Sub Category issue with scandir function

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
denebx3
Forum Newbie
Posts: 6
Joined: Sun Oct 30, 2011 2:31 pm

Sub Category issue with scandir function

Post by denebx3 »

Hi guys,

I have a strange issue with scandir function in PHP. I have downloaded an open source PHP script and modify it a little bit. On the root directory everything is working just fine with my functions and variables. However, on every subcategory most of the variables that I am returning are not function at all. You can find attached two screenshots in order to get a better understanding.

Script attached too.

http://postimg.org/image/gjlrmamg3/

http://postimg.org/image/vrclhzinr/

Thank you in advance for your help!

Code: Select all

<?php
    session_start();
    ini_set('display_errors', 'on');
    error_reporting(E_ERROR | E_PARSE);
    date_default_timezone_set("Europe/Nicosia");
	
    include("config2.php");
    $title = "Software-Applications";
	$ignore_file_list = array( ".htaccess", "_gsdata_" );
	$ignore_ext_list = array("php", "css", "png");
	$sort_by = "name_asc"; // options: name_asc, name_desc, date_asc, date_desc
	$icon_url = "https://dl.dropbox.com/u/6771946/icons/icons.png";
    
?>
<!DOCTYPE HTML>
<head>
	<title><?php echo $title; ?></title>
	<link href="styles2.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
$sub = $_GET['dir']."/"; 
$full_path = "data_dir".$sub;

echo "Full path: ".$full_path."<br>";
echo "Sub dir: ".$sub; ?>

<?php

if (EMPTY($_GET['dir'])) { 
    
    $_SESSION['dir']; 
    $dir = $dir."/".$_SESSION['dir'];
}
else {
    
   
} ?>
<h1><?php echo $title ?></h1> <div class="wrap">
<?php
// GET THE BLOCKS STARTED, FALSE TO INDICATE MAIN FOLDER
$items = scandir($full_path);
    
	foreach($items as $item) {
	   
       if( $item == ".." OR $item == ".") continue;
       // IGNORE FILE
		if(in_array($item, $ignore_file_list)) { continue; }
        $file_ext = pathinfo($item, PATHINFO_EXTENSION);
		// IGNORE EXT
		if(in_array($file_ext, $ignore_ext_list)) { continue; }
        
        if(!$file_ext AND is_dir($item)) { $file_ext = "dir"; }

    //print_r($item);
	if (is_dir($item) == TRUE) {$folder="index2.php?dir=/";} else $folder="";
?>
    <div class="block">
	<a href="<?php echo "$folder$item";?>" class="<?php echo $file_ext;?>">
	<div class="img <?php echo $file_ext;?>">&nbsp;</div>
	<div class="name">
	<div class="file"><?php echo basename($item)?> </div>
	<div class="date">Size:<?php echo format_size($item)."<br/> Last modified: ".date("D. F jS, Y - h:ma", filemtime($item)) ?> </div>
	</div>
	</a>
	</div>
    
<?php 	} ?> 

</div>
</body>
</html>
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Sub Category issue with scandir function

Post by requinix »

$folder, which you use to browse into the subdirectories, does not include path information. Neither does $item. That means no matter what you do you'll only get "/$item".

Modify $folder to include the current directory. For example, include $sub in there.

On a separate note, is this script going to run on the internet for anyone to use? Because it's insecure and would allow anyone to view any directory on your server.
denebx3
Forum Newbie
Posts: 6
Joined: Sun Oct 30, 2011 2:31 pm

Re: Sub Category issue with scandir function

Post by denebx3 »

Hi requinix,

The path information is included in the $file variable. If the path was not included the listing of the items would not be loaded.
See the attached photo to understand.

Also the script is secure with .htaccess Authentication and a login script.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Sub Category issue with scandir function

Post by requinix »

denebx3 wrote:The path information is included in the $file variable.
No such variable.
denebx3 wrote:If the path was not included the listing of the items would not be loaded.
And as your first screenshots showed, it wasn't loading properly. Look at the URL for one of those pages: dir will have the wrong value. And that's determined by $folder and $item, neither of which include directory information.
denebx3 wrote:Also the script is secure with .htaccess Authentication and a login script.
Do you trust the people who have access to not fiddle with the URL to look up other directories? That's all they have to do: change the dir=/ to, for example, "dir=/../../etc", and they'll get to see files and folders in whatever directory on your server they want.
Post Reply