From d4adc8233e27e9d68758679725bf238ae6081d09 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Wed, 20 Oct 2021 09:49:55 +0800 Subject: [PATCH 01/15] fix: AddDisk with no driver name #449 . --- common.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/common.php b/common.php index 05b8ac1..994e00f 100644 --- a/common.php +++ b/common.php @@ -262,6 +262,10 @@ function main($path) // Add disk if (isset($_GET['AddDisk'])) { + if ($_GET['AddDisk']===true) { + $tmp = path_format($_SERVER['base_path'] . '/' . $path); + return output('Please visit ' . $tmp . '.', 301, [ 'Location' => $tmp ]); + } if ($_SERVER['admin']) { if (!class_exists($_GET['AddDisk'])) require 'disk' . $slash . $_GET['AddDisk'] . '.php'; $drive = new $_GET['AddDisk']($_GET['disktag']); From 239ddea6f3903c6c99c33ee3e32173d772c80f9e Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Wed, 20 Oct 2021 11:33:09 +0800 Subject: [PATCH 02/15] try fix specialchars --- common.php | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/common.php b/common.php index 994e00f..8f21c8f 100644 --- a/common.php +++ b/common.php @@ -2310,7 +2310,8 @@ function render_list($path = '', $files = []) $html = str_replace('', '', $html); $html = str_replace('', '', $html); } - $html = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); + //$html = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); + $html = str_replace('', encode_str_replace(splitlast($path, '/')[1]), $html); $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); $ext = strtolower(substr($path, strrpos($path, '.') + 1)); @@ -2338,17 +2339,22 @@ function render_list($path = '', $files = []) $html = str_replace('', '', $html); } //while (strpos($html, '')) $html = str_replace('', $files['url'], $html); - while (strpos($html, '')) $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); + //while (strpos($html, '')) $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); + while (strpos($html, '')) $html = str_replace('', encode_str_replace(splitlast($path, '/')[1]), $html); //echo $path . "
\n"; - while (strpos($html, '')) $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . str_replace('&', '&', $path))), $html); + //while (strpos($html, '')) $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . str_replace('&', '&', $path))), $html); + while (strpos($html, '')) $html = str_replace('', encode_str_replace(splitlast($path, '/')[1]), $html); while (strpos($html, '')) $html = str_replace('', $files['name'], $html); while (strpos($html, '')) $html = str_replace('', urlencode($files['url']), $html); //while (strpos($html, '')) $html = str_replace('', urlencode($_SERVER['host'] . path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); $html = str_replace('', getconstStr('ClicktoEdit'), $html); $html = str_replace('', getconstStr('CancelEdit'), $html); $html = str_replace('', getconstStr('Save'), $html); - //while (strpos($html, '')) $html = str_replace('', htmlspecialchars(curl('GET', $files['url'], '', [], 0, 1)['body']), $html); - while (strpos($html, '')) $html = str_replace('', htmlspecialchars(get_content(spurlencode(path_format(urldecode($path)), '/'))['content']['body']), $html); + if (strpos($html, '')) { + $tmp_content = get_content(spurlencode(path_format(urldecode($path)), '/'))['content']['body']; + if (strlen($tmp_content)==$files['size']) $html = str_replace('', htmlspecialchars($tmp_content), $html); + else $html = str_replace('', $files['size']<1024*1024?htmlspecialchars(curl('GET', $files['url'], '', [], 0, 1)['body']):"File too large: " . $files['size'] . " B.", $html); + } $html = str_replace('', getconstStr('FileNotSupport'), $html); //$html = str_replace('', getconstStr('File'), $html); @@ -2390,7 +2396,8 @@ function render_list($path = '', $files = []) if ($file['type']=='folder') { if ($_SERVER['admin'] or !isHideFile($file['name'])) { $filenum++; - $FolderListStr = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . str_replace('&', '&', $path) . '/' . $file['name'])), $FolderList); + //$FolderListStr = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . str_replace('&', '&', $path) . '/' . $file['name'])), $FolderList); + $FolderListStr = str_replace('', encode_str_replace($file['name']), $FolderList); $FolderListStr = str_replace('', $file['id'], $FolderListStr); $FolderListStr = str_replace('', str_replace('&','&', $file['showname']?$file['showname']:$file['name']), $FolderListStr); $FolderListStr = str_replace('', time_format($file['time']), $FolderListStr); @@ -2412,7 +2419,8 @@ function render_list($path = '', $files = []) $filenum++; $ext = strtolower(substr($file['name'], strrpos($file['name'], '.') + 1)); $FolderListStr = $FolderList; - while (strpos($FolderListStr, '')) $FolderListStr = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . str_replace('&', '&', $path) . '/' . $file['name'])), $FolderListStr); + //while (strpos($FolderListStr, '')) $FolderListStr = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . str_replace('&', '&', $path) . '/' . $file['name'])), $FolderListStr); + while (strpos($FolderListStr, '')) $FolderListStr = str_replace('', encode_str_replace($file['name']), $FolderListStr); $FolderListStr = str_replace('', $ext, $FolderListStr); if (in_array($ext, $exts['music'])) $FolderListStr = str_replace('', 'audio', $FolderListStr); elseif (in_array($ext, $exts['video'])) $FolderListStr = str_replace('', 'iframe', $FolderListStr); @@ -2599,7 +2607,7 @@ function render_list($path = '', $files = []) if ($folder1!='') { $tmp_url .= $folder1 . '/'; $PathArrayStr1 = str_replace('', encode_str_replace($folder1==$files['name']?'':$tmp_url), $PathArrayStr); - $PathArrayStr1 = str_replace('', $folder1, $PathArrayStr1); + $PathArrayStr1 = str_replace('', str_replace('&', '&', $folder1), $PathArrayStr1); $html .= $PathArrayStr1; } $tmp_path = $tmp1[1]; @@ -2620,7 +2628,7 @@ function render_list($path = '', $files = []) if ($folder1!='') { $tmp_url .= $folder1 . '/'; $PathArrayStr1 = str_replace('', encode_str_replace($folder1==$files['name']?'':$tmp_url), $PathArrayStr); - $PathArrayStr1 = str_replace('', ($folder1==$_SERVER['disktag']?(getConfig('diskname')==''?$_SERVER['disktag']:getConfig('diskname')):$folder1), $PathArrayStr1); + $PathArrayStr1 = str_replace('', str_replace('&', '&', $folder1==$_SERVER['disktag']?(getConfig('diskname')==''?$_SERVER['disktag']:getConfig('diskname')):$folder1), $PathArrayStr1); $html .= $PathArrayStr1; } $tmp_path = $tmp1[1]; From a3108ad6e96c95c9a4c89ef859a6aefdce4d7040 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Wed, 20 Oct 2021 11:34:14 +0800 Subject: [PATCH 03/15] fix show special chars in url textarea --- theme/classic.html | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/theme/classic.html b/theme/classic.html index dc64c56..c3919a1 100644 --- a/theme/classic.html +++ b/theme/classic.html @@ -529,7 +529,10 @@ var $url = document.getElementById('url'); if ($url) { - $url.innerHTML = location.protocol + '//' + location.host + $url.innerHTML; + //$url.innerHTML = location.protocol + '//' + location.host + $url.innerHTML; + let url = location.href; + url = url.substr(0, url.length-8); + $url.innerHTML = url.replace(/&/g, '&amp;'); $url.style.height = $url.scrollHeight + 'px'; } From b737194bea94670672cf0eec3925163eb50dbdba Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Wed, 