Beispiel #1
0
function read_recursiv($path, $scan_subdirs, $result = NULL)
{
    if ($result == NULL) {
        $result = array();
    }
    $handle = opendir($path);
    if ($handle) {
        while (false !== ($file = readdir($handle))) {
            if ($file !== '.' && $file !== '..') {
                $name = $path . '/' . $file;
                #echo "<br>$name";
                $ignorename = str_replace($_SESSION['root'], '', $name);
                $ignorename = str_replace('\\', '/', $ignorename);
                if (is_dir($name) && $scan_subdirs) {
                    #echo " is a folder";
                    if (!in_array($ignorename, $_SESSION['ignorelist'])) {
                        $result = read_recursiv($name, true, $result);
                    }
                }
                #echo " is a file";
                if (in_array(substr($name, strrpos($name, '.')), $GLOBALS['FILETYPES'])) {
                    if (!in_array($ignorename, $_SESSION['ignorelist'])) {
                        $result[] = $name;
                    } else {
                        #echo " - IGNORE";
                    }
                }
            }
        }
    }
    #die("<br/>".date("H:i:s").' => "'.__FILE__.'": Line '.__LINE__);
    closedir($handle);
    return $result;
}
Beispiel #2
0
function read_recursiv($path, $scan_subdirs)
{
    $result = array();
    $handle = opendir($path);
    if ($handle) {
        while (false !== ($file = readdir($handle))) {
            if ($file !== '.' && $file !== '..') {
                $name = $path . '/' . $file;
                if (is_dir($name) && $scan_subdirs) {
                    $ar = read_recursiv($name, true);
                    foreach ($ar as $value) {
                        if (in_array(substr($value, strrpos($value, '.')), $GLOBALS['FILETYPES'])) {
                            $result[] = $value;
                        }
                    }
                } else {
                    if (in_array(substr($name, strrpos($name, '.')), $GLOBALS['FILETYPES'])) {
                        $result[] = $name;
                    }
                }
            }
        }
    }
    closedir($handle);
    return $result;
}
 function read_recursiv($path)
 {
     $result = array();
     $handle = opendir($path);
     $files_blacklist = array('.', '..', 'thumbs', 'resizedimages');
     if ($handle) {
         while (false !== ($file = readdir($handle))) {
             if (!in_array($file, $files_blacklist)) {
                 $name = $path . '/' . $file;
                 if (is_dir($name)) {
                     $ar = read_recursiv($name);
                     foreach ($ar as $value) {
                         $result[] = $value;
                     }
                     $result[] = $name;
                 }
             }
         }
     }
     closedir($handle);
     sort($result);
     return $result;
 }
Beispiel #4
0
include '../lib/scanner.php';
// scan for sinks in token list
include '../lib/printer.php';
// output scan result
include '../lib/searcher.php';
// search functions
###############################  MAIN  ####################################
$start = microtime(TRUE);
$output = array();
$info = array();
$scanned_files = array();
if (!empty($_POST['loc'])) {
    $location = realpath($_POST['loc']);
    if (is_dir($location)) {
        $scan_subdirs = isset($_POST['subdirs']) ? $_POST['subdirs'] : false;
        $files = read_recursiv($location, $scan_subdirs);
        if (count($files) > WARNFILES && !isset($_POST['ignore_warning'])) {
            die('warning:' . count($files));
        }
    } else {
        if (is_file($location) && in_array(substr($location, strrpos($location, '.')), $FILETYPES)) {
            $files[0] = $location;
        } else {
            $files = array();
        }
    }
    // SCAN
    $user_functions = array();
    $user_functions_offset = array();
    $file_sinks_count = array();
    $user_input = array();