diff -urN quixplorer_2_3_1/.include/fun_archive.php quixplorer_2_3_1_new/.include/fun_archive.php --- quixplorer_2_3_1/.include/fun_archive.php 2003-04-26 04:17:16.000000000 +0800 +++ quixplorer_2_3_1_new/.include/fun_archive.php 2007-08-18 22:14:09.000000000 +0800 @@ -73,7 +73,7 @@ if(!$GLOBALS["zip"] && !$GLOBALS["tar"] && !$GLOBALS["tgz"]) show_error($GLOBALS["error_msg"]["miscnofunc"]); if(isset($GLOBALS['__POST']["name"])) { - $name=basename(stripslashes($GLOBALS['__POST']["name"])); + $name=base_name(stripslashes($GLOBALS['__POST']["name"])); if($name=="") show_error($GLOBALS["error_msg"]["miscnoname"]); switch($GLOBALS['__POST']["type"]) { case "zip": zip_items($dir,$name); break; diff -urN quixplorer_2_3_1/.include/fun_copy_move.php quixplorer_2_3_1_new/.include/fun_copy_move.php --- quixplorer_2_3_1/.include/fun_copy_move.php 2003-04-26 04:26:24.000000000 +0800 +++ quixplorer_2_3_1_new/.include/fun_copy_move.php 2007-08-18 22:14:33.000000000 +0800 @@ -178,7 +178,7 @@ $err=false; for($i=0;$i<$cnt;++$i) { $tmp = stripslashes($GLOBALS['__POST']["selitems"][$i]); - $new = basename(stripslashes($GLOBALS['__POST']["newitems"][$i])); + $new = base_name(stripslashes($GLOBALS['__POST']["newitems"][$i])); $abs_item = get_abs_item($dir,$tmp); $abs_new_item = get_abs_item($new_dir,$new); $items[$i] = $tmp; diff -urN quixplorer_2_3_1/.include/fun_down.php quixplorer_2_3_1_new/.include/fun_down.php --- quixplorer_2_3_1/.include/fun_down.php 2004-08-12 21:31:09.000000000 +0800 +++ quixplorer_2_3_1_new/.include/fun_down.php 2007-08-18 22:14:44.000000000 +0800 @@ -40,7 +40,7 @@ //------------------------------------------------------------------------------ function download_item($dir, $item) { // download file // Security Fix: - $item=basename($item); + $item=base_name($item); if(($GLOBALS["permissions"]&01)!=01) show_error($GLOBALS["error_msg"]["accessfunc"]); if(!get_is_file($dir,$item)) show_error($item.": ".$GLOBALS["error_msg"]["fileexist"]); diff -urN quixplorer_2_3_1/.include/fun_edit.php quixplorer_2_3_1_new/.include/fun_edit.php --- quixplorer_2_3_1/.include/fun_edit.php 2003-04-26 04:17:16.000000000 +0800 +++ quixplorer_2_3_1_new/.include/fun_edit.php 2007-08-18 22:15:02.000000000 +0800 @@ -41,7 +41,7 @@ function savefile($file_name) { // save edited file $code = stripslashes($GLOBALS['__POST']["code"]); $fp = @fopen($file_name, "w"); - if($fp===false) show_error(basename($file_name).": ".$GLOBALS["error_msg"]["savefile"]); + if($fp===false) show_error(base_name($file_name).": ".$GLOBALS["error_msg"]["savefile"]); fputs($fp, $code); @fclose($fp); } @@ -55,7 +55,7 @@ if(isset($GLOBALS['__POST']["dosave"]) && $GLOBALS['__POST']["dosave"]=="yes") { // Save / Save As - $item=basename(stripslashes($GLOBALS['__POST']["fname"])); + $item=base_name(stripslashes($GLOBALS['__POST']["fname"])); $fname2=get_abs_item($dir, $item); if(!isset($item) || $item=="") show_error($GLOBALS["error_msg"]["miscnoname"]); if($fname!=$fname2 && @file_exists($fname2)) show_error($item.": ".