webVideoViewer/index.php

<html>
    <head>
        <title>WebVideoViewer</title>
    </head>
    <body>
    <?php

    $CONFIG = array( // TODO: check if still in one of these dirs to prevent escaping to other files
        "paths" => array(
            "/media/Serien",
            "/media/Filme"
        )
    );

    if(!isset($_GET['path']) || !$_GET['path']) {
        foreach($CONFIG['paths'] as $path) {
            echo "<h2>" . $path . "</h2>";

            $list = scandir($path);
            $list = array_diff($list, array('.', '..'));

            foreach($list as $object) {
                echo "<a href=\"?path=" . $path . "/" . $object . "\">" . $object . "</a><br>";
            }
        }
    } else {
        $_GET['path'] = str_replace('/..', '', $_GET['path']);
        $_GET['path'] = str_replace('../', '', $_GET['path']);
        $_GET['path'] = str_replace('..', '', $_GET['path']);

        echo "<h2>" . $_GET['path'] . "</h2>";
        if(is_dir($_GET['path'])) {
            $list = scandir($_GET['path']);
            $list = array_diff($list, array('.'));
            foreach($list as $object) {
                if($object == "..") {
                    $paths = explode('/', $_GET['path']);
                    $paths = array_diff($paths, array($paths[sizeof($paths) - 1]));
                    $pathv = "";
                    foreach($paths as $key => $path) {
                        if($key == sizeof($paths) - 1) {
                            $pathv .= $path;
                        } else {
                            $pathv .= $path . "/";
                        }
                    }
                    echo "<a href=\"?path=" . $pathv . "\">" . $object . "</a><br>";
                } else {
                    echo "<a href=\"?path=" . $_GET['path'] . "/" .  $object . "\">" . $object . "</a><br>";
                }
            }
        } else {
            $paths = explode('/', $_GET['path']);
            $paths = array_diff($paths, array($paths[sizeof($paths) - 1]));
            $pathv = "";
            foreach($paths as $key => $path) {
                if($key == sizeof($paths) - 1) {
                    $pathv .= $path;
                } else {
                    $pathv .= $path . "/";
                }
            }

            $mime = finfo_file(finfo_open(FILEINFO_MIME), $_GET['path']);
            $mime = explode(';', $mime);

            echo "<a href=\"?path=" . $pathv . "\">Back</a><br>";
            echo "<video width=\"auto\" height=\"auto\" controls>";
            echo "<source src=\"readfile.php?file=" . $_GET['path'] . "\" type=\"" . $mime[0] . "\">";
            echo "Your browser does not support the video tag.";
            echo "</video>";
        }
    }

    ?>
    </body>
</html>