function listing ($list) { global $directory, $homedir, $sort, $reverse, $win, $cols, $date_format, $self; echo '<tr class="listing"> <th style="text-align: center; vertical-align: middle"></th> '; $d = 'tool=Files&dir=' . urlencode($directory) . '&'; if (!$reverse && $sort == 'filename') $r = '&reverse=true'; else $r = ''; echo "\t<th class=\"filename\"><a href=\"$self?{$d}sort=filename$r\">" . word('filename') . "</a></th>\n"; if (!$reverse && $sort == 'size') $r = '&reverse=true'; else $r = ''; echo "\t<th class=\"size\"><a href=\"$self?{$d}sort=size$r\">" . word('size') . "</a></th>\n"; if (!$win) { if (!$reverse && $sort == 'permission') $r = '&reverse=true'; else $r = ''; echo "\t<th class=\"permission_header\"><a href=\"$self?{$d}sort=permission$r\">" . word('permission') . "</a></th>\n"; if (!$reverse && $sort == 'owner') $r = '&reverse=true'; else $r = ''; echo "\t<th class=\"owner\"><a href=\"$self?{$d}sort=owner$r\">" . word('owner') . "</a></th>\n"; if (!$reverse && $sort == 'group') $r = '&reverse=true'; else $r = ''; echo "\t<th class=\"group\"><a href=\"$self?{$d}sort=group$r\">" . word('group') . "</a></th>\n"; } echo ' <th class="functions">' . word('functions') . '</th> </tr> '; for ($i = 0; $i < sizeof($list); $i++) { $file = $list[$i]; $timestamps = 'mtime: ' . date($date_format, $file['mtime']) . ', '; $timestamps .= 'atime: ' . date($date_format, $file['atime']) . ', '; $timestamps .= 'ctime: ' . date($date_format, $file['ctime']); echo '<tr class="listing"> <td class="checkbox"><input type="checkbox" name="checked' . $i . '" value="true" onfocus="activate(\'other\')" /></td> <td class="filename" title="' . html($timestamps) . '">'; if ($file['is_link']) { echo html($file['filename']) . ' → '; $real_file = relative2absolute($file['target'], $directory); if (@is_readable($real_file)) { if (@is_dir($real_file)) { echo '[ <a href="' . $self . '?tool=Files&dir=' . urlencode($real_file) . '">' . html($file['target']) . '</a> ]'; } else { echo '<a href="' . $self . '?tool=Files&action=view&file=' . urlencode($real_file) . '">' . html($file['target']) . '</a>'; } } else { echo html($file['target']); } } elseif ($file['is_dir']) { echo ' [ '; if ($win || $file['is_executable']) { echo '<a href="' . $self . '?tool=Files&dir=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>'; } else { echo html($file['filename']); } echo ' ]'; } else { if (substr($file['filename'], 0, 1) == '.') { echo ''; } else { echo ''; } if ($file['is_file'] && $file['is_readable']) { echo '<a href="' . $self . '?tool=Files&action=view&file=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>'; } else { echo html($file['filename']); } } if ($file['size'] >= 1000) { $human = ' title="' . human_filesize($file['size']) . '"'; } else { $human = ''; } echo "\t<td class=\"size\"$human>{$file['size']} B</td>\n"; if (!$win) { echo "\t<td class=\"permission\" title=\"" . decoct($file['permission']) . '">'; $l = !