$GLOBALS["error_msg"]["itemdoesexist"]); diff -urN quixplorer_2_3_1/.include/fun_extra.php quixplorer_2_3_1_new/.include/fun_extra.php --- quixplorer_2_3_1/.include/fun_extra.php 2004-08-12 21:32:35.000000000 +0800 +++ quixplorer_2_3_1_new/.include/fun_extra.php 2007-08-18 22:15:32.000000000 +0800 @@ -198,7 +198,7 @@ $ok = true; if(!@mkdir($dest,0777)) return false; - if(($handle=@opendir($source))===false) show_error(basename($source).": ".$GLOBALS["error_msg"]["opendir"]); + if(($handle=@opendir($source))===false) show_error(base_name($source).": ".$GLOBALS["error_msg"]["opendir"]); while(($file=readdir($handle))!==false) { if(($file==".." || $file==".")) continue; @@ -219,13 +219,13 @@ $ok = true; if(@is_link($item) || @is_file($item)) $ok=@unlink($item); elseif(@is_dir($item)) { - if(($handle=@opendir($item))===false) show_error(basename($item).": ".$GLOBALS["error_msg"]["opendir"]); + if(($handle=@opendir($item))===false) show_error(base_name($item).": ".$GLOBALS["error_msg"]["opendir"]); while(($file=readdir($handle))!==false) { if(($file==".." || $file==".")) continue; $new_item = $item."/".$file; - if(!@file_exists($new_item)) show_error(basename($item).": ".$GLOBALS["error_msg"]["readdir"]); + if(!@file_exists($new_item)) show_error(base_name($item).": ".$GLOBALS["error_msg"]["readdir"]); //if(!get_show_item($item, $new_item)) continue; if(@is_dir($new_item)) { @@ -287,4 +287,9 @@ } } //------------------------------------------------------------------------------ +function base_name($filename) +{ + return preg_replace( '/^.+[\\\\\\/]/', '', $filename ); +} + ?> diff -urN quixplorer_2_3_1/.include/fun_list.php quixplorer_2_3_1_new/.include/fun_list.php --- quixplorer_2_3_1/.include/fun_list.php 2004-08-12 21:48:08.000000000 +0800 +++ quixplorer_2_3_1_new/.include/fun_list.php 2007-08-18 22:15:44.000000000 +0800 @@ -224,7 +224,7 @@ $dir_up = dirname($dir); if($dir_up==".") $dir_up = ""; - if(!get_show_item($dir_up,basename($dir))) show_error($dir." : ".$GLOBALS["error_msg"]["accessdir"]); + if(!get_show_item($dir_up,base_name($dir))) show_error($dir." : ".$GLOBALS["error_msg"]["accessdir"]); // make file & dir tables, & get total filesize & number of items make_tables($dir, $dir_list, $file_list, $tot_file_size, $num_items); diff -urN quixplorer_2_3_1/.include/fun_mkitem.php quixplorer_2_3_1_new/.include/fun_mkitem.php --- quixplorer_2_3_1/.include/fun_mkitem.php 2003-04-26 04:17:16.000000000 +0800 +++ quixplorer_2_3_1_new/.include/fun_mkitem.php 2007-08-18 22:16:02.000000000 +0800 @@ -44,7 +44,7 @@ $mkname=$GLOBALS['__POST']["mkname"]; $mktype=$GLOBALS['__POST']["mktype"]; - $mkname=basename(stripslashes($mkname)); + $mkname=base_name(stripslashes($mkname)); if($mkname=="") show_error($GLOBALS["error_msg"]["miscnoname"]); $new = get_abs_item($dir,$mkname); @@ -63,4 +63,4 @@ header("Location: ".make_link("list",$dir,NULL)); } //------------------------------------------------------------------------------ -?> \ ÀÉ®×¥½¨S¦³ newline ¦r¤¸ +?>