fix: upload is not logging

abdul-kaioum · abdul-kaioum · commit 5f082ddf41ba · 2025-05-28T15:12:56.000+06:00
diff --git a/backend/app/Config.php b/backend/app/Config.php
@@ -21,9 +21,9 @@ class Config
 
     const VAR_PREFIX = 'bit_fm_';
 
-    const VERSION = '6.8';
+    const VERSION = '6.8.1';
 
-    const VERSION_ID = 680;
+    const VERSION_ID = 681;
 
     const DB_VERSION = '1.0';
 
diff --git a/backend/app/Http/Controllers/FileManagerController.php b/backend/app/Http/Controllers/FileManagerController.php
@@ -9,6 +9,7 @@
 use BitApps\FM\Providers\FileManager\FileRoot;
 use BitApps\FM\Providers\FileManager\Options;
 use BitApps\FM\Vendor\BitApps\WPKit\Utils\Capabilities;
+use Error;
 use Exception;
 
 final class FileManagerController
@@ -64,9 +65,14 @@ public function getFinderOptions()
         // 'zipdl.pre file.pre rename.pre put.pre upload.pre',
 
         $finderOptions->setBind(
-            'zipdl.pre file.pre rename.pre put.pre upload.pre rm.pre chmod.pre mkdir.pre mkfile.pre extract.pre',
+            'zipdl.pre file.pre rename.pre put.pre rm.pre chmod.pre mkdir.pre mkfile.pre extract.pre',
             [Plugin::instance()->logger(), 'log']
         );
+        
+        $finderOptions->setBind(
+            'upload',
+            [Plugin::instance()->logger(), 'logUpload']
+        );
 
         $allVolumes         = $this->getFileRoots();
         $volumeCount        = \count($allVolumes);
diff --git a/backend/app/Providers/AccessControlProvider.php b/backend/app/Providers/AccessControlProvider.php
@@ -13,6 +13,15 @@ class AccessControlProvider
 {
     public $settings;
 
+    private $maliciousPatterns = [
+            '/<script.*?>.*?<\/script>/is',
+            '/onload=["\'].*?["\']/is',
+            '/<.*?javascript:.*?>/is',
+            '/<.*?on\w+=[^>]+>/is',
+            '/\/S \/JavaScript \/JS /is',
+        ];
+    private $scannedResult = [];
+
     public function __construct()
     {
         $this->settings = Plugin::instance()->preferences();
@@ -165,54 +174,78 @@ public function scanFile($command, $args)
         if (!\in_array($command, ['put', 'upload']) || \in_array('javascript', Plugin::instance()->permissions()->getEnabledFileType())) {
             return;
         }
-        $content = '';
 
