app/controllers/FilemanagerController.php - airavata-php-gateway - Git at Google

 <?php

 class FilemanagerController extends BaseController
 {
 	public function __construct()
     {
         $this->beforeFilter('verifylogin');
         $this->beforeFilter('verifyauthorizeduser');
         Session::put("nav-active", "storage");
     }

     public function browse(){
 		//FIXME check for no ../ parts in the path
 		if(Input::has("path") && (0 == strpos(Input::get("path"), Session::get('username'))
 				|| 0 == strpos(Input::get("path"), "/" . Session::get('username')))){
 			$path = Input::get("path");
 			if(0 === strpos($path, '/')){
 				$path = substr($path, 1);
 			}
 		}else{
 			$path = Session::get("username");
 		}
 		return View::make("files/browse",array("path"=>$path));
     }

 	public function get(){
 		if(Session::has('username') ){

 			$path = Input::get('path');
 			/*
 			if( $path == null || (0 !== strpos($path, Session::get('username']))){
 			    header('HTTP/1.0 403 Forbidden');
 			}
 			*/
 			$DATA_ROOT = Config::get("pga_config.airavata")["experiment-data-absolute-path"];
 			$data_path = $DATA_ROOT . "/" . $path;
 			if (!file_exists( $data_path))
 				echo FileManager::msg(False, "$path does not exist");

 			if (is_dir( $data_path))
 			    echo FileManager::get_content( $DATA_ROOT .  "/", $path);
 			else
 			    echo file_get_contents($data_path);
 		}
 	}
 }
	<?php

	class FilemanagerController extends BaseController
	{
	public function __construct()
	{
	$this->beforeFilter('verifylogin');
	$this->beforeFilter('verifyauthorizeduser');
	Session::put("nav-active", "storage");
	}

	public function browse(){
	//FIXME check for no ../ parts in the path
	if(Input::has("path") && (0 == strpos(Input::get("path"), Session::get('username'))
	\|\| 0 == strpos(Input::get("path"), "/" . Session::get('username')))){
	$path = Input::get("path");
	if(0 === strpos($path, '/')){
	$path = substr($path, 1);
	}
	}else{
	$path = Session::get("username");
	}
	return View::make("files/browse",array("path"=>$path));
	}

	public function get(){
	if(Session::has('username') ){

	$path = Input::get('path');
	/*
	if( $path == null \|\| (0 !== strpos($path, Session::get('username']))){
	header('HTTP/1.0 403 Forbidden');
	}
	*/
	$DATA_ROOT = Config::get("pga_config.airavata")["experiment-data-absolute-path"];
	$data_path = $DATA_ROOT . "/" . $path;
	if (!file_exists( $data_path))
	echo FileManager::msg(False, "$path does not exist");

	if (is_dir( $data_path))
	echo FileManager::get_content( $DATA_ROOT . "/", $path);
	else
	echo file_get_contents($data_path);
	}
	}
	}