer is a multi-language Script.
The Language is automatically picked from the browser (or from the global language in Joomla!/Mambo)

* eXtplorer comes with an User Management feature. As Joomla!/Mambo have their own framework, User Management isn't
available in non-standalone mode.
* All users must login to access eXtplorer. You can allow visitors to view files by creating a "guest" account with "View" permissions.

* In Joomla!/Mambo the access to this script is restricted to Super Administrators by default. If you want to change this,
edit the file header of "admin.extplorer.php" and change the following:
****
if (!$acl->acl_check( 'administration', 'config', 'users', $my->usertype )) {
mosRedirect( 'index2.php', _NOT_AUTH );
}
****
to something different.
----------------------------------------------------------------------------------------------------

Troubleshooting:
* Some browsers (e.g. Konqueror) may want to save a download as index.php.
To solve this, just supply the correct name when saving.
* Internet Explorer may behave strangely when downloading files.
If you open the php-file download, the real download window should open.
* Mozilla may add the extension 'php' to a file being downloaded.
Save as 'any file (*.*)' and remove the 'php' extension to get the proper name.
(NOTE: for php-files, this extension is correct)
* If you are unable to perform certain operations,
try using an FTP-chmod to set the directories to 755 and the files to 644.
* If you don't know the full name of a directory on your website,
you can use a php-script containing '<?php echo getcwd(); ?>' to get it.
* The Search Function uses PCRE regex syntax to search; though wildcards like * and ?
should work (like with 'ls' on Linux), it may show unexpected behaviour.
* User-management may logout unexpectedly or show other strange behaviour.
This is due to a bug in PHP 4.1.2; we would advise you to upgrade to a higher version.
----------------------------------------------------------------------------------------------------
Users:
* You can easily magage users using the "admin" section of eXtplorer.
* Standard, there is only one user: "admin", with password "admin";
you should change this password immediately.
----------------------------------------------------------------------------------------------------
Languages:
* Users can select one of all available languages on login.
----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------
Developer: Soeren Eberhardt-Biermann <info[aat]extplorer.net>
original author: the QuiX project
----------------------------------------------------------------------------------------------------

extplorer's People

Contributors

Stargazers

Watchers

extplorer's Issues

release 2.1.14

Hi,

is there a release of 2.1.14? I see commits preparing the release but the actual release is missing. As 2.1.14 fixes vulnerabilities a soon-to-be release would be nice.

Regards
e-dschungel

Deprecated methods

In Joomla 3.x, I am continually am getting the error_log in the administrator folder filling up from using Extplorer. This started occurring with PHP7 using Explorer 2.1.9. I've seen that others have posted this in your forum (https://extplorer.net/boards/1/topics/159).
These 3 lines keep appearing:
25-May-2017 15:44:26 UTC] PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; ext_Json has a deprecated constructor in /.../administrator/components/com_extplorer/libraries/JSON.php on line 117
[25-May-2017 15:44:26 UTC] PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Services_JSON_Error has a deprecated constructor in /.../administrator/components/com_extplorer/libraries/JSON.php on line 840
[25-May-2017 15:44:26 UTC] PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Services_JSON_Error has a deprecated constructor in /.../administrator/components/com_extplorer/libraries/JSON.php on line 854

Line 117: class ext_Json
Line 840: class Services_JSON_Error extends PEAR_Error
Line 854: class Services_JSON_Error

Where to post?

Hi Soeren,
found multiple contact options while researching. Wouldn't it be a good idea to reduce these to one?

