soerennb / extplorer Goto Github PK

in the editor tabs there are marks in bottom right corner that suggest is a handler that you can drag to adjust textarea size, but editor size seems fixed and handler does nothing...

sometimes adjusting the browser window or with different resolutions, the editor textarea seems too small and wastes space ar bottom, or sometimes gets too large that doesn't fit in viewport, scollbars appear and have to scroll anytime... is very annoying and unproductive

Hello,

As dual licenses are being utilized for extplorer.

Can you please tell me if I'm able to to use it by modification and commercially?

Thank you

In Joomla 3.x, I am continually am getting the error_log in the administrator folder filling up from using Extplorer. This started occurring with PHP7 using Explorer 2.1.9. I've seen that others have posted this in your forum (https://extplorer.net/boards/1/topics/159).
These 3 lines keep appearing:
25-May-2017 15:44:26 UTC] PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; ext_Json has a deprecated constructor in /.../administrator/components/com_extplorer/libraries/JSON.php on line 117
[25-May-2017 15:44:26 UTC] PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Services_JSON_Error has a deprecated constructor in /.../administrator/components/com_extplorer/libraries/JSON.php on line 840
[25-May-2017 15:44:26 UTC] PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Services_JSON_Error has a deprecated constructor in /.../administrator/components/com_extplorer/libraries/JSON.php on line 854

Line 117: class ext_Json
Line 840: class Services_JSON_Error extends PEAR_Error
Line 854: class Services_JSON_Error

Am checking out extplorer on a Kubuntu 14.04. Logging in fine as admin:admin. Investigating webdav. DB created as per webdav_table.sql.php, conf.php updated to match. mysql -uextplorer '-ppassword' -estatus gives good output.

From another system, Kubuntu 12.04, 'sudo mount -vt davfs http://server/extplorer/webdav.php /mnt/webdav' is returning 'Could not authenticate to server: rejected Basic challenge'. User / password is prompted for, admin, admin.

To back check, trying 'sudo fusedav -u admin -p admin -D http://server/extplorer/webdav.php /mnt/webdav' shows:

getattr(/extplorer/webdav.php)
CGET: /extplorer/webdav.php
STAT-CACHE-MISS
Authentication failure!
Realm 'Restricted Area: eXtplorer WebDAV' requires authentication.
Username: getattr(/extplorer/webdav.php)
CGET: /extplorer/webdav.php
STAT-CACHE-MISS

Should extplorer over webdav 'just work' out of the box, assuming the changes above / per the readme / conf.php, or are there additional bits to set, such as an .htaccess file?

e.g. Anything in apache2 config / virtual host settings?

I noticed, for example, an initial generated password included a '\' in it. Took me a while to realize that and remove it from db access / setup tests.

How might I go about figuring out where the authentication failure is coming from? curl? wget?

Thanks for any thoughts.
-- Bill

P.S. Same result when trying on same machine.

Hi Soeren,
found multiple contact options while researching. Wouldn't it be a good idea to reduce these to one?

I see:

• https://extplorer.net/projects/extplorer/boards
• https://extplorer.net/projects/extplorer/issues
• https://github.com/soerennb/extplorer/issues

All the best
Ralf

Hi,

eXtplorer 2.1.14 is not compatible with PHP8 (installed as a Joomla component). It raises error "Call to undefined function get_magic_quotes_gpc()" after starting from from Joomla backend components menu.

Any known integration efforts with Laravel?

Is it possible to use SFTP protocol?

• I use V 2.15 in the web (php 8.022) and zip and tar of marked-directories dont function (small incomplete files - error : file xxx.zip does not exist... But tar/gz functions !

• My proposal : If extplorer uses system-zip (which may cause the problems) - php has inbuilt zip-functions since php 5.5 - should be easy to update the code.

• Also : There is a scripts.tar.gz in the 2.15-zip. What must the user do within the installation (i unzipped .gz and then .tar in a subdirectory /scripts without effect)

I made an installation not in Joomla, and the explorer shows everything under the root(htdocs/www).
Is there a possibility to change some parameters so that extplorer shows only everything under a subdirctory (Everything within a cms - the extplorer runs in a subdirectory of the cms)

I am trying to make an extplorer version for typesetter cms which uses no database
A small problem is that a remote download
https://www.typesettercms.com/Plugins/17_Simple_Blog?cmd=download
does not function (but this functions in all browsers). So i look for a patch so that this functions.

