-
Notifications
You must be signed in to change notification settings - Fork 44
/
sanitizeCore.php
377 lines (324 loc) · 32.3 KB
/
sanitizeCore.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
<?php
// / -----------------------------------------------------------------------------------
// / This file is intended to be included in PHP files that require safe sanitization of
// / supported POST and GET inputs.
// / This file also dictates the basic HRCloud2 API. (NOT INLCLUDING APP-SPECIFIC API's)
// / If you're looking to add code to sanitize additional
// / POST or GET inputs, you should put it in this file and then require this file into
// / your code project, or app.
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Developers add your code between the following comment lines.....
$your_code_here = null;
// / Developers DO NOT add your code below this comment line.
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / OFFICIAL HRCLOUD2 SANITIZED API INPUTS
// / The following blocks of code each represent a distnct HRCloud2 API input.
// / To use the official API, satisfy the corresponding POST or GET variables below.
// / API inputs require that the user be logged in. Non-logged-in users will receieve a login screen.
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Reset the PHP execution timer.
set_time_limit(0);
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to specify what kinds of included stylesheets to use.
if (isset($_POST['noStyles']) or isset($noStyles) or isset($_GET['noStyles'])) $noStyles = 1;
else $noStyles = 0;
if (isset($_POST['minStyles']) or isset($minStyles) or isset($_GET['minStyles'])) $minStyles = 1;
else $minStyles = 0;
if (isset($_POST['maxStyles']) or isset($maxStyles) or isset($_GET['minStyles'])) $maxStyles = 1;
else $maxStyles = 0;
if (isset($_POST['allStyles']) or isset($allStyles) or isset($_GET['allStyles'])) $allStyles = 1;
else $allStyles = 0;
if (!isset($noStyles) && !isset($minStyles) && !isset($maxStyles)) $allStyles = 1;
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to save changed settings.
if (isset($_POST['Save'])) $saveSettings = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['Save'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to load default (current) settings.
if (isset($_POST['LoadDefaults'])) $loadDefaultSettings = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['LoadDefaults'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / The following code sets variables for generating client-side Apps based on user supplied specs.
if (isset($_POST['GenerateClient'])) $GenerateClient = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['GenerateClient'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['GenClientOS'])) $GenClientOS = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['GenClientOS'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['GenClientCPU'])) $GenClientCPU = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['GenClientCPU'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['GenClientHomepage'])) $GenClientHomepage = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['GenClientHomepage'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / The following code sets variables for generating client-side Apps based on user supplied specs.
if (isset($_POST['GenerateClient'])) $GenerateClient = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['GenerateClient'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['GenClientOS'])) $GenClientOS = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['GenClientOS'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['GenClientCPU'])) $GenClientCPU = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['GenClientCPU'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['GenClientHomepage'])) $GenClientHomepage = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['GenClientHomepage'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / The following code sets variables for generating an AppData package (the user specific data, GDPR compliance) to the users Cloud drive.
if (isset($_POST['downloadAppData'])) $DownloadAppData = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['downloadAppData'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / The following code triggers the backupCore (when used as administrator).
if (isset($_POST['backupUserDataNow'])) $BackupUserDataNow = htmlentities(str_replace('..', '', str_replace(str_split('\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['backupUserDataNow'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / ONLY ADMINISTRATORS CAN SET COMPRESSION SETTINGS !!!
// / Can be used by administrators to set data compression settings for user uploaded content.
// / "DataCompressionPOST" can be set to 0 for "disabled" or 1 for "enabled".
// / "DataCompressionMethod" can be set to 0, 1, or 2.
// / 0 = Disabled.
// / 1 = Automatic.
// / 2 = Maximum performance.
