From d5c6c6b1aaf2505aa65614978965a4cced3079c2 Mon Sep 17 00:00:00 2001 From: "Mr.Lin" Date: Wed, 4 Mar 2020 11:44:00 +0800 Subject: [PATCH] Update common.php --- function/common.php | 45 +++++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/function/common.php b/function/common.php index 60972d8..b6d5b60 100644 --- a/function/common.php +++ b/function/common.php @@ -8,7 +8,9 @@ $Base64Env = [ //'admin', //'adminloginpage', 'background', + 'diskname', //'disktag', + //'downloadencrypt', //'function_name', // used in heroku. //'language', //'passfile', @@ -19,7 +21,6 @@ $Base64Env = [ 'client_secret', 'domain_path', 'guestup_path', - 'diskname', 'public_path', //'refresh_token', //'token_expires', @@ -61,9 +62,10 @@ $InnerEnv = [ 'Onedrive_ver', 'client_id', 'client_secret', - 'domain_path', - 'guestup_path', 'diskname', + 'domain_path', + 'downloadencrypt', + 'guestup_path', 'public_path', 'refresh_token', 'token_expires', @@ -73,9 +75,10 @@ $ShowedInnerEnv = [ //'Onedrive_ver', //'client_id', //'client_secret', - 'domain_path', - 'guestup_path', 'diskname', + 'domain_path', + 'downloadencrypt', + 'guestup_path', 'public_path', //'refresh_token', //'token_expires', @@ -107,7 +110,6 @@ function config_oauth() $_SERVER['sitename'] = getConfig('sitename'); if (empty($_SERVER['sitename'])) $_SERVER['sitename'] = getconstStr('defaultSitename'); $_SERVER['redirect_uri'] = 'https://scfonedrive.github.io'; - //$_SERVER['redirect_uri'] = 'https://git.ldxw.vip/scfone'; if (getConfig('Onedrive_ver')=='MS') { // MS @@ -271,24 +273,25 @@ function encode_str_replace($str) function gethiddenpass($path,$passfile) { - $password=getcache('path_' . $path . '/?password'); + $path1 = path_format($_SERVER['list_path'] . path_format($path)); + $password=getcache('path_' . $path1 . '/?password'); if ($password=='') { - $ispassfile = fetch_files(spurlencode(path_format($path . '/' . $passfile),'/')); + $ispassfile = fetch_files(path_format($path . '/' . urlencode($passfile))); //echo $path . '
' . json_encode($ispassfile, JSON_PRETTY_PRINT) . '
'; if (isset($ispassfile['file'])) { $arr = curl_request($ispassfile['@microsoft.graph.downloadUrl']); if ($arr['stat']==200) { $passwordf=explode("\n",$arr['body']); $password=$passwordf[0]; - $password=md5($password); - savecache($path . '/password', $password); + if ($password!='') $password=md5($password); + savecache('path_' . $path1 . '/?password', $password); return $password; } else { //return md5('DefaultP@sswordWhenNetworkError'); return md5( md5(time()).rand(1000,9999) ); } } else { - savecache($path . '/password', 'null'); + savecache('path_' . $path1 . '/?password', 'null'); if ($path !== '' ) { $path = substr($path,0,strrpos($path,'/')); return gethiddenpass($path,$passfile); @@ -349,12 +352,15 @@ function get_timezone($timezone = '8') function message($message, $title = 'Message', $statusCode = 200) { return output(' +

' . $title . '

+ ' . $message . ' +

', $statusCode); @@ -392,6 +398,7 @@ function passhidden($path) $path = str_replace('+','%2B',$path); $path = str_replace('&','&', path_format(urldecode($path))); if (getConfig('passfile') != '') { + $path = spurlencode($path,'/'); if (substr($path,-1)=='/') $path=substr($path,0,-1); $hiddenpass=gethiddenpass($path,getConfig('passfile')); if ($hiddenpass != '') { @@ -483,6 +490,7 @@ function main($path) $constStr['language'] = $_COOKIE['language']; if ($constStr['language']=='') $constStr['language'] = getConfig('language'); if ($constStr['language']=='') $constStr['language'] = 'en-us'; + $_SERVER['language'] = $constStr['language']; $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path); $_SERVER['base_disk_path'] = $_SERVER['base_path']; $disktags = explode("|",getConfig('disktag')); @@ -595,7 +603,7 @@ function main($path) return $tmp; } } else { - if ($_SERVER['ajax']) return output(getconstStr('RefleshtoLogin'),401); + if ($_SERVER['ajax']) return output(getconstStr('RefreshtoLogin'),401); } $_SERVER['ishidden'] = passhidden($path); if ($_GET['thumbnails']) { @@ -608,7 +616,7 @@ function main($path) $files = list_files($path); if (isset($files['file']) && !$_GET['preview']) { // is file && not preview mode - if ($_SERVER['ishidden']<4) return output('', 302, [ 'Location' => $files['@microsoft.graph.downloadUrl'] ]); + if ( $_SERVER['ishidden']<4 || (getConfig('downloadencrypt')&&$files['name']!=getConfig('passfile')) ) return output('', 302, [ 'Location' => $files['@microsoft.graph.downloadUrl'] ]); } if ( isset($files['folder']) || isset($files['file']) ) { return render_list($path, $files); @@ -623,8 +631,8 @@ function list_files($path) $path = path_format($path); if ($_SERVER['is_guestup_path']&&!$_SERVER['admin']) { $files = json_decode('{"folder":{}}', true); - } elseif ($_SERVER['ishidden']==4) { - $files = json_decode('{"folder":{}}', true); + } elseif (!getConfig('downloadencrypt')) { + if ($_SERVER['ishidden']==4) $files = json_decode('{"folder":{}}', true); } else { $files = fetch_files($path); } @@ -703,7 +711,8 @@ function adminoperate($path) $filename = path_format($path1 . '/' . $foldername . '/' . getConfig('passfile')); //echo $foldername; $result = MSAPI('PUT', $filename, $_GET['encrypt_newpass'], $_SERVER['access_token']); - //savecache('path_' . $path1, json_decode('{}',true), 1); + $path1 = path_format($path1 . '/' . $foldername ); + savecache('path_' . $path1 . '/?password', '', 1); return output($result['body'], $result['stat']); } if ($_GET['move_folder']!='') { @@ -790,8 +799,8 @@ function adminoperate($path) return output($result['body'], $result['stat']); } if ($_GET['RefreshCache']) { - //savecache('path_' . $path1, json_decode('{}',true), 1); - savecache('path_' . $path . '/?password', '', 1); + $path1 = path_format($_SERVER['list_path'] . path_format($path)); + savecache('path_' . $path1 . '/?password', '', 1); return message('', getconstStr('RefreshCache'), 302); } return $tmparr;