I got told my code has a lot of security issue with using get how can I improve on it any suggestions and examples would be help full thanks
The file manager works like when user logs in to admin area they can create directory, upload images, delete images and folders etc.
It is all loaded done via ajax etc.
I have attached the file manager view which has the main ajax stuff on
![[Image: 3Y5PYgQSVnZ9.png]]()
The script below runs the modal
![.php]( "PHP File")
Example.php (Size: 9.45 KB / Downloads: 5)
![.php]( "PHP File")
filemanager_view.php (Size: 8.59 KB / Downloads: 6)
The file manager works like when user logs in to admin area they can create directory, upload images, delete images and folders etc.
It is all loaded done via ajax etc.
I have attached the file manager view which has the main ajax stuff on
![[Image: 3Y5PYgQSVnZ9.png]](http://ibin.co/3Y5PYgQSVnZ9.png)
PHP Code:
<?php
class Example extends MX_Controller {
public function __construct()
{
parent::__construct();
$this->load->library('pagination');
$this->load->library('image_lib');
$this->load->helper('html');
$this->load->helper('string');
define('DIR_IMAGE', FCPATH . 'image/');
}
public function index()
{
// Todo set folder limit for user.
$data['breadcrumbs'] = array();
$data['breadcrumbs'][] = array(
'text' => 'Catalog',
'href' => base_url('admin/common/filemanager/')
);
$directory_names = explode('/', $this->input->get('directory', TRUE));
$directory_done = '';
foreach ($directory_names as $directory_name) {
$directory_done .= ($directory_done <> ''? '/':'').$directory_name;
$data['breadcrumbs'][] = array(
'text' => ucfirst($directory_name),
'href' => base_url('admin/common/filemanager/'). '?directory=' . $directory_done
);
}
if ($this->input->get('filter_name')) {
$filter_name = $this->input->get('filter_name', TRUE);
} else {
$filter_name = null;
}
if ($this->input->get('directory')) {
$directory = FCPATH . 'image/catalog/' . $this->input->get('directory', TRUE);
} else {
$directory = FCPATH . 'image/catalog';
}
$data['images'] = array();
// Get directories
$directories = glob($directory . '/' . $filter_name . '*', GLOB_ONLYDIR);
if (!$directories) {
$directories = array();
}
// Get files
$files = glob($directory . '/' . $filter_name . '*.{jpg,jpeg,png,gif,JPG,JPEG,PNG,GIF}', GLOB_BRACE);
if (!$files) {
$files = array();
}
// Merge directories and files
$images = array_merge($directories, $files);
// Get total number of files and directories
$image_total = count($images);
$per_page = 8;
$segment = $this->input->get('per_page');
$segment += $per_page;
foreach ($images as $key => $image) {
if ($key < $segment && $key >= $segment - $per_page) {
$name = basename(preg_replace("/\.[^.]+$/", "", $image));
if (is_dir($image)) {
$url = '';
if ($this->input->get('target')) {
$url .= '&target=' . $this->input->get('target');
}
if ($this->input->get('thumb')) {
$url .= '&thumb=' . $this->input->get('thumb');
}
$data['images'][] = array(
'thumb' => '',
'name' => $name,
'type' => 'directory',
'path' => substr($image, strlen(FCPATH . 'image/')),
'href' => site_url('admin/common/filemanager/?directory=' . substr($image, strlen(FCPATH . 'image/' . 'catalog/')) . $url)
);
} elseif (is_file($image)) {
$width = 100;
$height = 100;
$old_filename = substr($image, strlen(DIR_IMAGE));
$extension = pathinfo($old_filename, PATHINFO_EXTENSION);
$new_image = substr($old_filename, 0, strrpos($old_filename, '.')) . '-' . $width . 'x' . $height . '.' . $extension;
if (!is_dir(DIR_IMAGE . 'cache/' . $new_image)) {
if ($this->input->get('directory')) {
@mkdir(DIR_IMAGE . 'cache/catalog/' . $this->input->get('directory') .'/', 0777, true);
} else {
@mkdir(DIR_IMAGE . 'cache/catalog/', 0777, true);
}
}
if (!file_exists(DIR_IMAGE . 'cache/' . $new_image)) {
$config = array(
'image_library' => 'gd2',
'source_image' => $image,
'create_thumb' => false,
'maintain_ratio' => false,
'width' => $width,
'height' => $height,
'overwrite' => true,
'new_image' => DIR_IMAGE . 'cache/' . $new_image
);
$this->image_lib->initialize($config);
$this->image_lib->resize();
$this->image_lib->clear();
}
$data['images'][] = array(
'type' => 'image',
'href' => base_url('image/' . substr($image, strlen(DIR_IMAGE))),
'thumb' => img('image/cache/'. $new_image),
'name' => (strlen($name) > 13) ? substr($name,0,10).'...' : $name,
'path' => substr($image, strlen(DIR_IMAGE)),
'cache' => DIR_IMAGE . 'cache/' . $new_image
);
}
}
}
$data['heading_title'] = "Image Manager";
$data['text_no_results'] = "No Results";
$data['text_confirm'] = "Are You Sure";
$data['entry_search'] = "Search..";
$data['entry_folder'] = "New Folder";
$data['button_parent'] = "Parent";