// / 3 = Maximum storage capacity.
if (isset($_POST['DataCompression'])) $DataCompression = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['DataCompression'])), ENT_QUOTES, 'UTF-8');
else $DataCompression = '';
if (isset($_POST['DataCompressionMethod'])) $DataCompressionMethod = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['DataCompressionMethod'])), ENT_QUOTES, 'UTF-8');
else $DataCompressionMethod = '';
if (isset($_POST['NEWDataCompression'])) $DataCompressionMethod = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWDataCompression'])), ENT_QUOTES, 'UTF-8');
else $DataCompressionMethod = '';
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to clear the HRCloud2 cache files. Accepts a value of '1' or 'true'.
if (isset($_POST['ClearCachePOST'])) $ClearCachePOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['ClearCachePOST'])), ENT_QUOTES, 'UTF-8');
else $ClearCachePOST = '';
if (isset($_POST['ClearUserCache'])) $ClearCachePOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['ClearUserCache'])), ENT_QUOTES, 'UTF-8');
else $ClearCachePOST = '';
if (isset($_POST['ClearCache'])) $ClearCachePOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['ClearCache'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['ClearFavorites'])) $ClearFavoritesPOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['ClearFavorites'])), ENT_QUOTES, 'UTF-8');
else $ClearFavoritesPOST = '';
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to specify new permission settings.
if (isset($_POST['NEWApacheUser'])) $NEWApacheUser = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWApacheUser'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWApacheGroup'])) $NEWApacheGroup = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWApacheGroup'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWCLPerms'])) $NEWCLPerms = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWCLPerms'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWILPerms'])) $NEWILPerms = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWILPerms'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to specify a specific file or directory within a users Cloud to scan for viruses with ClamAV.
if (isset($_POST['NEWVirusScan'])) $NEWVirusScan = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWVirusScan'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['userscanfilename'])) $userscanfilename = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['userscanfilename'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['scanSelected'])) $scanSelected = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['scanSelected'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['HighPerformanceAV'])) $HighPerformanceAV = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['HighPerformanceAV'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWHighPerformanceAV'])) $NEWHighPerformanceAV = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<\''), '', $_POST['NEWHighPerformanceAV'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWThoroughAV'])) $NEWThoroughAV = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<\''), '', $_POST['NEWThoroughAV'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWPersistentAV'])) $NEWPersistentAV = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<\''), '', $_POST['NEWPersistentAV'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWEnableTermsOfServiceURL'])) $NEWTOSEnableURL = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWEnableTermsOfServiceURL'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to sanitize new settings inputs.
if (isset($_POST['NEWColorScheme'])) $NEWColorScheme = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWColorScheme'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWShowHRAI'])) $NEWShowHRAI = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWShowHRAI'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWHRAIAudio'])) $NEWHRAIAudio = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWHRAIAudio'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWShowTips'])) $NEWShowTips = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWShowTips'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWTimezone'])) $NEWTimezone = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWTimezone'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWNickname'])) $NEWNickname = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWNickname'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWFont'])) $NEWFont = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWFont'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWEnablePrivacyPolicyURL'])) $NEWPPEnableURL = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWEnablePrivacyPolicyURL'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWEnableTermsOfServiceURL'])) $NEWTOSEnableURL = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['NEWEnableTermsOfServiceURL'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWPrivacyPolicyURL'])) $NEWPrivacyPolicyURL = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};$!#^>*<"\'"\''), '', $_POST['NEWPrivacyPolicyURL'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['NEWTermsOfServiceURL'])) $NEWTermsOfServiceURL = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};$!#^>*<"\''), '', $_POST['NEWTermsOfServiceURL'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to automatically download and install the latest HRCloud2 update from Github.
// / Will perform "AutoDownload", "AutoInstall", "AutoClean", and "CompatCheck" consecutively.
// / Accepts a value of '1' or 'true'.
// / ONLY ADMINISTRATORS CAN AUTO-UPDATE HRC2 !!!
if (isset($_POST['AutoUpdate'])) $AutoUpdatePOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['AutoUpdate'])), ENT_QUOTES, 'UTF-8');
else $AutoUpdatePOST = '';
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to automatically download the latest HRCloud2 package from Github.
// / DOES NOT INSTALL OR REPLACE ANYTHING !!!
// / ONLY ADMINISTRATORS CAN DOWNLOAD HRC2 UPDATES !!!
if (isset($_POST['AutoDownload'])) $AutoDownloadPOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['AutoDownload'])), ENT_QUOTES, 'UTF-8');
else $AutoDownloadPOST = '';
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to automatically install an official HRC2 update package that was download manually.