20 Oct 2021 17:01:09 +0800 Subject: [PATCH 04/15] try fix readme in specialchars folder --- common.php | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/common.php b/common.php index 8f21c8f..05f04b4 100644 --- a/common.php +++ b/common.php @@ -1938,24 +1938,24 @@ function render_list($path = '', $files = []) } //$path = str_replace('%20','%2520',$path); //$path = str_replace('+','%2B',$path); - $path = path_format(urldecode($path)); + $path1 = path_format(urldecode($path)); //$path = str_replace('&','&', $path) ; //$path = str_replace('%20',' ',$path); //$path = str_replace('#','%23',$path); $p_path=''; - if ($path !== '/') { + if ($path1 !== '/') { if ($files['type']=='file') { $pretitle = str_replace('&','&', $files['name']); $n_path = $pretitle; - $tmp = splitlast(splitlast($path,'/')[0],'/'); + $tmp = splitlast(splitlast($path1,'/')[0],'/'); if ($tmp[1]=='') { $p_path = $tmp[0]; } else { $p_path = $tmp[1]; } } else { - if (substr($path, 0, 1)=='/') $pretitle = substr($path, 1); - if (substr($path, -1)=='/') $pretitle = substr($pretitle, 0, -1); + if (substr($path1, 0, 1)=='/') $pretitle = substr($path1, 1); + if (substr($path1, -1)=='/') $pretitle = substr($pretitle, 0, -1); $tmp=splitlast($pretitle,'/'); if ($tmp[1]=='') { $n_path = $tmp[0]; @@ -2311,8 +2311,8 @@ function render_list($path = '', $files = []) $html = str_replace('', '', $html); } //$html = str_replace('', encode_str_replace(path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); - $html = str_replace('', encode_str_replace(splitlast($path, '/')[1]), $html); - $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); + $html = str_replace('', encode_str_replace(splitlast($path1, '/')[1]), $html); + $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . $path1)), $html); $ext = strtolower(substr($path, strrpos($path, '.') + 1)); if (in_array($ext, $exts['img'])) $ext = 'img'; @@ -2340,10 +2340,10 @@ function render_list($path = '', $files = []) } //while (strpos($html, '')) $html = str_replace('', $files['url'], $html); //while (strpos($html, '')) $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); - while (strpos($html, '')) $html = str_replace('', encode_str_replace(splitlast($path, '/')[1]), $html); + while (strpos($html, '')) $html = str_replace('', encode_str_replace(splitlast($path1, '/')[1]), $html); //echo $path . "
\n"; //while (strpos($html, '')) $html = str_replace('', (path_format($_SERVER['base_disk_path'] . '/' . str_replace('&', '&', $path))), $html); - while (strpos($html, '')) $html = str_replace('', encode_str_replace(splitlast($path, '/')[1]), $html); + while (strpos($html, '')) $html = str_replace('', encode_str_replace(splitlast($path1, '/')[1]), $html); while (strpos($html, '')) $html = str_replace('', $files['name'], $html); while (strpos($html, '')) $html = str_replace('', urlencode($files['url']), $html); //while (strpos($html, '')) $html = str_replace('', urlencode($_SERVER['host'] . path_format($_SERVER['base_disk_path'] . '/' . $path)), $html); @@ -2351,7 +2351,8 @@ function render_list($path = '', $files = []) $html = str_replace('', getconstStr('CancelEdit'), $html); $html = str_replace('', getconstStr('Save'), $html); if (strpos($html, '')) { - $tmp_content = get_content(spurlencode(path_format(urldecode($path)), '/'))['content']['body']; + //$tmp_content = get_content(spurlencode(path_format(urldecode($path)), '/'))['content']['body']; + $tmp_content = $files['content']['body']; if (strlen($tmp_content)==$files['size']) $html = str_replace('', htmlspecialchars($tmp_content), $html); else $html = str_replace('', $files['size']<1024*1024?htmlspecialchars(curl('GET', $files['url'], '', [], 0, 1)['body']):"File too large: " . $files['size'] . " B.", $html); } @@ -2543,7 +2544,7 @@ function render_list($path = '', $files = []) while (strpos($html, '')) $html = str_replace('', (substr($_SERVER['base_disk_path'],-1)=='/'?substr($_SERVER['base_disk_path'],0,-1):$_SERVER['base_disk_path']), $html); while (strpos($html, '')) $html = str_replace('', $_SERVER['base_path'], $html); - while (strpos($html, '')) $html = str_replace('', str_replace('%23', '#', str_replace('&','&', path_format($path.'/'))), $html); + while (strpos($html, '')) $html = str_replace('', str_replace('%23', '#', str_replace('&','&', path_format($path1.'/'))), $html); while (strpos($html, '')) $html = str_replace('', getconstStr('Home'), $html); $html = str_replace('', getConfig('customCss'), $html); @@ -2721,7 +2722,7 @@ function render_list($path = '', $files = []) $html = $tmp[0]; $tmp = splitfirst($tmp[1], ''); if (isset($files['list']['head.omf'])) { - $headomf = str_replace('', get_content(spurlencode(path_format($path . '/' . $files['list']['head.omf']['name']), '/'))['content']['body'], $tmp[0]); + $headomf = str_replace('', get_content(path_format($path . '/' . $files['list']['head.omf']['name']))['content']['body'], $tmp[0]); } $html .= $headomf . $tmp[1]; @@ -2729,7 +2730,7 @@ function render_list($path = '', $files = []) $html = $tmp[0]; $tmp = splitfirst($tmp[1], ''); if (isset($files['list']['head.md'])) { - $headmd = str_replace('', get_content(spurlencode(path_format($path . '/' . $files['list']['head.md']['name']), '/'))['content']['body'], $tmp[0]); + $headmd = str_replace('', get_content(path_format($path . '/' . $files['list']['head.md']['name']))['content']['body'], $tmp[0]); $html .= $headmd . $tmp[1]; while (strpos($html, '')) { $html = str_replace('', '', $html); @@ -2762,7 +2763,8 @@ function render_list($path = '', $files = []) $html = $tmp[0]; $tmp = splitfirst($tmp[1], ''); if (isset($files['list']['readme.md'])) { - $Readmemd = str_replace('', get_content(spurlencode(path_format($path . '/' . $files['list']['readme.md']['name']),'/'))['content']['body'], $tmp[0]); + //$Readmemd = str_replace('', get_content(spurlencode(path_format($path1 . '/' . $files['list']['readme.md']['name']),'/'))['content']['body'], $tmp[0]); + $Readmemd = str_replace('', get_content(path_format($path . '/' . $files['list']['readme.md']['name']))['content']['body'], $tmp[0]); $html .= $Readmemd . $tmp[1]; while (strpos($html, '')) { $html = str_replace('', '', $html); @@ -2784,7 +2786,7 @@ function render_list($path = '', $files = []) $html = $tmp[0]; $tmp = splitfirst($tmp[1], ''); if (isset($files['list']['foot.omf'])) { - $Footomf = str_replace('', get_content(spurlencode(path_format($path . '/' . $files['list']['foot.omf']['name']),'/'))['content']['body'], $tmp[0]); + $Footomf = str_replace('', get_content(path_format($path . '/' . $files['list']['foot.omf']['name']))['content']['body'], $tmp[0]); } $html .= $Footomf . $tmp[1]; From 9623e03c3f3b7f10215e590070a9fb9be9881920 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Wed, 20 Oct 2021 17:11:09 +0800 Subject: [PATCH 05/15] try fix index.html in specialchars folder --- common.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/common.php b/common.php index 05f04b4..704f58b 100644 --- a/common.php +++ b/common.php @@ -1932,8 +1932,7 @@ function render_list($path = '', $files = []) global $slash; if (isset($files['list']['index.html']) && !