-        if ($command === 'upload' && isset($args[0]['FILES']['upload']['tmp_name'])) {
+        if (isset($args[0]['chunk']) && !empty($args[0]['chunk'])) {
+            return;
+        }
+
+        if (
+            $command === 'upload' &&
+            !empty($args[0]['FILES']['upload']['tmp_name']) &&
+            is_array($args[0]['FILES']['upload']['tmp_name'])
+        ) {
             $filePath       = '';
             $fileName       = '';
-            $filePath       = $args[0]['FILES']['upload']['tmp_name'][0];
-            $fileName       = $args[0]['FILES']['upload']['name'][0];
-            $fileTypeAndExt = wp_check_filetype_and_ext($filePath, $fileName, $args[0]['FILES']['upload']['type'][0]);
-
-            if (
-                isset($fileTypeAndExt['ext'], $fileTypeAndExt['type']) 
-            && (strpos($fileTypeAndExt['type'], 'text') !== false || strpos($fileTypeAndExt['type'], 'pdf') !== false)
-            || current_user_can('administrator')
-            ) {
-                $content = file_get_contents($filePath);
-            } else {
-                throw new PreCommandException(__('Failed to process the file', 'file-manager'));
+            $uploadedFiles = $args[0]['FILES']['upload']['tmp_name'];
+            error_log(print_r($args[0]['FILES']['upload'], true));
+            foreach ($uploadedFiles as $index => $tmpName) {
+                $content = '';
+                $filePath       = $args[0]['FILES']['upload']['tmp_name'][$index];
+                $fileName       = $args[0]['FILES']['upload']['name'][$index];
+                if (empty($filePath)) {
+                    continue;
+                }
+                $fileTypeAndExt = wp_check_filetype_and_ext($filePath, $fileName);
+    error_log(print_r($fileTypeAndExt, true));
+                if (!empty($fileTypeAndExt['type'])) {
+                    if (stripos($fileTypeAndExt['type'], 'javascript') !== false) {
+                        $this->scannedResult[] = sprintf(__('This file %s type is not allowed', 'file-manager'), $fileName);
+                    }
+                    if (
+                        stripos($fileTypeAndExt['type'], 'text') !== false ||
+                        stripos($fileTypeAndExt['type'], 'pdf') !== false
+                    ) {
+                        $content = file_get_contents($filePath);
+                    }
+                } else {
+                    try {
+                        $content = file_get_contents($filePath);
+                    } catch (\Exception $e) {
+                        $this->scannedResult[] = sprintf(__('Failed to process this file %s', 'file-manager'), $fileName);
+                    }
+                }
+
+                if (!empty($content)) {
+                    $this->scanForPattern($content, $fileName);
+                }
             }
         } elseif (isset($_REQUEST['content'])) {
-            $content = $_REQUEST['content'];
+            $this->scanForPattern($_REQUEST['content'], '');
         }
-        if (empty($content)) {
-            return;
+
+        if (count($this->scannedResult) > 0) {
+            throw new PreCommandException(
+                implode('. >> ', $this->scannedResult)
+            );
         }
 
-        $containsJs = false;
+    }
 
-        $maliciousPatterns = [
-            '/<script.*?>.*?<\/script>/is',
-            '/onload=["\'].*?["\']/is',
-            '/<.*?javascript:.*?>/is',
-            '/<.*?on\w+=[^>]+>/is',
-            '/\/S \/JavaScript \/JS /is',
-        ];
-        
-        foreach ($maliciousPatterns as $pattern) {
+    private function scanForPattern($content, $fileName)
+    {
+        $containsJs = false;
+        foreach ($this->maliciousPatterns as $pattern) {
             if (preg_match($pattern, $content)) {
                 $containsJs = true;
                 
                 break;
             }
         }
 
-
-
         if ($containsJs) {
-
-            throw new PreCommandException(__('The file contains JS code. Please remove the code and try again. Or allow js mimetype', 'file-manager'));
+            $this->scannedResult[] = sprintf(__('This file %s contains JS code. Please remove the code and try again. Or allow js mimetype', 'file-manager'), $fileName);
         }
     }
 }
+
+    
diff --git a/backend/app/Providers/Logger.php b/backend/app/Providers/Logger.php
@@ -46,13 +46,21 @@ public function log($command, $target, $finder, $volume)
          * update: put
          */
         $commandDetails = [];
-        if ($command === 'upload') {
+        $commandDetails = $this->processFileHash($command, $target, $volume);
+
+        if (isset($commandDetails['files'])) {
+            $this->_logger->save($command, $commandDetails);
+        }
+    }
+    
+    public function logUpload($command, $status, $target, $finder, $volume)
+    {
+        $commandDetails = [];
             $commandDetails = $this->processFileHashForUpload($target, $volume);
-        } else {
-            $commandDetails = $this->processFileHash($command, $target, $volume);
+       
+        if (isset($commandDetails['files'])) {
+            $this->_logger->save($command, $commandDetails);
         }
-
-        $this->_logger->save($command, $commandDetails);
     }
 
     /**
@@ -85,15 +93,26 @@ private function processFileHash($command, $target, $volume)
         return $details;
     }
 