// / WILL EXTRACT AND OVER-WRITE HRC2 SYSTEM FILES WITH ONES FROM /Resources/TEMP
if (isset($_POST['AutoInstall'])) $AutoInstallPOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['AutoInstall'])), ENT_QUOTES, 'UTF-8');
else $AutoInstallPOST = '';
// / Can be used to clean up the HRC2 temp directories and perform compatibility adjustments after a manual update.
// / ONLY ADMINISTRATORS CAN DOWNLOAD HRC2 UPDATES !!!
if (isset($_POST['AutoClean'])) $AutoCleanPOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['AutoClean'])), ENT_QUOTES, 'UTF-8');
else $AutoCleanPOST = '';
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to automatically check for and repair compatibility bugs and known issues.
// / Accepts a value of '1' or 'true'.
if (isset($_POST['CheckCompatibility'])) $CheckCompatPOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['CheckCompatibility'])), ENT_QUOTES, 'UTF-8');
else $CheckCompatPOST = '';
if (isset($_POST['CheckCompat'])) $CheckCompatPOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['CheckCompat'])), ENT_QUOTES, 'UTF-8');
else $CheckCompatPOST = '';
if (isset($_POST['CheckPermissions'])) $CheckPermsPOST = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['CheckPermissions'])), ENT_QUOTES, 'UTF-8');
else $CheckPermsPOST = '';
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to specify shared files for UN-sharing. Will ONLY delete the shared copy of the file. Originals will remain.
if (isset($_POST['unshareConfirm'])) {
$_POST['unshareConfirm'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['unshareConfirm'])), ENT_QUOTES, 'UTF-8');
if (!is_array($_POST['filesToUnShare'])) {
$_POST['filesToUnShare'] = array($_POST['filesToUnShare']);
$_POST['filesToUnShare'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['filesToUnShare'])), ENT_QUOTES, 'UTF-8'); } }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to specify files for sharing files with other people by giving them a static URL on the server.
if (isset($_POST['shareConfirm'])) {
$_POST['shareConfirm'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['shareConfirm'])), ENT_QUOTES, 'UTF-8');
if (!is_array($_POST['filesToShare'])) {
$_POST['filesToShare'] = array($_POST['filesToShare']);
$_POST['filesToShare'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['filesToShare'])), ENT_QUOTES, 'UTF-8'); } }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to create directories in the user Drive root.
// / This can be used to create a directory or retreive the contents of an existing directory.
// / Example: 'Pictures/' needs to exist before 'Pictures/Flowers' can be created.
if (isset($_POST['dirToMake'])) $MAKEUserDir = htmlentities(str_replace('..', '', str_replace(str_split('|\\.~#[]{};:$!#^&%@>*<"\''), '', $_POST['dirToMake'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / UserDir's can be POSTed or GETed using the "UserDIR" or "UserDirPOST" variables.
// / Must specify either UserDir or UserDirPOST as a POST or GET variable.
if (isset($_GET['UserDirPOST'])) {
$_GET['UserDirPOST'] = htmlentities(str_replace('..', '.', str_replace(str_split('|\\.~#[]{};:$!#^&%@>*<"\''), '', $_GET['UserDirPOST'])), ENT_QUOTES, 'UTF-8');
$_POST['UserDirPOST'] = str_replace('..', '.', str_replace('//', '/', $_GET['UserDirPOST']));
$_POST['UserDir'] = str_replace('..', '.', str_replace('//', '/', $_GET['UserDirPOST'])); }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to trigger HRStreamer on a valid ".Platlist" file.
// / Must specify $_POST['streamselected'] as an array of files from the CloudLoc.
if (isset($_GET['playlistSelected'])) {
$_GET['playlistSelected'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_GET['playlistSelected'])), ENT_QUOTES, 'UTF-8');
$_POST['playlistSelected'] = $_GET['playlistSelected']; }
if (isset($_POST['playlistSelected'])) {
$_POST['playlistSelected'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['playlistSelected'])), ENT_QUOTES, 'UTF-8');
$_GET['playlistSelected'] = $_POST['playlistSelected']; }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to upload multiple files.
