= 2) { $lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2); } else { $lang = 'en'; } } $words = getwords($lang); if ($site_charset == 'auto') { $site_charset = $word_charset; } $cols = ($win) ? 4 : 7; if (!isset($dirpermission)) {$dirpermission = (function_exists('umask')) ? (0777 & ~umask()) : 0755;} if (!isset($filepermission)) {$filepermission = (function_exists('umask')) ? (0666 & ~umask()) : 0644;} if (!empty($_SERVER['SCRIPT_NAME'])) { $self = html(basename($_SERVER['SCRIPT_NAME'])); } elseif (!empty($_SERVER['PHP_SELF'])) { $self = html(basename($_SERVER['PHP_SELF'])); } else { $self = ''; } if (!empty($_SERVER['SERVER_SOFTWARE'])) { if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') { $apache = true; } else { $apache = false; } } else { $apache = true; } switch ($action) { case 'view': if (is_script($file)) { /* highlight_file is a mess! */ ob_start(); highlight_file($file); $src = ereg_replace('', '', ob_get_contents()); $src = str_replace(array('', "\r", "\n"), array('', '', ''), $src); ob_end_clean(); html_header(); echo '

' . html($file) . '

';
						for ($i = 1; $i <= sizeof(file($file)); $i++) echo "$i\n";
						echo '

' . $src . '