$_SERVER['admin']) { - //$htmlcontent = fetch_files(spurlencode(path_format(urldecode($path) . '/index.html'), '/'))['content']; - $htmlcontent = get_content(spurlencode(path_format(urldecode($path) . '/index.html'), '/'))['content']; + $htmlcontent = get_content(path_format($path . '/index.html'))['content']; return output($htmlcontent['body'], $htmlcontent['stat']); } //$path = str_replace('%20','%2520',$path); From 07664407c687984cdb3a2334c24983502ec942b7 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Thu, 21 Oct 2021 11:39:09 +0800 Subject: [PATCH 06/15] encrypt via fileID, try fix get pass from specialchars folder --- common.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/common.php b/common.php index 704f58b..6f492a4 100644 --- a/common.php +++ b/common.php @@ -826,7 +826,7 @@ function gethiddenpass($path,$passfile) $path1 = path_format($_SERVER['list_path'] . path_format($path)); if ($path1!='/'&&substr($path1,-1)=='/') $path1=substr($path1,0,-1); $password=getcache('path_' . $path1 . '/?password', $_SERVER['disktag']); - if ($password=='') { + if ($password===false) { $ispassfile = get_content(path_format($path . '/' . urlencode($passfile))); //echo $path . '
' . json_encode($ispassfile, JSON_PRETTY_PRINT) . '
'; if ($ispassfile['type']=='file') { @@ -981,11 +981,11 @@ function output($body, $statusCode = 200, $headers = ['Content-Type' => 'text/ht function passhidden($path) { if ($_SERVER['admin']) return 0; - $path = str_replace('+','%2B',$path); - $path = str_replace('&','&', path_format(urldecode($path))); + //$path = str_replace('+','%2B',$path); + //$path = str_replace('&','&', path_format(urldecode($path))); if (getConfig('passfile') != '') { - $path = spurlencode($path,'/'); - if (substr($path,-1)=='/') $path=substr($path,0,-1); + //$path = spurlencode($path,'/'); + //if (substr($path,-1)=='/') $path=substr($path,0,-1); $hiddenpass=gethiddenpass($path, getConfig('passfile')); if ($hiddenpass != '') { return comppass($hiddenpass); @@ -1075,7 +1075,7 @@ function adminform($name = '', $pass = '', $storage = '', $path = '') function adminoperate($path) { global $drive; - $path1 = path_format($_SERVER['list_path'] . path_format($path)); + $path1 = path_format($_SERVER['list_path'] . '/' . $path); if (substr($path1, -1)=='/') $path1=substr($path1, 0, -1); $tmpget = $_GET; $tmppost = $_POST; @@ -1119,7 +1119,7 @@ function adminoperate($path) if (${$VAR}['encrypt_folder']=='/') ${$VAR}['encrypt_folder']==''; $folder['path'] = path_format($path1 . '/' . spurlencode(${$VAR}['encrypt_folder'], '/')); $folder['name'] = ${$VAR}['encrypt_folder']; - $folder['id'] = ${$VAR}['id']; + $folder['id'] = ${$VAR}['encrypt_fileid']; return $drive->Encrypt($folder, getConfig('passfile'), ${$VAR}['encrypt_newpass']); } if (isset($tmpget['move_folder']) || isset($tmppost['move_folder'])) { From d02c9beb53713bc833e8ac2899f9c8d2b798a767 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Thu, 21 Oct 2021 11:40:55 +0800 Subject: [PATCH 07/15] encrypt via fileID --- disk/Onedrive.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/disk/Onedrive.php b/disk/Onedrive.php index 8dd2129..cdf1b23 100644 --- a/disk/Onedrive.php +++ b/disk/Onedrive.php @@ -131,7 +131,7 @@ class Onedrive { } else { $files['error']['stat'] = 503; $files['error']['code'] = 'unknownError'; - $files['error']['message'] = 'unknownError'; + $files['error']['message'] = 'unknownError ' . $arr['body'] . " ~"; } //$files = json_decode( '{"unknownError":{ "stat":'.$arr['stat'].',"message":"'.$arr['body'].'"}}', true); //error_log1(json_encode($files, JSON_PRETTY_PRINT)); @@ -180,6 +180,7 @@ class Onedrive { return $files; } //error_log1(json_encode($tmp)); + //echo '
' . json_encode($tmp, JSON_PRETTY_PRINT) . '