// / Must specify upload as a POST variable.
// / Must specify $_FILES['filesToUpload'] as an array of files from the client's device.
if (isset($_POST['upload'])) {
$upload = htmlentities(str_replace('..', '', str_replace(str_split('|\\/~#[]{};:$!#^&%@>*<"\''), '', $_POST['upload'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['filesToUpload'])) {
$_POST['filesToUpload'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\/~#[]{};:$!#^&%@>*<"\''), '', $_POST['filesToUpload'])), ENT_QUOTES, 'UTF-8');
if (!is_array($_POST['filesToUpload'])) {
$_FILES['filesToUpload'] = array($_FILES['filesToUpload']);
$_FILES['filesToUpload'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\/~#[]{};:$!#^&%@>*<"\''), '', $_FILES['filesToUpload'])), ENT_QUOTES, 'UTF-8'); } } }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to download multiple files.
// / must specify download as a POST variable.
// / Must specify $_POST['filesToDownload'] as a string or an array of filenames in the CloudLoc.
if (isset($_POST['download'])) {
$download = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<'), '', $_POST['download'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['filesToUpload'])) {
$_POST['filesToDownload'] = htmlentities(str_replace('..', '', str_replace(str_split('\\/~#[]{};:$!#^&%@>*<"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8');
if (!is_array($_POST['filesToDownload'])) {
$_POST['filesToDownload'] = array($_POST['filesToDownload']);
$_POST['filesToDownload'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8'); } } }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to copy multiple files (will auto-increment with _0, _1, _2, _3, _##, ect. ect...).
// / must specify copy as a POST variable.
// / Must specify $_POST['filesToCopy'] as a string or an array of filenames in the CloudLoc.
if (isset($_POST['copy'])) {
$_POST['copy'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<'), '', $_POST['copy'])), ENT_QUOTES, 'UTF-8');
if (!is_array($_POST['filesToCopy'])) {
$_POST['newcopyfilename'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['newcopyfilename'])), ENT_QUOTES, 'UTF-8');
$_POST['filesToCopy'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['filesToCopy'])), ENT_QUOTES, 'UTF-8');
$_POST['filesToCopy'] = array($_POST['filesToCopy']); } }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to rename multiple files (will auto-increment with _0, _1, _2, _3, _##, ect. ect...).
// / must specify rename as a POST variable.
// / Must specify $_POST['filesToRename'] as a string or an array of filenames in the CloudLoc.
// / Must specify a renamefilename as a POST variable.
if (isset($_POST['rename'])) {
$_POST['rename'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['rename'])), ENT_QUOTES, 'UTF-8');
if (!is_array($_POST['filesToRename'])) {
$_POST['renamefilename'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['renamefilename'])), ENT_QUOTES, 'UTF-8');
$_POST['filesToRename'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['filesToRename'])), ENT_QUOTES, 'UTF-8');
$_POST['filesToRename'] = array($_POST['filesToRename']); } }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to delete multiple files.
// / must specify deleteconfirm as a POST variable.
// / Must specify $_POST['filesToDelete'] as a string or an array of filenames in the CloudLoc.
if (isset($_POST['deleteconfirm'])) {
$_POST['deleteconfirm'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['deleteconfirm'])), ENT_QUOTES, 'UTF-8');
if (!is_array($_POST['filesToDelete'])) {
$_POST['filesToDelete'] = htmlentities(str_replace('..', '', str_replace(str_split('|\\~#[]{};:$!#^&%@>*<"\''), '', $_POST['filesToDelete'])), ENT_QUOTES, 'UTF-8');
$_POST['filesToDelete'] = array($_POST['filesToDelete']); } }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to archive multiple files (will auto-increment with _0, _1, _2, _3, _##, ect. ect...).
// / must specify archive as a POST variable.
// / Must specify $_POST['filesToArchive'] as a string or an array of filenames in the CloudLoc.
// / Must specify "archextension" and "userfilename" POST variables.
