1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 
<?php
require_once(dirname(dirname(dirname(dirname(__FILE__)))) . '/admin-globals.php');
XSRFdefender('elFinder');
include_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/elFinder/php/elFinderConnector.class.php';
include_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/elFinder/php/elFinder.class.php';
include_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/elFinder/php/elFinderVolumeDriver.class.php';
include_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/elFinder/php/elFinderVolumeLocalFileSystem.class.php';
function access($attr, $path, $data, $volume) {
    return strpos(basename($path), '.') === 0   
                    ? !($attr == 'read' || $attr == 'write') 
                    : null;              
}
function accessImage($attr, $path, $data, $volume) {
    
    if (access($attr, $path, $data, $volume) || (!is_dir($path) && !Gallery::validImage($path))) {
        return !($attr == 'read' || $attr == 'write');
    }
    return NULL;
}
function accessAlbums($attr, $path, $data, $volume) {
    
    $base = explode('/', str_replace(getAlbumFolder(SERVERPATH), '', str_replace('\\', '/', $path) . '/'));
    $base = array_shift($base);
    $block = !$base && $attr == 'write';
    if ($block || access($attr, $path, $data, $volume)) {
        return !($attr == 'read' || $attr == 'write');
    }
    return NULL;
}
$opts = array();
if ($_REQUEST['origin'] == 'upload') {
    if (zp_loggedin(FILES_RIGHTS)) {
        $opts['roots'][0] = array(
                        'driver'                 => 'LocalFileSystem',
                        'startPath'          => SERVERPATH . '/' . UPLOAD_FOLDER . '/',
                        'path'                   => SERVERPATH . '/' . UPLOAD_FOLDER . '/',
                        'URL'                        => WEBPATH . '/' . UPLOAD_FOLDER . '/',
                        'alias'                  => sprintf(gettext('Upload folder (%s)'), UPLOAD_FOLDER),
                        'mimeDetect'         => 'internal',
                        'tmbPath'                => '.tmb',
                        'utf8fix'                => true,
                        'tmbCrop'                => false,
                        'tmbBgColor'         => 'transparent',
                        'accessControl'  => 'access',
                        'acceptedName'   => '/^[^\.].*$/'
        );
    }
    if (zp_loggedin(THEMES_RIGHTS)) {
        $zplist = getSerializedArray(getOption('Zenphoto_theme_list'));
        $opts['roots'][1] = array(
                        'driver'                 => 'LocalFileSystem',
                        'startPath'          => SERVERPATH . '/' . THEMEFOLDER . '/',
                        'path'                   => SERVERPATH . '/' . THEMEFOLDER . '/',
                        'URL'                        => WEBPATH . '/' . THEMEFOLDER . '/',
                        'alias'                  => sprintf(gettext('Zenphoto themes (%s)'), THEMEFOLDER),
                        'mimeDetect'         => 'internal',
                        'tmbPath'                => '.tmb',
                        'utf8fix'                => true,
                        'tmbCrop'                => false,
                        'tmbBgColor'         => 'transparent',
                        'accessControl'  => 'access',
                        'acceptedName'   => '/^[^\.].*$/',
                        'attributes'         => $attr = array(
                        array(
                                        'pattern'    => '/.(' . implode('$|', $zplist) . '$)/', 
                                        'read'       => true,
                                        'write'      => false,
                                        'locked'     => true
                        ),
                        array(
                                        'pattern'    => '/.(' . implode('\/|', $zplist) . '\/)/', 
                                        'read'       => true,
                                        'write'      => false,
                                        'locked'     => true
                        )
                        )
        );
    }
    if (zp_loggedin(UPLOAD_RIGHTS)) {
        $opts['roots'][2] = array(
                        'driver'             => 'LocalFileSystem',
                        'startPath'      => getAlbumFolder(SERVERPATH),
                        'path'               => getAlbumFolder(SERVERPATH),