+    /**
+     * Process targeted file hash to path for upload command
+     *
+     * @param array                                                $target
+     * @param elFinderVolumeDriver | elFinderVolumeLocalFileSystem $volume
+     *
+     * @return array
+     */
     private function processFileHashForUpload($target, $volume)
     {
-        $details = [];
+        if(!empty($target['chunk'])) {
+            return [];
+        }
+        $details['driver']  = \get_class($volume);
+        $details['folder']  = [
+            'path' => str_replace(ABSPATH, '', $volume->getPath($target['target'])),
+            'hash' => $target['target'],
+        ];
+
         if (!empty($target['upload_path'])) {
-            $details['driver']  = \get_class($volume);
-            $details['folder']  = [
-                'path' => str_replace(ABSPATH, '', $volume->getPath($target['target'])),
-                'hash' => $target['target'],
-            ];
             foreach ($target['upload_path'] as $index => $file) {
                 $details['files'][] = [
                     'path' => str_replace(ABSPATH, '', $volume->getPath($file)),
@@ -103,6 +122,19 @@ private function processFileHashForUpload($target, $volume)
                     break;
                 }
             }
+        } else if (isset($target["FILES"]["upload"]["full_path"])) {
+            $uploadBase = $details['folder']['path'];
+            $files = $target["FILES"]["upload"]["full_path"];
+            foreach ($files as $index => $file) {
+                if ($index > 300 || $file === 'blob') {
+                    break;
+                }
+                $details['files'][] = [
+                    'path' => $uploadBase . DIRECTORY_SEPARATOR . $file,
+                    'hash' => '',
+                ];
+            }
+            
         }
 
         return $details;
diff --git a/file-manager.php b/file-manager.php
@@ -5,7 +5,7 @@
  * Plugin URI: https://bitapps.pro/bit-file-manager
  * Author:     File Manager by Bit Form Team
  * Author URI:  https://bitapps.pro
- * Version: 6.8
+ * Version: 6.8.1
  * Requires at least: 5.0
  * Requires PHP: 7.4
  * Text domain: file-manager
diff --git a/frontend/src/pages/Permissions/ui/Permissions.tsx b/frontend/src/pages/Permissions/ui/Permissions.tsx
@@ -214,7 +214,6 @@ function Permissions() {
                       <Button loading={isUserPermissionDeleting && delInProgressId === user.ID}>
                         <DeleteFilled />
                       </Button>
-                      placeholder=" placeholder=" placeholder=" placeholder=" placeholder=" placeholder="
                     </Popconfirm>
                   }
                 >
@@ -248,16 +247,10 @@ function Permissions() {
             <Form.Item
               name={['guest', 'path']}
               label={__('Path')}
-              /* rules={[">">
-">
-">
-">
-">
-                {
+              /* rules={[
                   // eslint-disable-next-line no-useless-escape
                   pattern: new RegExp(`^${wpRoot}?(?:\/[^\/]+)*\/?$`),
                   message: __('Folder Path Must be within WordPress root directory')
-                }
               ]} */
             >
               <Input placeholder={__('Root Folder Path')} />
diff --git a/frontend/src/pages/root/Root.tsx b/frontend/src/pages/root/Root.tsx
@@ -75,6 +75,14 @@ export default function Root() {
         setIsOpening(false)
       })
 
+      finder.bind('uploadfail', () => {
+        finder.toast({
+          mode: 'error',
+          msg: __('Something went wrong while uploading files.'),
+          hideDuration: 5000
+        })
+      })
+
       finder.bind('viewchange', () => {
         changeViewState(finder)
       })
diff --git a/frontend/src/types/finder.d.ts b/frontend/src/types/finder.d.ts
@@ -29,5 +29,14 @@ declare module 'elfinder' {
     addCommand(commandName: string, commandOptions?: CommandOptions): void
     removeCommand(commandName: string): void
     exec(cmd: string, files?: Array<File> | string, opts?, dstHash?): void
+    toast({
+      mode,
+      msg,
+      hideDuration
+    }: {
+      mode: 'error' | 'warnning' | 'success'
+      msg: string
+      hideDuration: number
+    }): void
   }
 }
diff --git a/libs/elFinder/php/elFinder.class.php b/libs/elFinder/php/elFinder.class.php
@@ -606,7 +606,7 @@ public function __construct($opts)
         $this->version = (string)self::$ApiVersion;
 
