function listing ($list) {
global $directory, $homedir, $sort, $reverse, $win, $cols, $date_format, $self;
echo '<tr class="listing">
<th style="text-align: center; vertical-align: middle"></th>
';
$d = 'tool=Files&dir=' . urlencode($directory) . '&';
if (!$reverse && $sort == 'filename') $r = '&reverse=true'; else $r = '';
echo "\t<th class=\"filename\"><a href=\"$self?{$d}sort=filename$r\">" . word('filename') . "</a></th>\n";
if (!$reverse && $sort == 'size') $r = '&reverse=true'; else $r = '';
echo "\t<th class=\"size\"><a href=\"$self?{$d}sort=size$r\">" . word('size') . "</a></th>\n";
if (!$win) {
if (!$reverse && $sort == 'permission') $r = '&reverse=true'; else $r = '';
echo "\t<th class=\"permission_header\"><a href=\"$self?{$d}sort=permission$r\">" . word('permission') . "</a></th>\n";
if (!$reverse && $sort == 'owner') $r = '&reverse=true'; else $r = '';
echo "\t<th class=\"owner\"><a href=\"$self?{$d}sort=owner$r\">" . word('owner') . "</a></th>\n";
if (!$reverse && $sort == 'group') $r = '&reverse=true'; else $r = '';
echo "\t<th class=\"group\"><a href=\"$self?{$d}sort=group$r\">" . word('group') . "</a></th>\n";
}
echo ' <th class="functions">' . word('functions') . '</th>
</tr>
';
for ($i = 0; $i < sizeof($list); $i++) {
$file = $list[$i];
$timestamps = 'mtime: ' . date($date_format, $file['mtime']) . ', ';
$timestamps .= 'atime: ' . date($date_format, $file['atime']) . ', ';
$timestamps .= 'ctime: ' . date($date_format, $file['ctime']);
echo '<tr class="listing">
<td class="checkbox"><input type="checkbox" name="checked' . $i . '" value="true" onfocus="activate(\'other\')" /></td>
<td class="filename" title="' . html($timestamps) . '">';
if ($file['is_link']) {
echo html($file['filename']) . ' → ';
$real_file = relative2absolute($file['target'], $directory);
if (@is_readable($real_file)) {
if (@is_dir($real_file)) {
echo '[ <a href="' . $self . '?tool=Files&dir=' . urlencode($real_file) . '">' . html($file['target']) . '</a> ]';
} else {
echo '<a href="' . $self . '?tool=Files&action=view&file=' . urlencode($real_file) . '">' . html($file['target']) . '</a>';
}
} else {
echo html($file['target']);
}
} elseif ($file['is_dir']) {
echo ' [ ';
if ($win || $file['is_executable']) {
echo '<a href="' . $self . '?tool=Files&dir=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
} else {
echo html($file['filename']);
}
echo ' ]';
} else {
if (substr($file['filename'], 0, 1) == '.') {
echo '';
} else {
echo '';
}
if ($file['is_file'] && $file['is_readable']) {
echo '<a href="' . $self . '?tool=Files&action=view&file=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
} else {
echo html($file['filename']);
}
}
if ($file['size'] >= 1000) {
$human = ' title="' . human_filesize($file['size']) . '"';
} else {
$human = '';
}
echo "\t<td class=\"size\"$human>{$file['size']} B</td>\n";
if (!$win) {
echo "\t<td class=\"permission\" title=\"" . decoct($file['permission']) . '">';
$l = !$file['is_link'] && (!function_exists('posix_getuid') || $file['owner'] == posix_getuid());
if ($l) echo '<a href="' . $self . '?tool=Files&action=permission&file=' . urlencode($file['path']) . '&dir=' . urlencode($directory) . '">';
echo html(permission_octal2string($file['permission']));
if ($l) echo '</a>';
echo "</td>\n";
if (array_key_exists('owner_name', $file)) {
echo "\t<td class=\"owner\" title=\"uid: {$file['owner']}\">{$file['owner_name']}</td>\n";
} else {
