Lots of work refining the overall system including:

  - Added system messages functionality and relevant error messages where applicable
  - More security for preventing file traversal where not allowed
  - Miscellaneous code tweaks and cleanup

index.php

@@ -21,8 +21,6 @@
 
 <div class="container">
 
-
-
     <div class="breadcrumb-wrapper">
         <ul class="breadcrumb">
             <?php //foreach($lister->listBreadcrumbs() as $breadcrumb): ?>
@@ -39,6 +37,15 @@
         </ul>
     </div>
 
+    <?php if($lister->getSystemMessages()): ?>
+        <?php foreach ($lister->getSystemMessages() as $message): ?>
+            <div class="alert alert-<?php echo $message['type']; ?>">
+                <?php echo $message['text']; ?>
+                <a class="close" data-dismiss="alert" href="#">&times;</a>
+            </div>
+        <?php endforeach; ?>
+    <?php endif; ?> 
+
     <div id="header" class="clearfix">
         <span class="fileName">File</span>
         <span class="fileSize">Size</span>

resources/DirectoryLister.php

@@ -19,41 +19,18 @@ class DirectoryLister {
     const VERSION = '2.0.0-dev';
 
     // Set some default variables
-    protected $_directory   = NULL;
-    protected $_appDir      = NULL;
-    protected $_appURL      = NULL;
-    protected $_settings    = NULL;
+    protected $_directory     = NULL;
+    protected $_appDir        = NULL;
+    protected $_appURL        = NULL;
+    protected $_settings      = NULL;
+    protected $_systemMessage = NULL;
 
 
     /**
      * DirectoryLister construct function. Runs on object creation.
      */
     function __construct() {
 
-        // Set the directory to list
-        if (@$_GET['dir']) {
-            $this->_directory = $_GET['dir'];
-        } else {
-            $this->_directory = '.';
-        }
-
-        // Prevent access to parent folders
-        if (substr_count($this->_directory,'.',0,1) !== 0
-        || substr_count($this->_directory,'..') !== 0
-        || substr_count($this->_directory,'<') !== 0
-        || substr_count($this->_directory,'>') !== 0
-        || substr_count($this->_directory,'/',0,1) !== 0) {
-            $this->_directory = '.';
-        } else {
-            // Should stop all URL wrappers (Thanks to Hexatex)
-            $this->_directory = './' . $this->_directory;
-        }
-
-        // Remove trailing slash if present
-        if(substr($this->_directory, -1, 1) == '/') {
-            $this->_directory = substr($this->_directory, 0, -1);
-        }
-
         // Set class directory constant
         if(!defined('__DIR__')) {
             define('__DIR__', dirname(__FILE__));
@@ -84,26 +61,68 @@ function __construct() {
         // Build the application URL
         $this->_appURL = $protocol . $host . $path;
 
-        // Get file settings
+        // Load the configuration file
         $configFile = $this->_appDir . '/settings.php';
 
         if (file_exists($configFile)) {
             include($configFile);
         } else {
-            die('ERROR: Unable to locate config');
+            $this->setSystemMessage('error', '<b>ERROR:</b> Unable to locate application config file');
+        }
+
+        // Get the directory path for listing
+        if (!empty($_GET['dir'])) {
+            $dir = $_GET['dir'];
+        } else {
+            $dir = '.';
+        }
+
+        // Remove trailing slash if present
+        if(substr($dir, -1, 1) == '/') {
+            $dir = substr($dir, 0, -1);
+        }
+
+        // Prevent access to hidden files
+        if (in_array(strtolower($dir), $this->_settings['hidden_files'])) {
+            // Set the error message
+            $this->setSystemMessage('error', '<b>ERROR:</b> Access denied');
+
+            // Set the directory to web root
+            $dir = '.';
+        }
+
+        // Prevent access to dotfiles if specified
+        if ($this->_settings['hide_dot_files']) {
+            if (strlen($dir) > 1 && substr($dir, 0, 1) == '.') {
+                // Set the error message
+                $this->setSystemMessage('error', '<b>ERROR:</b> Access denied');
+
+                // Set the directory to web root
+                $dir = '.';
+            }
+        }
+
+        // Check if file path exists
+        if (!file_exists($dir)) {
+            // Set the error message
+            $this->setSystemMessage('error', '<b>ERROR:</b> File path does not exist');
+
+            // Set the directory to web root
+            $dir = '.';
+        }
+
+        // Prevent access to parent folders
+        if (strstr($dir, '<') || strstr($dir, '>') || strstr($dir, '..') || substr($dir, 0, 1) == '/') {
+            // Set the error message
+            $this->setSystemMessage('error', '<b>ERROR:</b> An invalid path string was deceted');
+
+            // Set the directory to web root
+            $this->_directory = '.';
+        } else {
+            // Should stop all URL wrappers (Thanks to Hexatex)
+            $this->_directory = $dir;
         }
 
-    }
-
-
-    /**
-     * Special init method for simple one-line interface.
-     * 
-     * @access public
-     */
-    public static function init() {
-        $reflection = new ReflectionClass(__CLASS__);
-        return $reflection->newInstanceArgs(func_get_args());
     }
 