'; return $tmp; } @@ -357,7 +358,7 @@ class Onedrive { //return output($result['body'], $result['stat']); } public function Encrypt($folder, $passfilename, $pass) { - $filename = path_format($folder['path'] . '/' . urlencode($passfilename)); + $filename = '/items/' . $folder['id'] . ':/' . urlencode($passfilename); if ($pass==='') { $result = $this->MSAPI('DELETE', $filename); } else { From 13e72665ac0e4fd2d2281568ec7197186e331abe Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Thu, 21 Oct 2021 12:49:24 +0800 Subject: [PATCH 08/15] fix & in title --- common.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/common.php b/common.php index 6f492a4..1f1eaee 100644 --- a/common.php +++ b/common.php @@ -1955,7 +1955,8 @@ function render_list($path = '', $files = []) } else { if (substr($path1, 0, 1)=='/') $pretitle = substr($path1, 1); if (substr($path1, -1)=='/') $pretitle = substr($pretitle, 0, -1); - $tmp=splitlast($pretitle,'/'); + $pretitle = str_replace('&','&', $pretitle); + $tmp = splitlast($pretitle, '/'); if ($tmp[1]=='') { $n_path = $tmp[0]; } else { From 89e4fa6f42b3052847de34ccf0cb9566110748d5 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Thu, 21 Oct 2021 16:20:01 +0800 Subject: [PATCH 09/15] try fix login in specialChar folder will jump to error --- common.php | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/common.php b/common.php index 1f1eaee..76b4995 100644 --- a/common.php +++ b/common.php @@ -174,11 +174,11 @@ function main($path) $adminloginpage = getConfig('adminloginpage'); } if (isset($_GET[$adminloginpage])) { - if (isset($_GET['preview'])) { + /*if (isset($_GET['preview'])) { $url = $_SERVER['PHP_SELF'] . '?preview'; } else { $url = path_format($_SERVER['PHP_SELF'] . '/'); - } + }*/ if (isset($_POST['password1'])) { $compareresult = compareadminsha1($_POST['password1'], $_POST['timestamp'], getConfig('admin')); if ($compareresult=='') { @@ -186,7 +186,7 @@ function main($path) $randnum = rand(10, 99999); $admincookie = adminpass2cookie('admin', getConfig('admin'), $timestamp, $randnum); $adminlocalstorage = adminpass2storage('admin', getConfig('admin'), $timestamp, $randnum); - return adminform('admin', $admincookie, $adminlocalstorage, $url); + return adminform('admin', $admincookie, $adminlocalstorage); } else return adminform($compareresult); } else return adminform(); } @@ -1021,14 +1021,27 @@ function time_format($ISO) function adminform($name = '', $pass = '', $storage = '', $path = '') { - $html = '' . getconstStr('AdminLogin') . ''; + $html = ' + + ' . getconstStr('AdminLogin') . ' + + + '; if ($name=='admin'&&$pass!='') { - $html .= ' - ' . getconstStr('LoginSuccess') . ' + $html .= ' + + + ' . getconstStr('LoginSuccess') . ' - '; + +'; $statusCode = 201; date_default_timezone_set('UTC'); $_SERVER['Set-Cookie'] = $name . '=' . $pass . '; path=' . $_SERVER['base_path'] . '; expires=' . date(DATE_COOKIE, strtotime('+7day')); From d8a1832c0123ec8e499ca405026bb621a2b29e61 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Thu, 21 Oct 2021 16:43:52 +0800 Subject: [PATCH 10/15] fix a bug #448 . --- common.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/common.php b/common.php index 76b4995..b8f7c6c 100644 --- a/common.php +++ b/common.php @@ -1485,7 +1485,7 @@ output:
'; - } elseif (isset($_GET['disktag'])&&in_array($_GET['disktag'], $disktags)) { + } elseif (isset($_GET['disktag'])&&$_GET['disktag']!==true&&in_array($_GET['disktag'], $disktags)) { $disktag = $_GET['disktag']; $disk_tmp = null; $diskok = driveisfine($disktag, $disk_tmp); @@ -1907,7 +1907,7 @@ output: '; - if ($_GET['disktag']=='') { + if ($_GET['disktag']==''||!in_array($_GET['disktag'], $disktags)) { if ($_GET['setup']==='platform') $html .= ' '; @@ -1919,7 +1919,7 @@ output: '; foreach ($disktags as $disktag) { if ($disktag!='') { - if ($_GET['disktag']==$disktag) $html .= ' + if ($_GET['disktag']===$disktag) $html .= ' '; else $html .= ' '; From 330ec7680da70cf4c489654184bfcfdc776fc1fc Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Thu, 21 Oct 2021 17:08:12 +0800 Subject: [PATCH 11/15] fix fix a bug --- common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.php b/common.php index b8f7c6c..a28c450 100644 --- a/common.php +++ b/common.php @@ -1907,7 +1907,7 @@ output:
' . getconstStr('Home') . ' ' . getconstStr('PlatformConfig') . '' . getconstStr('PlatformConfig') . '' . $disktag . '' . $disktag . '
'; - if ($_GET['disktag']==''||!in_array($_GET['disktag'], $disktags)) { + if ($_GET['disktag']==''||$_GET['disktag']===true||!in_array($_GET['disktag'], $disktags)) { if ($_GET['setup']==='platform') $html .= ' '; From 621aadecdfba34bf14cf627087497a332773eef6 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Fri, 22 Oct 2021 13:36:26 +0800 Subject: [PATCH 12/15] fix export&import with no localstorage --- common.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/common.php b/common.php index a28c450..2abb476 100644 --- a/common.php +++ b/common.php @@ -1790,7 +1790,6 @@ output:
' . getconstStr('Home') . ' ' . getconstStr('PlatformConfig') . '

- @@ -1833,7 +1832,7 @@ output: xhr.onerror = function(e){ alert("Network Error "+xhr.status); } - xhr.send("pass=" + sha1(config_f.pass.value + "" + timestamp) + "&config_b=" + b.value + "×tamp=" + timestamp); + xhr.send("pass=" + sha1(config_f.pass.value + "" + timestamp) + "&config_b=" + b.value + "×tamp=" + timestamp + "&_admin=" + localStorage.getItem("admin")); } function importConfig(b) { if (config_f.pass.value=="") { @@ -1873,7 +1872,7 @@ output: xhr.onerror = function(e){ alert("Network Error "+xhr.status); } - xhr.send("pass=" + sha1(config_f.pass.value + "" + timestamp) + "&config_t=" + encodeURIComponent(config_f.config_t.value) + "&config_b=" + b.value + "×tamp=" + timestamp); + xhr.send("pass=" + sha1(config_f.pass.value + "" + timestamp) + "&config_t=" + encodeURIComponent(config_f.config_t.value) + "&config_b=" + b.value + "×tamp=" + timestamp + "&_admin=" + localStorage.getItem("admin")); } function changePassword(f) { if (f.oldPass.value==""||f.newPass1.value==""||f.newPass2.value=="") { From 22fb9dd669850c253aae092d24c2f2ee613df8a6 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Mon, 25 Oct 2021 10:57:24 +0800 Subject: [PATCH 13/15] try fix + in FG --- platform/HuaweiFG_env.php | 1 + 1 file changed, 1 insertion(+) diff --git a/platform/HuaweiFG_env.php b/platform/HuaweiFG_env.php index 45387c4..d65ae59 100644 --- a/platform/HuaweiFG_env.php +++ b/platform/HuaweiFG_env.php @@ -49,6 +49,7 @@ function GetPathSetting($event, $context) $host_name = $event['headers']['host']; $_SERVER['HTTP_HOST'] = $host_name; $path = path_format($event['pathParameters'][''].'/'); + $path = str_replace('+', '%2B', $path); $_SERVER['base_path'] = path_format($event['path'].'/'); if ( $_SERVER['base_path'] == $path ) { $_SERVER['base_path'] = '/'; From 0683524cd30e93fed9049b5bac17ee371668a053 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Mon, 25 Oct 2021 10:58:10 +0800 Subject: [PATCH 14/15] try fix + in FG --- platform/HuaweiFG_file.php | 1 + 1 file changed, 1 insertion(+) diff --git a/platform/HuaweiFG_file.php b/platform/HuaweiFG_file.php index 8304222..38422fa 100644 --- a/platform/HuaweiFG_file.php +++ b/platform/HuaweiFG_file.php @@ -49,6 +49,7 @@ function GetPathSetting($event, $context) $host_name = $event['headers']['host']; $_SERVER['HTTP_HOST'] = $host_name; $path = path_format($event['pathParameters'][''].'