<?php
$lang = 'auto';
$site_charset = 'auto';
$homedir = './';
$editcols = 80;
$editrows = 25;
# $dirpermission = 0705;
# $filepermission = 0604;
$htaccess = '.htaccess';
$htpasswd = '.htpasswd';
/* ------------------------------------------------------------------------- */
if (get_magic_quotes_gpc()) {
array_walk($_GET, 'strip');
array_walk($_POST, 'strip');
array_walk($_REQUEST, 'strip');
}
if (array_key_exists('image', $_GET)) {
header('Content-Type: image/gif');
die(getimage($_GET['image']));
}
if (!function_exists('lstat')) {
function lstat ($filename) {
return stat($filename);
}
}
$delim = DIRECTORY_SEPARATOR;
if (function_exists('php_uname')) {
$win = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true : false;
} else {
$win = ($delim == '\\') ? true : false;
}
if (!empty($_SERVER['PATH_TRANSLATED'])) {
$scriptdir = dirname($_SERVER['PATH_TRANSLATED']);
} elseif (!empty($_SERVER['SCRIPT_FILENAME'])) {
$scriptdir = dirname($_SERVER['SCRIPT_FILENAME']);
} elseif (function_exists('getcwd')) {
$scriptdir = getcwd();
} else {
$scriptdir = '.';
}
$homedir = relative2absolute($homedir, $scriptdir);
$dir = (array_key_exists('dir', $_REQUEST)) ? $_REQUEST['dir'] : $homedir;
if (array_key_exists('olddir', $_POST) && !path_is_relative($_POST['olddir'])) {
$dir = relative2absolute($dir, $_POST['olddir']);
}
$directory = simplify_path(addslash($dir));
$files = array();
$action = '';
if (!empty($_POST['submit_all'])) {
$action = $_POST['action_all'];
for ($i = 0; $i < $_POST['num']; $i++) {
if (array_key_exists("checked$i", $_POST) && $_POST["checked$i"] == 'true') {
$files[] = $_POST["file$i"];
}
}
} elseif (!empty($_REQUEST['action'])) {
$action = $_REQUEST['action'];
$files[] = relative2absolute($_REQUEST['file'], $directory);
} elseif (!empty($_POST['submit_upload']) && !empty($_FILES['upload']['name'])) {
$files[] = $_FILES['upload'];
$action = 'upload';
} elseif (array_key_exists('num', $_POST)) {
for ($i = 0; $i < $_POST['num']; $i++) {
if (array_key_exists("submit$i", $_POST)) break;
}
if ($i < $_POST['num']) {
$action = $_POST["action$i"];
$files[] = $_POST["file$i"];
}
}
if (empty($action) && (!empty($_POST['submit_create']) || (array_key_exists('focus', $_POST) && $_POST['focus'] == 'create')) && !empty($_POST['create_name'])) {
$files[] = relative2absolute($_POST['create_name'], $directory);
switch ($_POST['create_type']) {
case 'directory':
$action = 'create_directory';
break;
case 'file':
$action = 'create_file';
}
}
if (sizeof($files) == 0) $action = ''; else $file = reset($files);
if ($lang == 'auto') {
if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER) && strlen($_SERVER['HTTP_ACCEPT_LANGUAGE']) >= 2) {
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
} else {
$lang = 'en';
}
}
$words = getwords($lang);
if ($site_charset == 'auto') {
$site_charset = $word_charset;
}
$cols = ($win) ? 4 : 7;
if (!isset($dirpermission)) {
$dirpermission = (function_exists('umask')) ? (0777 & ~umask()) : 0755;
}
if (!isset($filepermission)) {
$filepermission = (function_exists('umask')) ? (0666 & ~umask()) : 0644;
}
if (!empty($_SERVER['SCRIPT_NAME'])) {
$self = html(basename($_SERVER['SCRIPT_NAME']));
} elseif (!empty($_SERVER['PHP_SELF'])) {
$self = html(basename($_SERVER['PHP_SELF']));
} else {
$self = '';
}
if (!empty($_SERVER['SERVER_SOFTWARE'])) {
if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') {
$apache = true;
} else {
$apache = false;
}
} else {
$apache = true;
}
switch ($action) {
case 'view':
if (is_script($file)) {
/* highlight_file is a mess! */
ob_start();
highlight_file($file);
$src = ereg_replace('<font color="([^"]*)">', '<span style="color: \1">', ob_get_contents());