 
@@ -150,7 +169,23 @@ public function listBreadcrumbs($directory = NULL) {
 
 
     /**
-     * Loop through directory and return array with pertinent information
+     * Get an array of error messages or false when empty.
+     * 
+     * @return array Array of error messages
+     * @access public
+     */
+    public function getSystemMessages() {
+        if (isset($this->_systemMessage) && is_array($this->_systemMessage)) {
+            return $this->_systemMessage;
+        } else {
+            return false;
+        }
+    }
+
+
+    /**
+     * Loop through directory and return array with file info, including
+     * file path, size, modification time, icon and sort order.
      * 
      * @access private
      */
@@ -285,6 +320,30 @@ protected function _sortArray($array) {
         return $sortedArray;
     }
 
+
+    /**
+     * Add a message to the system message array
+     * 
+     * @param string $type The type of message (ie - error, success, notice, etc.)
+     * @param string $message The message to be displayed to the user
+     * @access public
+     */
+    public function setSystemMessage($type, $text) {
+
+        // Create empty message array if it doesn't already exist
+        if (isset($this->_systemMessage) && !is_array($this->_systemMessage)) {
+            $this->_systemMessage = array();
+        } 
+
+        // Set the error message
+        $this->_systemMessage[] = array(
+            'type'  => $type,
+            'text'  => $text
+        );
+
+        return true;
+    }
+
 }
 
 ?>

resources/settings.php

@@ -0,0 +1,134 @@
+<?php
+
+/**
+ * Initialize settings array
+ */
+
+$this->_settings = array();
+
+
+/**
+ * Basic settings
+ */
+
+$this->_settings['hide_dot_files']     = TRUE;
+$this->_settings['list_folders_first'] = TRUE;
+$this->_settings['list_sort_order']    = 'natcasesort';
+
+
+/**
+ * Hidden files
+ */
+
+$this->_settings['hidden_files'] = array();
+
+$this->_settings['hidden_files'][] = '.htaccess';
+$this->_settings['hidden_files'][] = '.htpasswd';
+// $this->_settings['hidden_files'][] = 'resources';
+
+
+/**
+ * Cache settings
+ */
+
+// $this->_settings['cache_enable'] = FALSE;
+// $this->_settings['cache_expire'] = 0;
+
+
+
+/**
+ * Icon settings
+ */
+
+$this->_settings['file_types'] = array(
+
+    //Applications
+    'app'   => 'app.png',
+    'bat'   => 'app.png',
+    'deb'   => 'app.png',
+    'exe'   => 'app.png',
+    'msi'   => 'app.png',
+    'rpm'   => 'app.png',
+
+    // Archives
+    '7z'    => 'archive.png',
+    'bz'    => 'archive.png',
+    'gz'    => 'archive.png',
+    'rar'   => 'archive.png',
+    'tar'   => 'archive.png',
+    'zip'   => 'archive.png',
+
+    // Audio
+    'aac'   => 'music.png',
+    'mid'   => 'music.png',
+    'midi'  => 'music.png',
+    'mp3'   => 'music.png',
+    'ogg'   => 'music.png',
+    'wma'   => 'music.png',
+    'wav'   => 'music.png',
+
+    // Code
+    'c'     => 'code.png',
+    'cpp'   => 'code.png',
+    'css'   => 'code.png',
+    'erb'   => 'code.png',
+    'htm'   => 'code.png',
+    'html'  => 'code.png',
+    'java'  => 'code.png',
+    'js'    => 'code.png',
+    'php'   => 'code.png',
+    'pl'    => 'code.png',
+    'py'    => 'code.png',
+    'rb'    => 'code.png',
+    'xhtml' => 'code.png',
+    'xml'   => 'code.png',
+
+    // Disc Images
+    'cue'   => 'cd.png',
+    'iso'   => 'cd.png',
+    'mdf'   => 'cd.png',
+    'mds'   => 'cd.png',
+    'mdx'   => 'cd.png',
+    'nrg'   => 'cd.png',
+
+    // Documents
+    'csv'   => 'excel.png',
+    'doc'   => 'word.png',
+    'docx'  => 'word.png',
+    'odt'   => 'text.png',
+    'pdf'   => 'pdf.png',
+    'xls'   => 'excel.png',
+    'xlsx'  => 'excel.png',
+
+    // Images
+    'bmp'   => 'image.png',
+    'gif'   => 'image.png',
+    'jpg'   => 'image.png',
+    'jpeg'  => 'image.png',
+    'png'   => 'image.png',
+    'tga'   => 'image.png',
+
+    // Scripts
+    'bat'   => 'terminal.png',
+    'cmd'   => 'terminal.png',
+    'sh'    => 'terminal.png',
+
+    // Text
+    'log'   => 'text.png',
+    'rtf'   => 'text.png',
+    'txt'   => 'text.png',
+
+    // Video
+    'avi'   => 'video.png',
+    'mkv'   => 'video.png',
+    'mov'   => 'video.png',
+    'mp4'   => 'video.png',
+    'mpg'   => 'video.png',
+    'wmv'   => 'video.png',
+    'swf'   => 'flash.png',
+
+    // Other
+    'msg'   => 'message.png'
+);
+
+?>