/'); + $path = str_replace('+', '%2B', $path); $_SERVER['base_path'] = path_format($event['path'].'/'); if ( $_SERVER['base_path'] == $path ) { $_SERVER['base_path'] = '/'; From 0d2f38af370461e1e0d789e6d2929fdc3eac5256 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Thu, 28 Oct 2021 10:56:24 +0800 Subject: [PATCH 15/15] Create CFWorkers_rand.js --- CFWorkers_rand.js | 113 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 CFWorkers_rand.js diff --git a/CFWorkers_rand.js b/CFWorkers_rand.js new file mode 100644 index 0000000..04704d9 --- /dev/null +++ b/CFWorkers_rand.js @@ -0,0 +1,113 @@ + +// Hosts Array +// 服务器数组 +const H = [ + 'https://herooneindex.herokuapp.com/', + 'https://onemanager.glitch.me/', + 'https://onemanager-php.vercel.app/' +] + +// View Type +// 1 , only first host, +// 只第一条Host记录有用 +// 2 , view top 2 host as odd/even days, +// 只有前两条记录有效,分别单双日运行 +// 3 , view random host +// 所有记录随机访问 +const T = 1 + +// CF proxy all, true/false +// 一切给CF代理,true或false +const CFproxy = true + +// Used in cloudflare workers +// // // // // // + +addEventListener('fetch', event => { + let url=new URL(event.request.url); + if (url.protocol == 'http:') { + // force HTTPS + url.protocol = 'https:' + event.respondWith( Response.redirect(url.href) ) + } else { + let host = null; + if (T===1) { + host = H[0]; + } + if (T===2) { + host = H[new Date().getDate()%2]; + } + if (T===3) { + let n = H.length; + host = H[Math.round(Math.random()*n*10)%n]; + } + //console.log(host) + if (host.substr(0, 7)!='http://'&&host.substr(0, 8)!='https://') host = 'http://' + host; + + let response = fetchAndApply(host, event.request); + + event.respondWith( response ); + } +}) + +async function fetchAndApply(host, request) { + let f_url = new URL(request.url); + let a_url = new URL(host); + let replace_path = a_url.pathname; + if (replace_path.substr(replace_path.length-1)!='/') replace_path += '/'; + let replaced_path = '/'; + let query = f_url.search; + let path = f_url.pathname; + if (host.substr(host.length-1)=='/') path = path.substr(1); + f_url.href = host + path + query; + + let response = null; + if (!CFproxy) { + response = await fetch(f_url, request); + } else { + let method = request.method; + let body = request.body; + let request_headers = request.headers; + let new_request_headers = new Headers(request_headers); + new_request_headers.set('Host', f_url.host); + new_request_headers.set('Referer', request.url); + response = await fetch(f_url.href, { + /*cf: { + cacheEverything: true, + cacheTtl: 1000, + mirage: true, + polish: "on", + minify: { + javascript: true, + css: true, + html: true, + } + },*/ + method: method, + body: body, + headers: new_request_headers + }); + } + + let out_headers = new Headers(response.headers); + if (out_headers.get('Content-Disposition')=='attachment') out_headers.delete('Content-Disposition'); + let out_body = null; + let contentType = out_headers.get('Content-Type'); + if (contentType.includes("application/text")) { + out_body = await response.text(); + while (replace_path!='/'&&out_body.includes(replace_path)) out_body = out_body.replace(replace_path, replaced_path); + } else if (contentType.includes("text/html")) { + //f_url.href + + out_body = await response.text(); + while (replace_path!='/'&&out_body.includes(replace_path)) out_body = out_body.replace(replace_path, replaced_path); + } else { + out_body = await response.body; + } + + let out_response = new Response(out_body, { + status: response.status, + headers: out_headers + }) + + return out_response; +}
' . getconstStr('AdminPassword') . ':