'; html_footer(); } else { header('Content-Type: ' . getmimetype($file)); header('Content-Disposition: filename=' . basename($file)); readfile($file); } break; case 'download': header('Pragma: public'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Content-Type: ' . getmimetype($file)); header('Content-Disposition: attachment; filename=' . basename($file) . ';'); header('Content-Length: ' . filesize($file)); readfile($file); break; case 'upload': $dest = relative2absolute($file['name'], $directory); if (@file_exists($dest)) { listing_page(error('already_exists', $dest)); } elseif (@move_uploaded_file($file['tmp_name'], $dest)) { @chmod($dest, $filepermission); listing_page(notice('uploaded', $file['name'])); } else { listing_page(error('not_uploaded', $file['name'])); } break; case 'create_directory': if (@file_exists($file)) { listing_page(error('already_exists', $file)); } else { $old = @umask(0777 & ~$dirpermission); if (@mkdir($file, $dirpermission)) { listing_page(notice('created', $file)); } else { listing_page(error('not_created', $file)); } @umask($old); } break; case 'create_file': if (@file_exists($file)) { listing_page(error('already_exists', $file)); } else { $old = @umask(0777 & ~$filepermission); if (@touch($file)) { edit($file); } else { listing_page(error('not_created', $file)); } @umask($old); } break; case 'execute': chdir(dirname($file)); $output = array(); $retval = 0; exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval); $error = ($retval == 0) ? false : true; if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>'); if ($error) { listing_page(error('not_executed', $file, implode("\n", $output))); } else { listing_page(notice('executed', $file, implode("\n", $output))); } break; case 'delete': if (!empty($_POST['no'])) { listing_page(); } elseif (!empty($_POST['yes'])) { $failure = array(); $success = array(); foreach ($files as $file) { if (del($file)) { $success[] = $file; } else { $failure[] = $file; } } $message = ''; if (sizeof($failure) > 0) { $message = error('not_deleted', implode("\n", $failure)); } if (sizeof($success) > 0) { $message .= notice('deleted', implode("\n", $success)); } listing_page($message); } else { html_header(); echo ''; html_footer(); } break; case 'rename': if (!empty($_POST['destination'])) { $dest = relative2absolute($_POST['destination'], $directory); if (!@file_exists($dest) && @rename($file, $dest)) { listing_page(notice('renamed', $file, $dest)); } else { listing_page(error('not_renamed', $file, $dest)); } } else { $name = basename($file); html_header(); echo ''; html_footer(); } break; case 'move': if (!empty($_POST['destination'])) { $dest = relative2absolute($_POST['destination'], $directory); $failure = array(); $success = array(); foreach ($files as $file) { $filename = substr($file, strlen($directory)); $d = $dest . $filename; if (!@file_exists($d) && @rename($file, $d)) { $success[] = $file; } else { $failure[] = $file; } } $message = ''; if (sizeof($failure) > 0) { $message = error('not_moved', implode("\n", $failure), $dest); } if (sizeof($success) > 0) { $message .= notice('moved', implode("\n", $success), $dest); } listing_page($message); } else { html_header(); echo ''; html_footer(); } break; case 'copy': if (!empty($_POST['destination'])) { $dest = relative2absolute($_POST['destination'], $directory); if (@is_dir($dest)) { $failure = array(); $success = array(); foreach ($files as $file) { $filename = substr($file, strlen($directory)); $d = addslash($dest) . $filename; if (!@is_dir($file) && !@file_exists($d) && @copy($file, $d)) { $success[] = $file; } else { $failure[] = $file; } } $message = ''; if (sizeof($failure) > 0) { $message = error('not_copied', implode("\n", $failure), $dest); } if (sizeof($success) > 0) { $message .= notice('copied', implode("\n", $success), $dest); } listing_page($message); } else { if (!@file_exists($dest) && @copy($file, $dest)) { listing_page(notice('copied', $file, $dest)); } else { listing_page(error('not_copied', $file, $dest)); } } } else { html_header(); echo ''; html_footer(); } break; case 'create_symlink': if (!empty($_POST['destination'])) { $dest = relative2absolute($_POST['destination'], $directory); if (substr($dest, -1, 1) == $delim) $dest .= basename($file); if (!empty($_POST['relative'])) $file = absolute2relative(addslash(dirname($dest)), $file); if (!@file_exists($dest) && @symlink($file, $dest)) { listing_page(notice('symlinked', $file, $dest)); } else { listing_page(error('not_symlinked', $file, $dest)); } } else { html_header(); echo ''; html_footer(); } break; case 'edit': if (!empty($_POST['save'])) { $content = str_replace("\r\n", "\n", $_POST['content']); if (($f = @fopen($file, 'w')) && @fwrite($f, $content) !== false && @fclose($f)) { listing_page(notice('saved', $file)); } else { listing_page(error('not_saved', $file)); } } else { if (@is_readable($file) && @is_writable($file)) { edit($file); } else { listing_page(error('not_edited', $file)); } } break; case 'permission': if (!empty($_POST['set'])) { $mode = 0; if (!empty($_POST['ur'])) $mode |= 0400; if (!empty($_POST['uw'])) $mode |= 0200; if (!empty($_POST['ux'])) $mode |= 0100; if (!empty($_POST['gr'])) $mode |= 0040; if (!empty($_POST['gw'])) $mode |= 0020; if (!empty($_POST['gx'])) $mode |= 0010; if (!empty($_POST['or'])) $mode |= 0004; if (!empty($_POST['ow'])) $mode |= 0002; if (!empty($_POST['ox'])) $mode |= 0001; if (@chmod($file, $mode)) { listing_page(notice('permission_set', $file, decoct($mode))); } else { listing_page(error('permission_not_set', $file, decoct($mode))); } } else { html_header(); $mode = fileperms($file); echo ''; html_footer(); } break; default: listing_page(); } /* ------------------------------------------------------------------------- */ function getlist ($directory) { global $delim, $win; if ($d = @opendir($directory)) { while (($filename = @readdir($d)) !