I see:

All the best
Ralf

can't upload files

hi... i can't upload files with none of the 3 methods, i mainly want to use standar upload and transfer from other server, but none works

i enter the files but finally when i click the "upload" button it does nothing

Shows all from the root

I made an installation not in Joomla, and the explorer shows everything under the root(htdocs/www).
Is there a possibility to change some parameters so that extplorer shows only everything under a subdirctory (Everything within a cms - the extplorer runs in a subdirectory of the cms)

SFTP connection

Is it possible to use SFTP protocol?

please DROP EXTPLORER.NET ISSUE TRACKER and use github

having 2 issue trackers is messy, how do you do to syncronize both?
we have to create an account in extplorer.net to post issues... github already have MILLIONS of users...
that means is way MORE collaborative, it is much more likely and easy (and massive) to send issues and pull requests
that means a faster/better/easier software development
i get a really bad mood in create an account in a specific site just to post 1 message
it seems the account system in extplorer.net has broken, i cant login not recover my passwd, turn it useless
github staff already get rid of hack or spam problems... YOU HAVE SPAM IN EXPLORER.NET

seriously, drop extplorer.net issue tracker, looks messy... everybody knows and prefer github...

you can still keep extplorer.net as a project homepage, redirecting development stuff to github.... is my humble opinion based on my observations

infinite loop saving a file

hi, i like extplorer, is very useful

but sometimes when i save a file it keeps saving forever, an animated wheel gif is shown on the center with a grey translucid modal over the page that blocks it entirely... i have to refresh the page to unstuck it, loosing my session, my open dir, my open tabs, and my recent file changes....

another workaround i found is hide the modal with browser developer tools so y can access the ui again and click the save button again, it works but is very annoying and delayer.... i noticed sometimes the file explorer tab changes itself resetting while in background (i.e. another file editor tab in foreground) (i.e. all dir tree collapsed), maybe is related

sadly i can't reproduce the problem since for me this occurs ramdomly with all the browsers i tried before, i dont know the exact conditions when it happens

can't adjust editor window size

in the editor tabs there are marks in bottom right corner that suggest is a handler that you can drag to adjust textarea size, but editor size seems fixed and handler does nothing...

sometimes adjusting the browser window or with different resolutions, the editor textarea seems too small and wastes space ar bottom, or sometimes gets too large that doesn't fit in viewport, scollbars appear and have to scroll anytime... is very annoying and unproductive

[request] copy file/dir in same subdir

hi....

currently if we want to make a copy to file on the same dir, lets say a quick backup or numbered version copies, we must:

copy the file to another dir
go that directory
locate the copied file and rename it
move the file back to source dir
go back to source dir and continue our work

you see is laborious... maybe another option could be to OPEN THE FILE IN EDITOR and save it with another name... but is not so intuitive (i actually never tried), time and resource wasting, and what happens with non-editable files?, is not so straight forward

in some cmd/shells is easy, you can make an inplace file copy with another name just with copy srcFile fileCopy or more specific with copy dir/srcFile dir/fileCopy... extplorer could present an option to rename the file when detected a copy in same dir

in some GUIs you can just drag the file next and the OS will rename automatically to "copy of {file}" or "{file}_01", then you can rename as you like.... extplorer could also (even better, just like other GUIs) detect duplicated and rename destination files automatically :)

Zip and Tar - standalone-version 2.15

I use V 2.15 in the web (php 8.022) and zip and tar of marked-directories dont function (small incomplete files - error : file xxx.zip does not exist... But tar/gz functions !
My proposal : If extplorer uses system-zip (which may cause the problems) - php has inbuilt zip-functions since php 5.5 - should be easy to update the code.
Also : There is a scripts.tar.gz in the 2.15-zip. What must the user do within the installation (i unzipped .gz and then .tar in a subdirectory /scripts without effect)

FILTER_SANITIZE_STRING is deprecated (and other warnings)

EDIT: this issue could be related to #18

each time i refreshed the view (click a folder icon or file tab, etc) my php log floods with about 100 lines of:

[date time zone] PHP Deprecated:  Constant FILTER_SANITIZE_STRING is deprecated in /my/htdocs/extplorer/libraries/inputfilter.php on line 323

... using:

extplorer 2.1.15
php 8.1.8
nginx 1.22.0
fedora linux 36
linux 5.18.13-200.fc36.x86_64

i tried editing the sources by changing to htmlspecialchars() as recommended by php, but views were displayed empty instead... so as a workaround i added an arroba @ to prevent my logs grow too much and my disks get full so quickly, even i don't feel so comfotable with this because i am afraid something could break in the future

Syntax errors etc.