                        'URL'                    => getAlbumFolder(WEBPATH),
                        'alias'              => sprintf(gettext('Albums folder (%s)'), basename(getAlbumFolder())),
                        'mimeDetect'     => 'internal',
                        'tmbPath'            => '.tmb',
                        'utf8fix'            => true,
                        'tmbCrop'            => false,
                        'tmbBgColor'     => 'transparent',
                        'uploadAllow'    => array('image'),
                        'acceptedName' => '/^[^\.].*$/'
        );
        if (zp_loggedin(ADMIN_RIGHTS)) {
            $opts['roots'][2]['accessControl'] = 'access';
        } else {
            $opts['roots'][0]['uploadDeny'] = array('text/x-php', 'application');
            $opts['roots'][2]['accessControl'] = 'accessAlbums';
            $opts['roots'][2]['uploadDeny'] = array('text/x-php', 'application');
            $_managed_folders = getManagedAlbumList();
            $excluded_folders = $_zp_gallery->getAlbums(0);
            $excluded_folders = array_diff($excluded_folders, $_managed_folders);
            foreach ($excluded_folders as $key => $folder) {
                $excluded_folders[$key] = preg_quote($folder);
            }
            $maxupload = ini_get('upload_max_filesize');
            $maxuploadint = parse_size($maxupload);
            $uploadlimit = zp_apply_filter('get_upload_limit', $maxuploadint);
            $all_actions = $_not_upload = $_not_edit = array();
            foreach ($_managed_folders as $key => $folder) {
                $rightsalbum = newAlbum($folder);
                $modified_rights = $rightsalbum->albumSubRights();
                if ($uploadlimit <= 0) {
                    $modified_rights = $modified_rights & ~MANAGED_OBJECT_RIGHTS_UPLOAD;
                }
                $_not_edit[$key] = $_not_upload[$key] = $folder = preg_quote($folder);
                switch ($modified_rights & (MANAGED_OBJECT_RIGHTS_UPLOAD | MANAGED_OBJECT_RIGHTS_EDIT)) {
                    case MANAGED_OBJECT_RIGHTS_UPLOAD:      
                        unset($_not_upload[$key]);
                        break;
                    case MANAGED_OBJECT_RIGHTS_EDIT:        
                        unset($_not_edit[$key]);
                        break;
                    case MANAGED_OBJECT_RIGHTS_UPLOAD | MANAGED_OBJECT_RIGHTS_EDIT: 
                        unset($_not_edit[$key]);
                        unset($_not_upload[$key]);
                        $all_actions[$key] = $folder;
                        break;
                }
            }
            $opts['roots'][2]['attributes'] = array();
            if (!empty($excluded_folders)) {
                $opts['roots'][2]['attributes'][0] = array(
                                'pattern'    => '/.(' . implode('$|', $excluded_folders) . '$)/', 
                                'read'       => false,
                                'write'      => false,
                                'locked'     => true
                );
                $opts['roots'][2]['attributes'][1] = array(
                                'pattern'    => '/.(' . implode('.xmp|', $excluded_folders) . '.xmp)/', 
                                'read'       => false,
                                'write'      => false,
                                'locked'     => true
                );
            }
            if (!empty($_not_upload)) {
                $opts['roots'][2]['attributes'][2] = array(
                                'pattern'    => '/.(' . implode('$|', $_not_upload) . '$)/', 
                                'read'       => true,
                                'write'      => false,
                                'locked'     => true
                );
            }
            if (!empty($_not_edit)) {
                $opts['roots'][2]['attributes'][3] = array(
                                'pattern'    => '/.(' . implode('\/|', $_not_edit) . '\/)/', 
                                'read'       => true,
                                'write'      => false,
                                'locked'     => true
                );
                $opts['roots'][2]['attributes'][4] = array(
                                'pattern'    => '/.(' . implode('\/|', $_not_edit) . '.xmp)/', 
                                'read'       => true,
                                'write'      => false,