== false) { $path = $directory . $filename; if ($stat = @lstat($path)) { $file = array( 'filename' => $filename, 'path' => $path, 'is_file' => @is_file($path), 'is_dir' => @is_dir($path), 'is_link' => @is_link($path), 'is_readable' => @is_readable($path), 'is_writable' => @is_writable($path), 'size' => $stat['size'], 'permission' => $stat['mode'], 'owner' => $stat['uid'], 'group' => $stat['gid'], 'mtime' => @filemtime($path), 'atime' => @fileatime($path), 'ctime' => @filectime($path) ); if ($file['is_dir']) { $file['is_executable'] = @file_exists($path . $delim . '.'); } else { if (!$win) { $file['is_executable'] = @is_executable($path); } else { $file['is_executable'] = true; } } if ($file['is_link']) $file['target'] = @readlink($path); if (function_exists('posix_getpwuid')) $file['owner_name'] = @reset(posix_getpwuid($file['owner'])); if (function_exists('posix_getgrgid')) $file['group_name'] = @reset(posix_getgrgid($file['group'])); $files[] = $file; } } return $files; } else { return false; } } function sortlist ($list, $key, $reverse) { $dirs = array(); $files = array(); for ($i = 0; $i < sizeof($list); $i++) { if ($list[$i]['is_dir']) $dirs[] = $list[$i]; else $files[] = $list[$i]; } quicksort($dirs, 0, sizeof($dirs) - 1, $key); if ($reverse) $dirs = array_reverse($dirs); quicksort($files, 0, sizeof($files) - 1, $key); if ($reverse) $files = array_reverse($files); return array_merge($dirs, $files); } function quicksort (&$array, $first, $last, $key) { if ($first < $last) { $cmp = $array[floor(($first + $last) / 2)][$key]; $l = $first; $r = $last; while ($l <= $r) { while ($array[$l][$key] < $cmp) $l++; while ($array[$r][$key] > $cmp) $r--; if ($l <= $r) { $tmp = $array[$l]; $array[$l] = $array[$r]; $array[$r] = $tmp; $l++; $r--; } } quicksort($array, $first, $r, $key); quicksort($array, $l, $last, $key); } } function permission_octal2string ($mode) { if (($mode & 0xC000) === 0xC000) {$type = 's';} elseif (($mode & 0xA000) === 0xA000) {$type = 'l';} elseif (($mode & 0x8000) === 0x8000) {$type = '-';} elseif (($mode & 0x6000) === 0x6000) {$type = 'b';} elseif (($mode & 0x4000) === 0x4000) {$type = 'd';} elseif (($mode & 0x2000) === 0x2000) {$type = 'c';} elseif (($mode & 0x1000) === 0x1000) {$type = 'p';} else {$type = '?';} $owner = ($mode & 00400) ? 'r' : '-'; $owner .= ($mode & 00200) ? 'w' : '-'; if ($mode & 0x800) {$owner .= ($mode & 00100) ? 's' : 'S';} else {$owner .= ($mode & 00100) ? 'x' : '-';} $group = ($mode & 00040) ? 'r' : '-'; $group .= ($mode & 00020) ? 'w' : '-'; if ($mode & 0x400) {$group .= ($mode & 00010) ? 's' : 'S';} else {$group .= ($mode & 00010) ? 'x' : '-';} $other = ($mode & 00004) ? 'r' : '-'; $other .= ($mode & 00002) ? 'w' : '-'; if ($mode & 0x200) {$other .= ($mode & 00001) ? 't' : 'T';} else {$other .= ($mode & 00001) ? 'x' : '-';} return $type . $owner . $group . $other; } function is_script ($filename) { return ereg('\.php$|\.php3$|\.php4$|\.php5$', $filename); } function getmimetype ($filename) { static $mimes = array( '\.jpg$|\.jpeg$' => 'image/jpeg', '\.gif$' => 'image/gif', '\.png$' => 'image/png', '\.html$|\.html$' => 'text/html', '\.txt$|\.asc$' => 'text/plain', '\.xml$|\.xsl$' => 'application/xml', '\.pdf$' => 'application/pdf' ); foreach ($mimes as $regex => $mime) { if (eregi($regex, $filename)) return $mime; } return 'text/plain'; } function del ($file) { global $delim; if (!file_exists($file)) return false; if (@is_dir($file) && !@is_link($file)) { $success = false; if (@rmdir($file)) { $success = true; } elseif ($dir = @opendir($file)) { $success = true; while (($f = readdir($dir)) !== false) { if ($f != '.' && $f != '..' && !del($file . $delim . $f)) { $success = false; } } closedir($dir); if ($success) $success = @rmdir($file); } return $success; } return @unlink($file); } function addslash ($directory) { global $delim; if (substr($directory, -1, 1) != $delim) { return $directory . $delim; } else { return $directory; } } function relative2absolute ($string, $directory) { if (path_is_relative($string)) { return simplify_path(addslash($directory) . $string); } else { return simplify_path($string); } } function path_is_relative ($path) { global $win; if ($win) { return (substr($path, 1, 1) != ':'); } else { return (substr($path, 0, 1) != '/'); } } function absolute2relative ($directory, $target) { global $delim; $path = ''; while ($directory != $target) { if ($directory == substr($target, 0, strlen($directory))) { $path .= substr($target, strlen($directory)); break; } else { $path .= '..' . $delim; $directory = substr($directory, 0, strrpos(substr($directory, 0, -1), $delim) + 1); } } if ($path == '') $path = '.'; return $path; } function simplify_path ($path) { global $delim; if (@file_exists($path) && function_exists('realpath') && @realpath($path) != '') { $path = realpath($path); if (@is_dir($path)) { return addslash($path); } else { return $path; } } $pattern = $delim . '.' . $delim; if (@is_dir($path)) { $path = addslash($path); } while (strpos($path, $pattern) !== false) { $path = str_replace($pattern, $delim, $path); } $e = addslashes($delim); $regex = $e . '((\.[^\.' . $e . '][^' . $e . ']*)|(\.\.[^' . $e . ']+)|([^\.][^' . $e . ']*))' . $e . '\.\.' . $e; while (ereg($regex, $path)) { $path = ereg_replace($regex, $delim, $path); } return $path; } function human_filesize ($filesize) { $suffices = 'kMGTPE'; $n = 0; while ($filesize >= 1000) { $filesize /= 1024; $n++; } $filesize = round($filesize, 3 - strpos($filesize, '.')); if (strpos($filesize, '.') !== false) { while (in_array(substr($filesize, -1, 1), array('0', '.'))) { $filesize = substr($filesize, 0, strlen($filesize) - 1); } } $suffix = (($n == 0) ? '' : substr($suffices, $n - 1, 1)); return $filesize . " {$suffix}B"; } function strip (&$str) {$str = stripslashes($str);} /* ------------------------------------------------------------------------- */ function listing_page ($message = null) { global $self, $directory, $sort, $reverse; html_header(); $list = getlist($directory); if (array_key_exists('sort', $_GET)) $sort = $_GET['sort']; else $sort = 'filename'; if (array_key_exists('reverse', $_GET) && $_GET['reverse'] == 'true') $reverse = true; else $reverse = false; echo '