$src = str_replace(array('</font>', "\r", "\n"), array('</span>', '', ''), $src);
ob_end_clean();
html_header();
echo '<h2 style="text-align: left; margin-bottom: 0">' . html($file) . '</h2>
<hr />
<table>
<tr>
<td style="text-align: right; vertical-align: top; color: gray; padding-right: 3pt; border-right: 1px solid gray">
<pre style="margin-top: 0"><code>';
for ($i = 1; $i <= sizeof(file($file)); $i++) echo "$i\n";
echo '</code></pre>
</td>
<td style="text-align: left; vertical-align: top; padding-left: 3pt">
<pre style="margin-top: 0">' . $src . '</pre>
</td>
</tr>
</table>
';
html_footer();
} else {
header('Content-Type: ' . getmimetype($file));
header('Content-Disposition: filename=' . basename($file));
readfile($file);
}
break;
case 'download':
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-Type: ' . getmimetype($file));
header('Content-Disposition: attachment; filename=' . basename($file) . ';');
header('Content-Length: ' . filesize($file));
readfile($file);
break;
case 'upload':
$dest = relative2absolute($file['name'], $directory);
if (@file_exists($dest)) {
listing_page(error('already_exists', $dest));
} elseif (@move_uploaded_file($file['tmp_name'], $dest)) {
@chmod($dest, $filepermission);
listing_page(notice('uploaded', $file['name']));
} else {
listing_page(error('not_uploaded', $file['name']));
}
break;
case 'create_directory':
if (@file_exists($file)) {
listing_page(error('already_exists', $file));
} else {
$old = @umask(0777 & ~$dirpermission);
if (@mkdir($file, $dirpermission)) {
listing_page(notice('created', $file));
} else {
listing_page(error('not_created', $file));
}
@umask($old);
}
break;
case 'create_file':
if (@file_exists($file)) {
listing_page(error('already_exists', $file));
} else {
$old = @umask(0777 & ~$filepermission);
if (@touch($file)) {
edit($file);
} else {
listing_page(error('not_created', $file));
}
@umask($old);
}
break;
case 'execute':
chdir(dirname($file));
$output = array();
$retval = 0;
exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval);
$error = ($retval == 0) ? false : true;
if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>');
if ($error) {
listing_page(error('not_executed', $file, implode("\n", $output)));
} else {
listing_page(notice('executed', $file, implode("\n", $output)));
}
break;
case 'delete':
if (!empty($_POST['no'])) {
listing_page();
} elseif (!empty($_POST['yes'])) {
$failure = array();
$success = array();
foreach ($files as $file) {
if (del($file)) {
$success[] = $file;
} else {
$failure[] = $file;
}
}
$message = '';
if (sizeof($failure) > 0) {
$message = error('not_deleted', implode("\n", $failure));
}
if (sizeof($success) > 0) {
$message .= notice('deleted', implode("\n", $success));
}
listing_page($message);
} else {
html_header();
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
';
request_dump();
echo "\t<b>" . word('really_delete') . '</b>
<p>
';
foreach ($files as $file) {
echo "\t" . html($file) . "<br />\n";
}
echo ' </p>
<hr />
<input type="submit" name="no" value="' . word('no') . '" id="red_button" />
<input type="submit" name="yes" value="' . word('yes') . '" id="green_button" style="margin-left: 50px" />
</td>
</tr>
</table>
</form>
';
html_footer();
}
break;
case 'rename':
if (!empty($_POST['destination'])) {
$dest = relative2absolute($_POST['destination'], $directory);
if (!@file_exists($dest) && @rename($file, $dest)) {
listing_page(notice('renamed', $file, $dest));
} else {
listing_page(error('not_renamed', $file, $dest));
}
} else {
$name = basename($file);
html_header();
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
<input type="hidden" name="action" value="rename" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($di
评论0