$data['button_refresh'] = "Refresh";
$data['button_upload'] = "Upload";
$data['button_folder'] = "Create Folder";
$data['button_delete'] = "Delete";
$data['button_search'] = "Search";
if ($this->input->get('directory')) {
$data['directory'] = $this->input->get('directory');
} else {
$data['directory'] = '';
}
// Return the filter name
if ($this->input->get('filter_name')) {
$data['filter_name'] = $this->input->get('filter_name');
} else {
$data['filter_name'] = '';
}
// Return the target ID for the file manager to set the value
if ($this->input->get('target')) {
$data['target'] = $this->input->get('target');
} else {
$data['target'] = '';
}
// Return the thumbnail for the file manager to show a thumbnail
if ($this->input->get('thumb')) {
$data['thumb'] = $this->input->get('thumb');
} else {
$data['thumb'] = '';
}
// Parent
$url = '';
if ($this->input->get('directory')) {
$pos = strrpos($this->input->get('directory'), '/');
if ($pos) {
$url .= '?directory=' . substr($this->input->get('directory'), 0, $pos);
}
}
if ($this->input->get('target')) {
$url .= '&target=' . $this->input->get('target');
}
if ($this->input->get('thumb')) {
$url .= '&thumb=' . $this->input->get('thumb');
}
$data['parent'] = site_url('admin/common/filemanager' . $url);
// Refresh
$url = '';
if ($this->input->get('directory')) {
$url .= '?directory=' . $this->input->get('directory');
}
if ($this->input->get('target')) {
$url .= '&target=' . $this->input->get('target');
}
if ($this->input->get('thumb')) {
$url .= '&thumb=' . $this->input->get('thumb');
}
$data['refresh'] = site_url('admin/common/filemanager' . $url);
// Pagination
$url = '';
if ($this->input->get('directory')) {
$url .= '?directory=' . $this->input->get('directory');
}
$config['base_url'] = base_url('admin/common/filemanager');
$config['total_rows'] = $image_total;
$config['per_page'] = $per_page;
$config['page_query_string'] = TRUE;
$config['num_links'] = "16";
$config['full_tag_open'] = '<nav><ul class="pagination">';
$config['full_tag_close'] = '</ul></nav>';
$config['num_tag_open'] = '<li class="page-item"><span class="page-link">';
$config['num_tag_close'] = '</span></li>';
$config['cur_tag_open'] = '<li class="page-item active"><span class="page-link">';
$config['cur_tag_close'] = '<span class="sr-only">(current)</span></span></li>';
$config['next_tag_open'] = '<li class="page-item"><span class="page-link">';
$config['next_tagl_close'] = '<span aria-hidden="true">»</span></span></li>';
$config['prev_tag_open'] = '<li class="page-item"><span class="page-link">';
$config['prev_tagl_close'] = '</span></li>';
$config['first_tag_open'] = '<li class="page-item"><span class="page-link">';
$config['first_tagl_close'] = '</span></li>';
$config['last_tag_open'] = '<li class="page-item"><span class="page-link">';
$config['last_tagl_close'] = '</span></li>';
$this->pagination->initialize($config);
$data['pagination'] = $this->pagination->create_links();
$this->load->view('common/filemanager_view', $data);
}
}
Code:
$(document).ready(function() {
$('[data-toggle=\'tooltip\']').tooltip({container: 'body', html: true});
// Makes tooltips work on ajax generated content
$(document).ajaxStop(function() {
$('[data-toggle=\'tooltip\']').tooltip({container: 'body'});
});
// Image Manager
$(document).delegate('a[data-toggle=\'image\']', 'click', function(e) {
e.preventDefault();
$('.popover').popover('hide', function() {
$('.popover').remove();
});
var element = this;
$(element).popover({
html: true,
placement: 'right',
trigger: 'manual',
content: function() {
return '<button type="button" id="button-image" class="btn btn-primary"><i class="fa fa-pencil"></i></button> <button type="button" id="button-clear" class="btn btn-danger"><i class="fa fa-times"></i></button>';
}
});
$(element).popover('show');
$('#button-image').on('click', function() {
$('#modal-image').remove();
$.ajax({
url: base_url + 'admin/common/filemanager?target=' + $(element).parent().find('input').attr('id') + '&thumb=' + $(element).attr('id'),
dataType: 'html',
beforeSend: function() {
$('#button-image i').replaceWith('<i class="fa fa-circle-o-notch fa-spin"></i>');
$('#button-image').prop('disabled', true);
},
complete: function() {
$('#button-image i').replaceWith('<i class="fa fa-pencil"></i>');
$('#button-image').prop('disabled', false);
},
success: function(html) {
$('body').append('<div id="modal-image" class="modal">' + html + '</div>');
$('#modal-image').modal('show');
}
});
$(element).popover('hide', function() {
$('.popover').remove();
});
});
});
});
Example.php (Size: 9.45 KB / Downloads: 5)
filemanager_view.php (Size: 8.59 KB / Downloads: 6)