tinyfilemanager icon indicating copy to clipboard operation
tinyfilemanager copied to clipboard

Published 20 hours ago verified publisher icon prasathmani

User-specific config files (to get around issue with document preview when using user-specific directories)

Open redherring917b opened this issue 2 years ago • 0 comments

Hi there. I too encountered the issues discussed elsewhere when try to preview documents when using user-specific directories. In an attempt to work around that, my thought was to:

  1. pass URL parameters that identify the current user to tinyfilemanager.php (I understand security implications - it's a unique combo of parameters that expires)
  2. in tinyfilemanager.php, do a database lookup using the passed URL parameters to validate the current user and to retrieve that user's unique config filename
  3. use @include($config_file) where the value of $config_file is the location and filename of the specific user's config file, in which I then set the value of $root_url accordingly, restricting them to just their folder(s)

Just before the line // --- EDIT BELOW CAREFULLY OR DO NOT EDIT AT ALL --- in tinyfilemanager.php I can successfully output the value of $config_file and confirm that it does in fact point to the correct location and filename of the specific user's config file. So my steps 1, 2 and 3 are successful. BUT... something that follows in the tinyfilemanager.php script is clobbering this.

This code at the end of my steps 1, 2 and 3 correctly outputs the user-specific config file location and filename:

echo "config_file: ".$config_file."
"; exit; // --- EDIT BELOW CAREFULLY OR DO NOT EDIT AT ALL ---

However, this code at the end of my steps 1, 2 and 3 does NOT because if I work backwards I can see that the values of the URL parameters that I've retrieved via $_GET statements are now empty or NULL, so I'm not able to pull the required data from the database because I don't have the necessary parameters. Again, the ONLY change here is the exit; line being commented out.

echo "config_file: ".$config_file."
"; //exit; // --- EDIT BELOW CAREFULLY OR DO NOT EDIT AT ALL ---

So it seems that something in the main tinyfilemanager.php script below the // --- EDIT BELOW CAREFULLY OR DO NOT EDIT AT ALL --- line is somehow messing with the URL parameters that I'm trying to $_GET. I don't understand how code "lower down" in the script is wrecking variables that I $_GET up "higher" in the script, but this does appear to be what's happening.

I'd love some insight into this! I suppose I'd also accept a workaround for the document preview issue when using user-specific directories that would allow me to use just a single config file.

Thanks!

redherring917b avatar Jul 13 '22 18:07 redherring917b