                                'locked'     => true
                );
            }
            if (!empty($all_actions)) {
                $opts['roots'][2]['attributes'][5] = array(
                                'pattern'    => '/.(' . implode('$|', $all_actions) . '$)/', 
                                'read'       => true,
                                'write'      => true,
                                'locked'     => false
                );
            }
        }
    }
    if (zp_loggedin(ADMIN_RIGHTS)) {
        $opts['roots'][3] = array(
                        'driver'                 => 'LocalFileSystem',
                        'startPath'          => SERVERPATH . '/' . USER_PLUGIN_FOLDER . '/',
                        'path'                   => SERVERPATH . '/' . USER_PLUGIN_FOLDER . '/',
                        'URL'                        => WEBPATH . '/' . USER_PLUGIN_FOLDER . '/',
                        'alias'                  => sprintf(gettext('Third party plugins (%s)'), USER_PLUGIN_FOLDER),
                        'mimeDetect'         => 'internal',
                        'tmbPath'                => '.tmb',
                        'utf8fix'                => true,
                        'tmbCrop'                => false,
                        'tmbBgColor'         => 'transparent',
                        'accessControl'  => 'access',
                        'acceptedName'   => '/^[^\.].*$/'
        );
        $opts['roots'][4] = array(
                        'driver'                 => 'LocalFileSystem',
                        'startPath'          => SERVERPATH . '/' . DATA_FOLDER . '/',
                        'path'                   => SERVERPATH . '/' . DATA_FOLDER . '/',
                        'URL'                        => WEBPATH . '/' . DATA_FOLDER . '/',
                        'alias'                  => sprintf(gettext('Zenphoto data (%s)'), DATA_FOLDER),
                        'mimeDetect'         => 'internal',
                        'tmbPath'                => '.tmb',
                        'utf8fix'                => true,
                        'tmbCrop'                => false,
                        'tmbBgColor'         => 'transparent',
                        'accessControl'  => 'access',
                        'acceptedName'   => '/^[^\.].*$/'
        );
        $opts['roots'][5] = array(
                        'driver'                 => 'LocalFileSystem',
                        'startPath'          => SERVERPATH . '/' . BACKUPFOLDER . '/',
                        'path'                   => SERVERPATH . '/' . BACKUPFOLDER . '/',
                        'URL'                        => WEBPATH . '/' . BACKUPFOLDER . '/',
                        'alias'                  => sprintf(gettext('Backup files (%s)'), BACKUPFOLDER),
                        'mimeDetect'         => 'internal',
                        'tmbPath'                => '.tmb',
                        'utf8fix'                => true,
                        'tmbCrop'                => false,
                        'tmbBgColor'         => 'transparent',
                        'accessControl'  => 'access',
                        'acceptedName'   => '/^[^\.].*$/'
        );
    }
} else { 
    if (zp_loggedin(FILES_RIGHTS)) {
        $opts['roots'][0] = array(
                        'driver'                 => 'LocalFileSystem',
                        'startPath'          => SERVERPATH . '/' . UPLOAD_FOLDER . '/',
                        'path'                   => SERVERPATH . '/' . UPLOAD_FOLDER . '/',
                        'URL'                        => WEBPATH . '/' . UPLOAD_FOLDER . '/',
                        'alias'                  => sprintf(gettext('Upload folder (%s)'), UPLOAD_FOLDER),
                        'mimeDetect'         => 'internal',
                        'tmbPath'                => '.tmb',
                        'utf8fix'                => true,
                        'tmbCrop'                => false,
                        'tmbBgColor'         => 'transparent',
                        'uploadAllow'        => array('image'),
                        'accessControl'  => 'access',
                        'acceptedName'   => '/^[^\.].*$/',
                        'uploadDeny' => array('text/x-php', 'text/html', 'application'),
        );
    }
}
$connector = new elFinderConnector(new elFinder($opts));
$connector->run();