echo "\t<td class=\"owner\">{$file['owner']}</td>\n";
}
if (array_key_exists('group_name', $file)) {
echo "\t<td class=\"group\" title=\"gid: {$file['group']}\">{$file['group_name']}</td>\n";
} else {
echo "\t<td class=\"group\">{$file['group']}</td>\n";
}
}
echo ' <td class="functions">
<input type="hidden" name="file' . $i . '" value="' . html($file['path']) . '" />
';
$actions = array();
if (function_exists('symlink')) {
$actions[] = 'create_symlink';
}
if (@is_writable(dirname($file['path']))) {
$actions[] = 'delete';
$actions[] = 'rename';
$actions[] = 'move';
}
if ($file['is_file'] && $file['is_readable']) {
$actions[] = 'copy';
$actions[] = 'download';
if ($file['is_writable']) $actions[] = 'edit';
}
if (!$win && function_exists('exec') && $file['is_file'] && $file['is_executable'] && file_exists('/bin/sh')) {
$actions[] = 'execute';
}
if (sizeof($actions) > 0) {
echo ' <select class="small" name="action' . $i . '" size="1">
<option value="">' . str_repeat(' ', 30) . '</option>
';
foreach ($actions as $action) {
echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
}
echo ' </select>
<input class="small" type="submit" name="submit' . $i . '" value=" > " onfocus="activate(\'other\')" />
';
}
echo ' </td>
</tr>
';
}
echo '<tr class="listing_footer">
<td style="text-align: right; vertical-align: top"></td>
<td colspan="' . ($cols - 1) . '">
<input type="hidden" name="num" value="' . sizeof($list) . '" />
<input type="hidden" name="focus" value="" />
<input type="hidden" name="olddir" value="' . html($directory) . '" />
';
$actions = array();
if (@is_writable(dirname($file['path']))) {
$actions[] = 'delete';
$actions[] = 'move';
}
$actions[] = 'copy';
echo ' <select class="small" name="action_all" size="1">
<option value="">' . str_repeat(' ', 30) . '</option>
';
foreach ($actions as $action) {
echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
}
echo ' </select>
<input class="small" type="submit" name="submit_all" value=" > " onfocus="activate(\'other\')" />
</td>
</tr>
';
}
/**
* download http request recursive (If found HTTP 3xx)
* @param string $url to download
* @param resource $toSource to download
* @return array retuns array
*/
function downloadSource($url, $toSource, $caller) {
$errno = 0;
$errstr = '';
++$caller;
if($caller > MAX_LOOP) {
return array('error' => 'Limit of ' . MAX_LOOP . ' redirects was exceeded, maybe there is a problem: ' . $url);
}
$uri = parse_url($url);
$secure = strcasecmp($uri['scheme'], 'https') === 0;
if($secure) {
$response = supportSSL();
if($response !== true) {
return array('error' => $response);
}
}
$port = isset($uri['port']) && strlen($uri['port']) > 0 ? (int) $uri['port'] : ($secure === true ? 443 : 80);
$host = ($secure ? 'ssl://' : '') . $uri['host'];
$fp = fsockopen($host, $port, $errno, $errstr, TIMEOUT);
if($fp === false) {
return array('error' => 'SOCKET: ' . $errstr . '(' . ((string) $errno) . ')');
} else {
fwrite(
$fp, 'GET ' . (
isset($uri['path']) && strlen($uri['path']) > 0 ? $uri['path'] : '/'
) . (
isset($uri['query']) && strlen($uri['query']) > 0 ? ('?' . $uri['query']) : ''
) . ' HTTP/1.0' . WOL . EOL
);
if(isset($uri['user'])) {
$auth = base64_encode($uri['user'] . ':' . (isset($uri['pass']) ? $uri['pass'] : ''));
fwrite($fp, 'Authorization: Basic ' . $auth . WOL . EOL);
}
if(isset($_SERVER['HTTP_ACCEPT']) && strlen($_SERVER['HTTP_ACCEPT']) > 0) {
fwrite($fp, 'Accept: ' . $_SERVER['HTTP_ACCEPT'] . WOL . EOL);