         // set error handler of WARNING, NOTICE
-        $errLevel = E_WARNING | E_NOTICE | E_USER_WARNING | E_USER_NOTICE | E_STRICT | E_RECOVERABLE_ERROR;
+        $errLevel = E_WARNING | E_NOTICE | E_USER_WARNING | E_USER_NOTICE | E_RECOVERABLE_ERROR;
         if (defined('E_DEPRECATED')) {
             $errLevel |= E_DEPRECATED | E_USER_DEPRECATED;
         }
@@ -3528,7 +3528,7 @@ protected function upload($args)
             }
             if (!$_target || ($file = $volume->upload($fp, $_target, $name, $tmpname, ($_target === $target) ? $hashes : array())) === false) {
                 $errors = array_merge($errors, $this->error(self::ERROR_UPLOAD_FILE, $name, $volume->error()));
-                fclose($fp);
+                is_resource($fp) && fclose($fp);
                 if (!is_uploaded_file($tmpname) && unlink($tmpname)) {
                     unset($GLOBALS['elFinderTempFiles'][$tmpname]);
                 }
@@ -4467,7 +4467,7 @@ protected function itemLock($hashes, $autoUnlock = true)
         foreach ($hashes as $hash) {
             $lock = elFinder::$commonTempPath . DIRECTORY_SEPARATOR . self::filenameDecontaminate($hash) . '.lock';
             if ($this->itemLocked($hash)) {
-                $cnt = file_get_contents($lock) + 1;
+                $cnt = (int) file_get_contents($lock) + 1;
             } else {
                 $cnt = 1;
             }
@@ -4492,7 +4492,7 @@ protected function itemUnlock($hash)
             return true;
         }
         $lock = elFinder::$commonTempPath . DIRECTORY_SEPARATOR . $hash . '.lock';
-        $cnt = file_get_contents($lock);
+        $cnt = (int)file_get_contents($lock);
         if (--$cnt < 1) {
             unlink($lock);
             return true;
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "file-manager",
-  "version": "6.8",
+  "version": "6.8.1",
   "description": "Manage your file the way you like. You can upload, delete, copy, move, rename, compress, extract files. You don't need to worry about ftp. It is really simple and easy to use.",
   "author": "Bit Apps",
   "license": "GPL-2.0-or-later",
diff --git a/readme.txt b/readme.txt
@@ -5,7 +5,7 @@ Tags: File Manager, Code Editor, Snippet, Code Snippet, Editor
 Requires at least: 5.0
 Tested up to: 6.8.1
 Requires PHP: 7.4
-Stable tag: 6.8
+Stable tag: 6.8.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -329,6 +329,10 @@ Yes, It is possible to edit writeable files in the wordpress directory using cod
 
 == Changelog ==
 
+= 6.8.1 =
+- Fix: Uploaded file path not showing in log
+- Fix: Removed unwanted text from.
+
 = 6.8 =
 - Fix: Prevent svg upload with embedded js code but not allowed in permission settings
 - Fix: Fixed translated text not showing up on the frontend.

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "file-manager",`
`3`		`- "version": "6.8",`
	`3`	`+ "version": "6.8.1",`
`4`	`4`	`"description": "Manage your file the way you like. You can upload, delete, copy, move, rename, compress, extract files. You don't need to worry about ftp. It is really simple and easy to use.",`
`5`	`5`	`"author": "Bit Apps",`
`6`	`6`	`"license": "GPL-2.0-or-later",`