In style.css are twice font-size:10; instead of font-size:10px;

XSS in Joomla extension for EXTPLORER 2.1.15

Description

Cross site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it. If the app or website lacks proper data sanitization, the malicious link executes the attacker’s chosen code on the user’s system. As a result, the attacker can steal the user’s active session cookie.

Steps to reproduce

Install Joomla 3
Install the extplorer extension from https://extensions.joomla.org/extension/extplorer/
Login into the Joomla Admin Panel
Once done visit the URL http://192.168.1.21/administrator/index.php?option=com_extplorer&dir=&item=hello"><img src=x onerror=alert(document.domain)>test.php&action=view and XSS will execute successfully.

POC

xssexpolter.mp4

The vulnerability was discovered in colloboration with @SivaPothuluru-Sajja

Custom context menus for files in extplorer

Hi,
I would like to work on developing custom context menus for a file based on it's extension. I am finding it difficult to get started with debugging the code. Are there any resources that could help?

function expandTreeToDir( node, dir ) constant 'ext_root' passed instead of '' (empty variable)

On some rare occasions - we don't know why - function chdir passes the constant 'ext_root' for the root directory instead of an empty variable. This constant is then not recognized and chdir does not take place.

A workaround is available by changing line 76 in the file scripts/functions.js.php

original:
if( dirs[0] == '' ) { dirs.shift(); }

modified:
if( dirs[0] == '' || dirs[0] == 'ext_root') { dirs.shift(); }

Hope this helps!

License Question

Hello,

As dual licenses are being utilized for extplorer.

Can you please tell me if I'm able to to use it by modification and commercially?

Thank you

eXtplorer 2.1.14 not compatible with PHP 8

Hi,

eXtplorer 2.1.14 is not compatible with PHP8 (installed as a Joomla component). It raises error "Call to undefined function get_magic_quotes_gpc()" after starting from from Joomla backend components menu.

webdav - Could not authenticate to server: rejected Basic challenge

Am checking out extplorer on a Kubuntu 14.04. Logging in fine as admin:admin. Investigating webdav. DB created as per webdav_table.sql.php, conf.php updated to match. mysql -uextplorer '-ppassword' -estatus gives good output.

From another system, Kubuntu 12.04, 'sudo mount -vt davfs http://server/extplorer/webdav.php /mnt/webdav' is returning 'Could not authenticate to server: rejected Basic challenge'. User / password is prompted for, admin, admin.

To back check, trying 'sudo fusedav -u admin -p admin -D http://server/extplorer/webdav.php /mnt/webdav' shows:

getattr(/extplorer/webdav.php)
CGET: /extplorer/webdav.php
STAT-CACHE-MISS
Authentication failure!
Realm 'Restricted Area: eXtplorer WebDAV' requires authentication.
Username: getattr(/extplorer/webdav.php)
CGET: /extplorer/webdav.php
STAT-CACHE-MISS

Should extplorer over webdav 'just work' out of the box, assuming the changes above / per the readme / conf.php, or are there additional bits to set, such as an .htaccess file?

e.g. Anything in apache2 config / virtual host settings?

I noticed, for example, an initial generated password included a '\' in it. Took me a while to realize that and remove it from db access / setup tests.

How might I go about figuring out where the authentication failure is coming from? curl? wget?

Thanks for any thoughts.
-- Bill

P.S. Same result when trying on same machine.

acl support

this is a feature request for ACL support at filesystem level.

In most of my setups the typical rwx permissions aren't enough to cover all users needs and I'm looking for a frontend with ACL management.

specific download problem

I am trying to make an extplorer version for typesetter cms which uses no database
A small problem is that a remote download
https://www.typesettercms.com/Plugins/17_Simple_Blog?cmd=download
does not function (but this functions in all browsers). So i look for a patch so that this functions.