otherFM

'; html_footer(); } function listing ($list) { global $directory, $homedir, $sort, $reverse, $win, $cols, $date_format, $self; echo '

'; column_title('filename', $sort, $reverse); column_title('size', $sort, $reverse); if (!$win) { column_title('permission', $sort, $reverse); column_title('owner', $sort, $reverse); column_title('group', $sort, $reverse); } echo '' . word('functions') . ' '; for ($i = 0; $i < sizeof($list); $i++) { $file = $list[$i]; $timestamps = 'mtime: ' . date($date_format, $file['mtime']) . ', '; $timestamps .= 'atime: ' . date($date_format, $file['atime']) . ', '; $timestamps .= 'ctime: ' . date($date_format, $file['ctime']); echo ' '; if ($file['is_link']) { echo ' link

'; echo html($file['filename']) . ' → '; $real_file = relative2absolute($file['target'], $directory); if (@is_readable($real_file)) { if (@is_dir($real_file)) { echo '[ ' . html($file['target']) . ' ]'; } else { echo '' . html($file['target']) . ''; } } else { echo html($file['target']); } } elseif ($file['is_dir']) { echo ' folder

[ '; if ($win || $file['is_executable']) { echo '' . html($file['filename']) . ''; } else { echo html($file['filename']); } echo ' ]'; } else { if (substr($file['filename'], 0, 1) == '.') { echo ' hidden file