EDIT: this issue could be related to #18

each time i refreshed the view (click a folder icon or file tab, etc) my php log floods with about 100 lines of:

[date time zone] PHP Deprecated:  Constant FILTER_SANITIZE_STRING is deprecated in /my/htdocs/extplorer/libraries/inputfilter.php on line 323

... using:

• extplorer 2.1.15
• php 8.1.8
• nginx 1.22.0
• fedora linux 36
• linux 5.18.13-200.fc36.x86_64

i tried editing the sources by changing to htmlspecialchars() as recommended by php, but views were displayed empty instead... so as a workaround i added an arroba @ to prevent my logs grow too much and my disks get full so quickly, even i don't feel so comfotable with this because i am afraid something could break in the future

for details see https://vuldb.com/?id.248026

compare #29

In style.css are twice font-size:10; instead of font-size:10px;

hi... i can't upload files with none of the 3 methods, i mainly want to use standar upload and transfer from other server, but none works

i enter the files but finally when i click the "upload" button it does nothing

On some rare occasions - we don't know why - function chdir passes the constant 'ext_root' for the root directory instead of an empty variable. This constant is then not recognized and chdir does not take place.

A workaround is available by changing line 76 in the file scripts/functions.js.php

original:
if( dirs[0] == '' ) { dirs.shift(); }

modified:
if( dirs[0] == '' || dirs[0] == 'ext_root') { dirs.shift(); }

Hope this helps!

Hi,

is there a release of 2.1.14? I see commits preparing the release but the actual release is missing. As 2.1.14 fixes vulnerabilities a soon-to-be release would be nice.

Regards
e-dschungel

• having 2 issue trackers is messy, how do you do to syncronize both?
• we have to create an account in extplorer.net to post issues... github already have MILLIONS of users...
• that means is way MORE collaborative, it is much more likely and easy (and massive) to send issues and pull requests
• that means a faster/better/easier software development
• i get a really bad mood in create an account in a specific site just to post 1 message
• it seems the account system in extplorer.net has broken, i cant login not recover my passwd, turn it useless
• github staff already get rid of hack or spam problems... YOU HAVE SPAM IN EXPLORER.NET

seriously, drop extplorer.net issue tracker, looks messy... everybody knows and prefer github...

you can still keep extplorer.net as a project homepage, redirecting development stuff to github.... is my humble opinion based on my observations

Hi,
I would like to work on developing custom context menus for a file based on it's extension. I am finding it difficult to get started with debugging the code. Are there any resources that could help?

1. https://example.com
2. https://example.com/extplorer

https://example.com/extplorer/webdav.php - works

Suppose the above URI works for me, should I replace http://localhost in .htuser.php with 1 or 2?

hi....

currently if we want to make a copy to file on the same dir, lets say a quick backup or numbered version copies, we must:

• copy the file to another dir
• go that directory
• locate the copied file and rename it
• move the file back to source dir
• go back to source dir and continue our work

you see is laborious... maybe another option could be to OPEN THE FILE IN EDITOR and save it with another name... but is not so intuitive (i actually never tried), time and resource wasting, and what happens with non-editable files?, is not so straight forward

in some cmd/shells is easy, you can make an inplace file copy with another name just with copy srcFile fileCopy or more specific with copy dir/srcFile dir/fileCopy... extplorer could present an option to rename the file when detected a copy in same dir

in some GUIs you can just drag the file next and the OS will rename automatically to "copy of {file}" or "{file}_01", then you can rename as you like.... extplorer could also (even better, just like other GUIs) detect duplicated and rename destination files automatically :)

Description

Cross site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it. If the app or website lacks proper data sanitization, the malicious link executes the attacker’s chosen code on the user’s system. As a result, the attacker can steal the user’s active session cookie.

Steps to reproduce

1. Install Joomla 3
2. Install the extplorer extension from https://extensions.joomla.org/extension/extplorer/
3. Login into the Joomla Admin Panel
4. Once done visit the URL http://192.168.1.21/administrator/index.php?option=com_extplorer&dir=&item=hello"><img src=x onerror=alert(document.domain)>test.php&action=view and XSS will execute successfully.

POC

The vulnerability was discovered in colloboration with @SivaPothuluru-Sajja

hi, i like extplorer, is very useful

but sometimes when i save a file it keeps saving forever, an animated wheel gif is shown on the center with a grey translucid modal over the page that blocks it entirely... i have to refresh the page to unstuck it, loosing my session, my open dir, my open tabs, and my recent file changes....

another workaround i found is hide the modal with browser developer tools so y can access the ui again and click the save button again, it works but is very annoying and delayer.... i noticed sometimes the file explorer tab changes itself resetting while in background (i.e. another file editor tab in foreground) (i.e. all dir tree collapsed), maybe is related

sadly i can't reproduce the problem since for me this occurs ramdomly with all the browsers i tried before, i dont know the exact conditions when it happens

Hi Soeren,
have installed the version yesterday but php8.0.13 isn't working. Have to go back to php7.3.33 to get it functional.

Great tool nonetheless. Thx a lot for your work :-)

Ralf

this is a feature request for ACL support at filesystem level.

In most of my setups the typical rwx permissions aren't enough to cover all users needs and I'm looking for a frontend with ACL management.