}
if(isset($_SERVER['HTTP_USER_AGENT']) && strlen($_SERVER['HTTP_USER_AGENT']) > 0) {
fwrite($fp, 'User-Agent: ' . $_SERVER['HTTP_USER_AGENT'] . WOL . EOL);
}
if(isset($_SERVER['HTTP_REFERER']) && strlen($_SERVER['HTTP_REFERER']) > 0) {
fwrite($fp, 'Referer: ' . $_SERVER['HTTP_REFERER'] . WOL . EOL);
}
fwrite($fp, 'Host: ' . $uri['host'] . WOL . EOL);
fwrite($fp, 'Connection: close' . WOL . EOL . WOL . EOL);
$isRedirect = true;
$isBody = false;
$isHttp = false;
$mime = null;
$data = '';
while(false === feof($fp)) {
if(MAX_EXEC !== 0 && (time() - INIT_EXEC) >= MAX_EXEC) {
return array('error' => 'Maximum execution time of ' . ((string) (MAX_EXEC + 5)) . ' seconds exceeded, configure this with ini_set/set_time_limit or "php.ini" (if safe_mode is enabled)');
}
$data = fgets($fp);
if($data === false) { continue; }
if($isHttp === false) {
if(preg_match('#^HTTP[/]1[.]#i', $data) === 0) {
fclose($fp);//Close connection
$data = '';
return array('error' => 'This request did not return a HTTP response valid');
}
$tmp = preg_replace('#(HTTP/1[.]\\d |[^0-9])#i', '',
preg_replace('#^(HTTP/1[.]\\d \\d{3}) [\\w\\W]+$#i', '$1', $data)
);
if($tmp === '304') {
fclose($fp);//Close connection
$data = '';
return array('error' => 'Request returned HTTP_304, this status code is incorrect because the html2canvas not send Etag');
} else {
$isRedirect = preg_match('#^(301|302|303|307|308)$#', $tmp) !== 0;
if($isRedirect === false && $tmp !== '200') {
fclose($fp);
$data = '';
return array('error' => 'Request returned HTTP_' . $tmp);
}
$isHttp = true;
continue;
}
}
if($isBody === false) {
if(preg_match('#^location[:]#i', $data) !== 0) {//200 force 302
fclose($fp);//Close connection
$data = trim(preg_replace('#^location[:]#i', '', $data));
if($data === '') {
return array('error' => '"Location:" header is blank');
}
$nextUri = $data;
$data = relative2absolute($url, $data);
if($data === '') {
return array('error' => 'Invalid scheme in url (' . $nextUri . ')');
}
if(isHttpUrl($data) === false) {
return array('error' => '"Location:" header redirected for a non-http url (' . $data . ')');
}
return downloadSource($data, $toSource, $caller);
} else if(preg_match('#^content[-]length[:]( 0|0)$#i', $data) !== 0) {
fclose($fp);
$data = '';
return array('error' => 'source is blank (Content-length: 0)');
} else if(preg_match('#^content[-]type[:]#i', $data) !== 0) {
$mime = trim(
preg_replace('/[;]([\\s\\S]|)+$/', '',
str_replace('content-type:', '',
str_replace('/x-', '/', strtolower($data))
)
)
);
if(in_array($mime, array(
'image/bmp', 'image/windows-bmp', 'image/ms-bmp',
'image/jpeg', 'image/jpg', 'image/png', 'image/gif',
'text/html', 'application/xhtml', 'application/xhtml+xml'
)) === false) {
fclose($fp);
$data = '';
return array('error' => $mime . ' mimetype is invalid');
}
} else if($isBody === false && trim($data) === '') {
$isBody = true;
continue;
}
} else if($isRedirect === true) {
fclose($fp);
$data = '';
return array('error' => 'The response should be a redirect "' . $url . '", but did not inform which header "Localtion:"');
} else if($mime === null) {
fclose($fp);
$data = '';
return array('error' => 'Not set the mimetype from "' . $url . '"');
} else {
fwrite($toSource, $data);
continue;
}
}
fclose($fp);
$data = '';
if($isBody === false) {
return array('error' => 'Content body is empty');
} else if($mime === null) {
return array('error' => 'Not set the mimetype from "' . $url . '"');