$file['is_link'] && (!function_exists('posix_getuid') || $file['owner'] == posix_getuid()); if ($l) echo '<a href="' . $self . '?tool=Files&action=permission&file=' . urlencode($file['path']) . '&dir=' . urlencode($directory) . '">'; echo html(permission_octal2string($file['permission'])); if ($l) echo '</a>'; echo "</td>\n"; if (array_key_exists('owner_name', $file)) { echo "\t<td class=\"owner\" title=\"uid: {$file['owner']}\">{$file['owner_name']}</td>\n"; } else { echo "\t<td class=\"owner\">{$file['owner']}</td>\n"; } if (array_key_exists('group_name', $file)) { echo "\t<td class=\"group\" title=\"gid: {$file['group']}\">{$file['group_name']}</td>\n"; } else { echo "\t<td class=\"group\">{$file['group']}</td>\n"; } } echo ' <td class="functions"> <input type="hidden" name="file' . $i . '" value="' . html($file['path']) . '" /> '; $actions = array(); if (function_exists('symlink')) { $actions[] = 'create_symlink'; } if (@is_writable(dirname($file['path']))) { $actions[] = 'delete'; $actions[] = 'rename'; $actions[] = 'move'; } if ($file['is_file'] && $file['is_readable']) { $actions[] = 'copy'; $actions[] = 'download'; if ($file['is_writable']) $actions[] = 'edit'; } if (!$win && function_exists('exec') && $file['is_file'] && $file['is_executable'] && file_exists('/bin/sh')) { $actions[] = 'execute'; } if (sizeof($actions) > 0) { echo ' <select class="small" name="action' . $i . '" size="1"> <option value="">' . str_repeat(' ', 30) . '</option> '; foreach ($actions as $action) { echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n"; } echo ' </select> <input class="small" type="submit" name="submit' . $i . '" value=" > " onfocus="activate(\'other\')" /> '; } echo ' </td> </tr> '; } echo '<tr class="listing_footer"> <td style="text-align: right; vertical-align: top"></td> <td colspan="' . ($cols - 1) . '"> <input type="hidden" name="num" value="' . sizeof($list) . '" /> <input type="hidden" name="focus" value="" /> <input type="hidden" name="olddir" value="' . html($directory) . '" /> '; $actions = array(); if (@is_writable(dirname($file['path']))) { $actions[] = 'delete'; $actions[] = 'move'; } $actions[] = 'copy'; echo ' <select class="small" name="action_all" size="1"> <option value="">' . str_repeat(' ', 30) . '</option> '; foreach ($actions as $action) { echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n"; } echo ' </select> <input class="small" type="submit" name="submit_all" value=" > " onfocus="activate(\'other\')" /> </td> </tr> '; }
/** * download http request recursive (If found HTTP 3xx) * @param string $url to download * @param resource $toSource to download * @return array retuns array */ function downloadSource($url, $toSource, $caller) { $errno = 0; $errstr = ''; ++$caller; if($caller > MAX_LOOP) { return array('error' => 'Limit of ' . MAX_LOOP . ' redirects was exceeded, maybe there is a problem: ' . $url); } $uri = parse_url($url); $secure = strcasecmp($uri['scheme'], 'https') === 0; if($secure) { $response = supportSSL(); if($response !== true) { return array('error' => $response); } } $port = isset($uri['port']) && strlen($uri['port']) > 0 ? (int) $uri['port'] : ($secure === true ? 443 : 80); $host = ($secure ? 'ssl://' : '') . $uri['host']; $fp = fsockopen($host, $port, $errno, $errstr, TIMEOUT); if($fp === false) { return array('error' => 'SOCKET: ' . $errstr . '(' . ((string) $errno) . ')'); } else { fwrite( $fp, 'GET ' . ( isset($uri['path']) && strlen($uri['path']) > 0 ? $uri['path'] : '/' ) . ( isset($uri['query']) && strlen($uri['query']) > 0 ? ('?' . $uri['query']) : '' ) . ' HTTP/1.0' . WOL . EOL ); if(isset($uri['user'])) { $auth = base64_encode($uri['user'] . ':' . (isset($uri['pass']) ? $uri['pass'] : '')); fwrite($fp, 'Authorization: Basic ' . $auth . WOL . EOL); } if(isset($_SERVER['HTTP_ACCEPT']) && strlen($_SERVER['HTTP_ACCEPT']) > 0) { fwrite($fp, 'Accept: ' . $_SERVER['HTTP_ACCEPT'] . WOL . EOL); } if(isset($_SERVER['HTTP_USER_AGENT']) && strlen($_SERVER['HTTP_USER_AGENT']) > 0) { fwrite($fp, 'User-Agent: ' . $_SERVER['HTTP_USER_AGENT'] . WOL . EOL); } if(isset($_SERVER['HTTP_REFERER']) && strlen($_SERVER['HTTP_REFERER']) > 0) { fwrite($fp, 'Referer: ' . $_SERVER['HTTP_REFERER'] . WOL . EOL); } fwrite($fp, 'Host: ' . $uri['host'] . WOL . EOL); fwrite($fp, 'Connection: close' . WOL . EOL . WOL . EOL); $isRedirect = true; $isBody = false; $isHttp = false; $mime = null; $data = ''; while(false === feof($fp)) { if(MAX_EXEC !== 0 && (time() - INIT_EXEC) >= MAX_EXEC) { return array('error' => 'Maximum execution time of ' . ((string) (MAX_EXEC + 5)) . ' seconds exceeded, configure this with ini_set/set_time_limit or "php.ini" (if safe_mode is enabled)'); } $data = fgets($fp); if($data === false) { continue; } if($isHttp === false) { if(preg_match('#^HTTP[/]1[.]#i', $data) === 0) { fclose($fp);//Close connection $data = ''; return array('error' => 'This request did not return a HTTP response valid'); } $tmp = preg_replace('#(HTTP/1[.]\\d |[^0-9])#i', '', preg_replace('#^(HTTP/1[.]\\d \\d{3}) [\\w\\W]+$#i', '$1', $data) ); if($tmp === '304') { fclose($fp);//Close connection $data = ''; return array('error' => 'Request returned HTTP_304, this status code is incorrect because the html2canvas not send Etag'); } else { $isRedirect = preg_match('#^(301|302|303|307|308)$#', $tmp) !== 0; if($isRedirect === false && $tmp !== '200') { fclose($fp); $data = ''; return array('error' => 'Request returned HTTP_' . $tmp); } $isHttp = true; continue; } } if($isBody === false) { if(preg_match('#^location[:]#i', $data) !== 0) {//200 force 302 fclose($fp);//Close connection $data = trim(preg_replace('#^location[:]#i', '', $data)); if($data === '') { return array('error' => '"Location:" header is blank'); } $nextUri = $data; $data = relative2absolute($url, $data); if($data === '') { return array('error' => 'Invalid scheme in url (' . $nextUri . ')'); } if(isHttpUrl($data) === false) { return array('error' => '"Location:" header redirected for a non-http url (' . $data . ')'); } return downloadSource($data, $toSource, $caller); } else if(preg_match('#^content[-]length[:]( 0|0)$#i', $data) !== 0) { fclose($fp); $data = ''; return array('error' => 'source is blank (Content-length: 0)'); } else if(preg_match('#^content[-]type[:]#i', $data) !== 0) { $mime = trim( preg_replace('/[;]([\\s\\S]|)+$/', '', str_replace('content-type:', '', str_replace('/x-', '/', strtolower($data)) ) ) ); if(in_array($mime, array( 'image/bmp', 'image/windows-bmp', 'image/ms-bmp', 'image/jpeg', 'image/jpg', 'image/png', 'image/gif', 'text/html', 'application/xhtml', 'application/xhtml+xml' )) === false) { fclose($fp); $data = ''; return array('error' => $mime . ' mimetype is invalid'); } } else if($isBody === false && trim($data) === '') { $isBody = true; continue; } } else if($isRedirect === true) { fclose($fp); $data = ''; return array('error' => 'The response should be a redirect "' . $url . '", but did not inform which header "Localtion:"'); } else if($mime === null) { fclose($fp); $data = ''; return array('error' => 'Not set the mimetype from "' . $url . '"'); } else { fwrite($toSource, $data); continue; } } fclose($fp); $data = ''; if($isBody === false) { return array('error' => 'Content body is empty'); } else if($mime === null) { return array('error' => 'Not set the mimetype from "' . $url . '"'); } return array( 'mime' => $mime ); } }
