Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.112
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
var /
www /
html /
btm2000.apps-dev.fr /
core /
ajax /
Delete
Unzip
Name
Size
Permission
Date
Action
ajaxdirpreview.php
17.34
KB
-rw-r--r--
2023-12-15 13:44
ajaxdirtree.php
19.81
KB
-rw-r--r--
2023-12-15 13:44
ajaxinvoiceline.php
1.99
KB
-rw-r--r--
2023-12-15 13:44
ajaxstatusprospect.php
2.72
KB
-rw-r--r--
2023-12-15 13:44
ajaxtooltip.php
2.77
KB
-rw-r--r--
2023-12-15 13:44
bankconciliate.php
3.28
KB
-rw-r--r--
2023-12-15 13:44
box.php
2.73
KB
-rw-r--r--
2023-12-15 13:44
check_notifications.php
5.99
KB
-rw-r--r--
2023-12-15 13:44
constantonoff.php
2.33
KB
-rw-r--r--
2023-12-15 13:44
contacts.php
1.98
KB
-rw-r--r--
2023-12-15 13:44
extraparams.php
2.9
KB
-rw-r--r--
2023-12-15 13:44
fetchKnowledgeRecord.php
3.12
KB
-rw-r--r--
2023-12-15 13:44
fileupload.php
3.8
KB
-rw-r--r--
2023-12-15 13:44
flowjs-server.php
5.66
KB
-rw-r--r--
2023-12-15 13:44
loadinplace.php
4.87
KB
-rw-r--r--
2023-12-15 13:44
locationincoterms.php
4.05
KB
-rw-r--r--
2023-12-15 13:44
objectonoff.php
4.2
KB
-rw-r--r--
2023-12-15 13:44
onlineSign.php
15.35
KB
-rw-r--r--
2023-12-15 13:44
pingresult.php
2.79
KB
-rw-r--r--
2023-12-15 13:44
price.php
2.17
KB
-rw-r--r--
2023-12-15 13:44
row.php
6.9
KB
-rw-r--r--
2023-12-15 13:44
saveinplace.php
7.68
KB
-rw-r--r--
2023-12-15 13:44
security.php
2.22
KB
-rw-r--r--
2023-12-15 13:44
selectobject.php
3.2
KB
-rw-r--r--
2023-12-15 13:44
selectsearchbox.php
17.25
KB
-rw-r--r--
2023-12-15 13:44
vatrates.php
2.23
KB
-rw-r--r--
2023-12-15 13:44
ziptown.php
5.68
KB
-rw-r--r--
2023-12-15 13:44
Save
Rename
<?php /* Copyright (C) 2011-2012 Regis Houssin <regis.houssin@inodbox.com> * Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <https://www.gnu.org/licenses/>. */ /** * \file htdocs/core/ajax/fileupload.php * \brief File to return Ajax response on file upload */ if (!defined('NOREQUIREMENU')) { define('NOREQUIREMENU', '1'); // If there is no menu to show } if (!defined('NOREQUIREHTML')) { define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php } if (!defined('NOREQUIREAJAX')) { define('NOREQUIREAJAX', '1'); } if (!defined('NOREQUIRESOC')) { define('NOREQUIRESOC', '1'); } // Load Dolibarr environment require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/fileupload.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php'; $id = GETPOST('fk_element', 'int'); $element = GETPOST('element', 'alpha'); // 'myobject' (myobject=mymodule) or 'myobject@mymodule' or 'myobject_mysubobject' (myobject=mymodule) $elementupload = $element; // Load object according to $id and $element $object = fetchObjectByElement($id, $element); $module = $object->module; $element = $object->element; $usesublevelpermission = ($module != $element ? $element : ''); if ($usesublevelpermission && !isset($user->rights->$module->$element)) { // There is no permission on object defined, we will check permission on module directly $usesublevelpermission = ''; } //print 'fileupload.php: '.$object->id.' - '.$object->module.' - '.$object->element.' - '.$object->table_element.' - '.$usesublevelpermission."\n"; // Security check if (!empty($user->socid)) { $socid = $user->socid; if (!empty($object->socid) && $socid != $object->socid) { httponly_accessforbidden("Access on object not allowed for this external user."); // This includes the exit. } } $result = restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission, 'fk_soc', 'rowid', 0, 1); // Call with mode return if (!$result) { httponly_accessforbidden('Not allowed by restrictArea (module='.$object->module.' table_element='.$object->table_element.')'); } /* * View */ $upload_handler = new FileUpload(null, $id, $elementupload); top_httphead(); header('Pragma: no-cache'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Content-Disposition: inline; filename="files.json"'); header('X-Content-Type-Options: nosniff'); header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: OPTIONS, HEAD, GET, POST, PUT, DELETE'); header('Access-Control-Allow-Headers: X-File-Name, X-File-Type, X-File-Size'); switch ($_SERVER['REQUEST_METHOD']) { case 'OPTIONS': break; case 'HEAD': case 'GET': $upload_handler->get(); break; case 'POST': if (isset($_REQUEST['_method']) && $_REQUEST['_method'] === 'DELETE') { $upload_handler->delete(); } else { $upload_handler->post(); // Note: even if this return an error on 1 file in post(), we will return http code 200 because error must be managed by the caller (some files may be ok and some in error) } break; case 'DELETE': $upload_handler->delete(); break; default: header('HTTP/1.0 405 Method Not Allowed'); exit; } $db->close();