'; } else { echo ' file

'; } if ($file['is_file'] && $file['is_readable']) { echo '' . html($file['filename']) . ''; } else { echo html($file['filename']); } } if ($file['size'] >= 1000) { $human = ' title="' . human_filesize($file['size']) . '"'; } else { $human = ''; } echo "\n"; echo "\t{$file['size']} B\n"; if (!$win) { echo "\t'; $l = !$file['is_link'] && (!function_exists('posix_getuid') || $file['owner'] == posix_getuid()); if ($l) echo ''; echo html(permission_octal2string($file['permission'])); if ($l) echo ''; echo "\n"; if (array_key_exists('owner_name', $file)) { echo "\t{$file['owner_name']}\n"; } else { echo "\t{$file['owner']}\n"; } if (array_key_exists('group_name', $file)) { echo "\t{$file['group_name']}\n"; } else { echo "\t{$file['group']}\n"; } } echo ' '; $actions = array(); if (function_exists('symlink')) { $actions[] = 'create_symlink'; } if (@is_writable(dirname($file['path']))) { $actions[] = 'delete'; $actions[] = 'rename'; $actions[] = 'move'; } if ($file['is_file'] && $file['is_readable']) { $actions[] = 'copy'; $actions[] = 'download'; if ($file['is_writable']) $actions[] = 'edit'; } if (!$win && function_exists('exec') && $file['is_file'] && $file['is_executable'] && file_exists('/bin/sh')) { $actions[] = 'execute'; } if (sizeof($actions) > 0) { echo ''; } echo ' '; } echo '

'; $actions = array(); if (@is_writable(dirname($file['path']))) { $actions[] = 'delete'; $actions[] = 'move'; } $actions[] = 'copy'; echo ' '; } function column_title ($column, $sort, $reverse) { global $self, $directory; $d = 'dir=' . urlencode($directory) . '&'; $arr = ''; if ($sort == $column) { if (!$reverse) { $r = '&reverse=true'; $arr = ' ∧'; } else { $arr = ' ∨'; } } else { $r = ''; } echo "\t" . word($column) . "$arr\n"; } function directory_choice () { global $directory, $homedir, $cols, $self; echo '] ' . word('directory') . ': '; } function upload_box () { global $cols; echo ' ' . word('file') . ': '; } function create_box () { global $cols; echo ' '; } function edit ($file) { global $self, $directory, $editcols, $editrows, $apache, $htpasswd, $htaccess; html_header(); echo '

' . html($file) . '

'; if ($apache && basename($file) == $htpasswd) { echo word('user') . ': '.word('password').':

'; } if ($apache && basename($file) == $htaccess) { echo '

'; } echo '

[ ' . word('back') . ' ]

'; html_footer(); } function spacer () { global $cols; echo ''; } function textfieldsize ($content) { $size = strlen($content) + 5; if ($size < 30) $size = 30; return $size; } function request_dump () { foreach ($_REQUEST as $key => $value) { echo "\t\n"; } } /* ------------------------------------------------------------------------- */ function html ($string) { global $site_charset; return htmlentities($string, ENT_COMPAT, $site_charset); } function word ($word) { global $words, $word_charset; return htmlentities($words[$word], ENT_COMPAT, $word_charset); } function phrase ($phrase, $arguments) { global $words; static $search; if (!is_array($search)) for ($i = 1; $i <= 8; $i++) $search[] = "%$i"; for ($i = 0; $i < sizeof($arguments); $i++) { $arguments[$i] = nl2br(html($arguments[$i])); } $replace = array('{' => '

', '}' =>'