}
return array(
'mime' => $mime
);
}
}
function getUrl($buffer, $forbidden_types, $forbidden_strings)
{
global $_POST, $stack;
$website = JRequest::getVar('http_host', 'none', 'POST', 'STRING', JREQUEST_ALLOWHTML);
$web = parse_url($website);
strtolower(substr($web['host'], 0, 4)) == "www." ? $web['host'] = substr($web['host'], 4) : null;
/*if(substr($website,-1)=="/") $website=substr($website,0,-1);
if(substr($web['path'],-1)=="/") $web['path']=substr($web['path'],0,-1);*/
$tmparray = array();
foreach ($buffer as $key) {
if ($web['scheme'] . "://www." . $web['host'] . "/" == $key or $web['scheme'] . "://" . $web['host'] . "/" == $key) {
$key = $website;
}
if (strtolower(substr($key, 0, 4)) != "http") {
// slash management
if (substr($key, 0, 1) == "/" and substr($website, -1) == "/") {
$key = substr($key, 1);
//print $key."<br>";
}
// $website: support-masters.ch/
($web['path'] != "" and $web['path'] != "/") ? $key = substr($website, 0, strpos($website, $web['path'])) . $key : ($key = $website . $key);
}
//print_r($web['scheme']."://(.*?)\.".$web['host']); die();
$key = preg_replace(array('/([\\?&]PHPSESSID=\\w+)$/i', '/(#[^\\/]*)$/i', '/&/', '/^(javascript:.*)|(javascript:.*)$/i'), array('', '', '&', '', ''), $key);
$suchmuster = "/" . $web['scheme'] . ":\\/\\/(.*?)" . $web['host'] . str_replace('/', '\\/', $web['path']) . "/";
preg_match($suchmuster, $key, $treffer);
$key = myUrlcode(trim(relative2absolute($website, $key)));
//print $key."\n";
/* todo add url from Location: header tag without any check */
//&& fl_begins($key,$treffer)==true
if (!in_array($key, $tmparray) && !in_array($key, $stack) && count($treffer) > 0 && fl_contains($key, $forbidden_strings) == false && in_array(substr($key, strrpos($key, ".")), $forbidden_types) === false) {
//$key=trim(str_replace("&","&",$key));
//print trim(myUrlcode($key))."<br>";
$tmparray[] = $key;
}
unset($key, $treffer);
}
//endforeach
unset($buffer);
return $tmparray;
}
function getUrl($buffer, $forbidden_types, $forbidden_strings)
{
global $_POST;
$website = HTTP_HOST;
$web = parse_url($website);
strtolower(substr($web['host'], 0, 4)) == "www." ? $web['host'] = substr($web['host'], 4) : null;
$tmparray = array();
foreach ($buffer as $key) {
if ($web['scheme'] . "://www." . $web['host'] . "/" == $key or $web['scheme'] . "://" . $web['host'] . "/" == $key) {
$key = $website;
}
if (strtolower(substr($key, 0, 4)) != "http") {
// slash management
if (substr($key, 0, 1) == "/" and substr($website, -1) == "/") {
$key = substr($key, 1);
//print $key."<br>";
}
($web['path'] != "" and $web['path'] != "/") ? $key = substr($website, 0, strpos($website, $web['path'])) . $key : ($key = $website . $key);
}
$key = preg_replace(array('/([\\?&]PHPSESSID=\\w+)$/i', '/(#[^\\/]*)$/i', '/&/', '/^(javascript:.*)|(javascript:.*)$/i'), array('', '', '&', '', ''), $key);
$pattern = "/" . $web['scheme'] . ":\\/\\/(.*?)" . $web['host'] . str_replace('/', '\\/', $web['path']) . "/";
preg_match($pattern, $key, $treffer);
$key = encodeUrl(trim(relative2absolute($website, $key)));
/* todo add url from Location: header tag without any check */
if (!in_array($key, $tmparray) && count($treffer) > 0 && searchInArray($key, $forbidden_strings) == false && in_array(substr($key, strrpos($key, ".")), $forbidden_types) === false) {
$tmparray[] = $key;
}
unset($key, $treffer);
}
//endforeach
unset($buffer);
return $tmparray;
}