function getUrl($buffer, $forbidden_types, $forbidden_strings) { global $_POST, $stack; $website = JRequest::getVar('http_host', 'none', 'POST', 'STRING', JREQUEST_ALLOWHTML); $web = parse_url($website); strtolower(substr($web['host'], 0, 4)) == "www." ? $web['host'] = substr($web['host'], 4) : null; /*if(substr($website,-1)=="/") $website=substr($website,0,-1); if(substr($web['path'],-1)=="/") $web['path']=substr($web['path'],0,-1);*/ $tmparray = array(); foreach ($buffer as $key) { if ($web['scheme'] . "://www." . $web['host'] . "/" == $key or $web['scheme'] . "://" . $web['host'] . "/" == $key) { $key = $website; } if (strtolower(substr($key, 0, 4)) != "http") { // slash management if (substr($key, 0, 1) == "/" and substr($website, -1) == "/") { $key = substr($key, 1); //print $key."<br>"; } // $website: support-masters.ch/ ($web['path'] != "" and $web['path'] != "/") ? $key = substr($website, 0, strpos($website, $web['path'])) . $key : ($key = $website . $key); } //print_r($web['scheme']."://(.*?)\.".$web['host']); die(); $key = preg_replace(array('/([\\?&]PHPSESSID=\\w+)$/i', '/(#[^\\/]*)$/i', '/&/', '/^(javascript:.*)|(javascript:.*)$/i'), array('', '', '&', '', ''), $key); $suchmuster = "/" . $web['scheme'] . ":\\/\\/(.*?)" . $web['host'] . str_replace('/', '\\/', $web['path']) . "/"; preg_match($suchmuster, $key, $treffer); $key = myUrlcode(trim(relative2absolute($website, $key))); //print $key."\n"; /* todo add url from Location: header tag without any check */ //&& fl_begins($key,$treffer)==true if (!in_array($key, $tmparray) && !in_array($key, $stack) && count($treffer) > 0 && fl_contains($key, $forbidden_strings) == false && in_array(substr($key, strrpos($key, ".")), $forbidden_types) === false) { //$key=trim(str_replace("&","&",$key)); //print trim(myUrlcode($key))."<br>"; $tmparray[] = $key; } unset($key, $treffer); } //endforeach unset($buffer); return $tmparray; }
function getUrl($buffer, $forbidden_types, $forbidden_strings) { global $_POST; $website = HTTP_HOST; $web = parse_url($website); strtolower(substr($web['host'], 0, 4)) == "www." ? $web['host'] = substr($web['host'], 4) : null; $tmparray = array(); foreach ($buffer as $key) { if ($web['scheme'] . "://www." . $web['host'] . "/" == $key or $web['scheme'] . "://" . $web['host'] . "/" == $key) { $key = $website; } if (strtolower(substr($key, 0, 4)) != "http") { // slash management if (substr($key, 0, 1) == "/" and substr($website, -1) == "/") { $key = substr($key, 1); //print $key."<br>"; } ($web['path'] != "" and $web['path'] != "/") ? $key = substr($website, 0, strpos($website, $web['path'])) . $key : ($key = $website . $key); } $key = preg_replace(array('/([\\?&]PHPSESSID=\\w+)$/i', '/(#[^\\/]*)$/i', '/&/', '/^(javascript:.*)|(javascript:.*)$/i'), array('', '', '&', '', ''), $key); $pattern = "/" . $web['scheme'] . ":\\/\\/(.*?)" . $web['host'] . str_replace('/', '\\/', $web['path']) . "/"; preg_match($pattern, $key, $treffer); $key = encodeUrl(trim(relative2absolute($website, $key))); /* todo add url from Location: header tag without any check */ if (!in_array($key, $tmparray) && count($treffer) > 0 && searchInArray($key, $forbidden_strings) == false && in_array(substr($key, strrpos($key, ".")), $forbidden_types) === false) { $tmparray[] = $key; } unset($key, $treffer); } //endforeach unset($buffer); return $tmparray; }