', '[' => '', ']' => ''); return str_replace($search, $arguments, str_replace(array_keys($replace), $replace, nl2br(html($words[$phrase])))); } function getwords ($lang) { global $date_format, $word_charset; $word_charset = 'UTF-8'; $date_format = 'Y/m/d H:i:s'; return array( 'directory' => 'Directory', 'file' => 'File', 'filename' => 'Filename', 'size' => 'Size', 'permission' => 'Permission', 'owner' => 'Owner', 'group' => 'Group', 'other' => 'Others', 'functions' => 'Functions', 'read' => 'read', 'write' => 'write', 'execute' => 'execute', 'create_symlink' => 'create symlink', 'delete' => 'delete', 'rename' => 'rename', 'move' => 'move', 'copy' => 'copy', 'edit' => 'edit', 'download' => 'download', 'upload' => 'upload', 'create' => 'create', 'change' => 'change', 'save' => 'save', 'set' => 'set', 'reset' => 'reset', 'relative' => 'Relative path to target', 'yes' => 'Yes', 'no' => 'No', 'back' => 'back', 'destination' => 'Destination', 'symlink' => 'Symlink', 'no_output' => 'no output', 'user' => 'User', 'password' => 'Password', 'add' => 'add', 'add_basic_auth' => 'add basic-authentification', 'uploaded' => '"[%1]" has been uploaded.', 'not_uploaded' => '"[%1]" could not be uploaded.', 'already_exists' => '"[%1]" already exists.', 'created' => '"[%1]" has been created.', 'not_created' => '"[%1]" could not be created.', 'really_delete' => 'Delete these files?', 'deleted' => "These files have been deleted:\n[%1]", 'not_deleted' => "These files could not be deleted:\n[%1]", 'rename_file' => 'Rename file:', 'renamed' => '"[%1]" has been renamed to "[%2]".', 'not_renamed' => '"[%1] could not be renamed to "[%2]".', 'move_files' => 'Move these files:', 'moved' => "These files have been moved to \"[%2]\":\n[%1]", 'not_moved' => "These files could not be moved to \"[%2]\":\n[%1]", 'copy_files' => 'Copy these files:', 'copied' => "These files have been copied to \"[%2]\":\n[%1]", 'not_copied' => "These files could not be copied to \"[%2]\":\n[%1]", 'not_edited' => '"[%1]" can not be edited.', 'executed' => "\"[%1]\" has been executed successfully:\n{%2}", 'not_executed' => "\"[%1]\" could not be executed successfully:\n{%2}", 'saved' => '"[%1]" has been saved.', 'not_saved' => '"[%1]" could not be saved.', 'symlinked' => 'Symlink from "[%2]" to "[%1]" has been created.', 'not_symlinked' => 'Symlink from "[%2]" to "[%1]" could not be created.', 'permission_for' => 'Permission of "[%1]":', 'permission_set' => 'Permission of "[%1]" was set to [%2].', 'permission_not_set' => 'Permission of "[%1]" could not be set to [%2].', 'not_readable' => '"[%1]" can not be read.' ); } function getimage ($image) { switch ($image) { case 'file': return base64_decode('R0lGODlhEQANAJEDAJmZmf///wAAAP///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA'); case 'folder': return base64_decode('R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'); case 'hidden_file': return base64_decode('R0lGODlhEQANAJEDAMwAAP///5mZmf///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA'); case 'link': return base64_decode('R0lGODlhEQANAKIEAJmZmf///wAAAMwAAP///wAAAAAAAAAAACH5BAHoAwQALAAAAAARAA0AAAM5SArcrDCCQOuLcIotwgTYUllNOA0DxXkmhY4shM5zsMUKTY8gNgUvW6cnAaZgxMyIM2zBLCaHlJgAADsA'); case 'smiley': return base64_decode('R0lGODlhEQANAJECAAAAAP//AP///wAAACH5BAHoAwIALAAAAAARAA0AAAIslI+pAu2wDAiz0jWD3hqmBzZf1VCleJQch0rkdnppB3dKZuIygrMRE/oJDwUAOwA='); case 'arrow': return base64_decode('R0lGODlhEQANAIABAAAAAP///yH5BAEKAAEALAAAAAARAA0AAAIdjA9wy6gNQ4pwUmav0yvn+hhJiI3mCJ6otrIkxxQAOw=='); } } function html_header () { global $site_charset; echo << otherFM END; } function html_footer () { echo << END; } function notice ($phrase) { global $cols; $args = func_get_args(); array_shift($args); return '' . phrase($phrase, $args) . ''; } function error ($phrase) { global $cols; $args = func_get_args(); array_shift($args); return '' . phrase($phrase, $args) . ''; } ?>

' . word('destination') . ':	' . html($file) . ' ' . word('relative') . '
' . word('symlink') . ':