// / The filename should NOT contain an extension.
if (isset($_POST['archive'])) {
$_POST['archive'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['archive'])), ENT_QUOTES, 'UTF-8');
if (!is_array($_POST['filesToArchive'])) {
$_POST['filesToArchive'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['filesToArchive'])), ENT_QUOTES, 'UTF-8');
$_POST['filesToArchive'] = array($_POST['filesToArchive']);
$_POST['archextension'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['archextension'])), ENT_QUOTES, 'UTF-8');
$_POST['userfilename'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['userfilename'])), ENT_QUOTES, 'UTF-8'); } }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to de-archive multiple files, archives, or disk images.
// / must specify dearchiveButton as a POST variable.
// / Must specify $_POST['filesToDearchive'] as a string or an array of filenames in the CloudLoc.
if (isset($_POST["dearchiveButton"])) $_POST['dearchiveButton'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['dearchiveButton'])), ENT_QUOTES, 'UTF-8');
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to convert multiple files. Supports images, documents, media, archives, disk images, & more.
// / IMPORTANT NOTE: For basic document or image to .pdf conversions this method of conversion will suffice.
// / For Advanced .pdf conversions requiring OCR, please use the "pdfwork" API input instead.
// / Must specify $_POST['convertSelected'] as a string or an array of filenames in the CloudLoc.
// / Must specify an "extension" and a "userconvertfilename" .
// / OPTIONAL: Audio Files Only. Specify either pure integer to select a bitrate or "auto" for automatic (no quotes) .
// / The userconvertfilename should NOT contain an extension.
if (isset($_POST['convertSelected'])) {
$_POST['convertSelected'] = str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['convertSelected']));
if (!is_array($_POST['convertSelected'])) $_POST['convertSelected'] = array($_POST['convertSelected']);
$_POST['extension'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['extension'])), ENT_QUOTES, 'UTF-8');
$_POST['userconvertfilename'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['userconvertfilename'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['bitrate'])) $_POST['bitrate'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['bitrate'])), ENT_QUOTES, 'UTF-8'); }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to convert multiple document, image, or .pdf files to other document or .pdf files.
// / Really handy for taking pictures of documents and turning them into actual document files.
// / Must specify $_POST['pdfworSelected'] as a string or an array of filenames in the CloudLoc.
// // Must specift pdfextension, userpdfconvertfilename, and method.
// / Method must either be 0 or 1.
// / Method 0 is automatic. The simplest method is chosen first. Best for simple image or .pdf to document conversions.
// / Method 1 is advanced. This is best for advanced format support and multi-page .pdf to document conversions.
// / Method 1 requires unoconv. If conversions fail make sure to run "unoconv -l" or "unoconv --listen" in a terminal window.
if (isset($_POST['pdfworkSelected'])) {
$_POST['pdfworkSelected'] = str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['pdfworkSelected']));
if (!is_array($_POST['pdfworkSelected'])) $_POST['pdfworkSelected'] = array($_POST['pdfworkSelected']);
$_POST['pdfextension'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['pdfextension'])), ENT_QUOTES, 'UTF-8');
$_POST['userpdfconvertfilename'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['userpdfconvertfilename'])), ENT_QUOTES, 'UTF-8');
$_POST['method'] = htmlentities(str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<"\''), '', $_POST['method'])), ENT_QUOTES, 'UTF-8'); }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to add selected files to a users favorite files.
if (isset($_POST['favoriteConfirm'])) $_POST['favoriteConfirm'] = str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<\''), '', $_POST['favoriteConfirm']));
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to remove selected files from a users favorite files.
if (isset($_POST['favoriteDelete'])) $_POST['favoriteDelete'] = str_replace('..', '', str_replace(str_split('|~#[]{};:$!#^&%@>*<\''), '', $_POST['favoriteDelete']));
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Can be used to display a list of favorite files in the Drive section instead of all files.
if (isset($_GET['showFavoritesPOST']) or isset($_POST['showFavorites'])) $showFavorites = '1';
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / Reset the PHP execution timer.
set_time_limit(0);
// / -----------------------------------------------------------------------------------
?>