lister.php.bak
Download lister.php.bak
1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
2: "http://www.w3.org/TR/html4/strict.dtd">
3: <html lang="en"> <head>
4: <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5: <meta name="description" content="PHP File Lister">
6: <meta name="author" content="Wayne Pollock">
7: <link rel="Shortcut Icon" type="image/x-icon" href="../../images/PHP.ico">
8: <link rel="stylesheet" href="../../Styles.css" type="text/css">
9: <script type="text/JavaScript" src="../../Common.js"> </script>
10:
11: <title> PHP File Lister </title>
12:
13: <style type="text/css">
14: <!--
15: @media screen {
16: b { color: yellow; }
17: }
18: -->
19: </style>
20:
21: </head>
22: <body>
23: <div>
24: <?php
25: // Script to list files, preserving white space,
26: // with optional line numbers.
27: // Arguments: file=path_to_file (NOT a URI, to prevent foreign
28: // documents)
29: // linenums=true_or_false (default=false if omitted)
30: // nodir=true_or_false (default=false if omitted)
31: //
32: // Written 2/2009 by Wayne Pollock, Tampa Florida USA. All Rights Reserved.
33: // 11/2013 Updated the normalize function to allow filenames with
34: // hyphens and underscores.
35:
36: // Parse args: filename (string) and linenums (true or false):
37: if ( isset($_REQUEST['file']) ) $orig_file = $_REQUEST['file'];
38: if ( isset($_REQUEST['linenums']) ) $linenums = $_REQUEST['linenums'];
39: if ( isset($_REQUEST['nodir']) ) $nodir = $_REQUEST['nodir'];
40: if ( isset($_REQUEST['dl']) ) $dl = $_REQUEST['dl'];
41:
42: if ( ! isset( $orig_file ) or strlen($orig_file) === 0 ) {
43: echo "<h2>No filename provided!</h2>\n"
44: . "<p><em>You need to pass</em> "
45: . "<q><code>file=<em>name</em></code></q> in the query string.\n"
46: . "You can also add the <q><code>linenums</code></q> parameter "
47: . "to display line numbers, the <q><code>nodir</code></q> "
48: . "parameter to truncate the heading to only show the filename, "
49: . "and the <q><code>dl</code></q> parameter to add a download link "
50: . "(useful when showing line numbers).</p>\n";
51: echo '</div></body></html>';
52: exit;
53: }
54:
55: $file = normalize ( $orig_file );
56:
57: if ( $file === false or is_dir($file) ) {
58: header('HTTP/1.0 404 Not Found');
59: echo "<h1>404 Not Found</h1>\n";
60: echo "<p>The page that you have requested could not be found.</p>\n";
61: echo "</div>\n</body></html>\n";
62: exit();
63: }
64:
65: // Sanitize filenames for security: only allow access to files below the
66: // DOCROOT:
67: function getdocroot () {
68: $localpath=getenv("SCRIPT_NAME");
69: $absolutepath= getenv("SCRIPT_FILENAME");
70: // Although Some OSes are case-sensitive, some are not, so
71: // get the position in a case-insensitive way, then use the
72: // case returned from getenv("SCRIPT_FILENAME"):
73:
74: $docroot=substr( $absolutepath,0,
75: strpos( strtolower($absolutepath), strtolower($localpath) ) );
76: // Replace Windows back-slashes (forward ones work even on Windows):
77: $docroot = str_replace( "\\","/",$docroot );
78: return $docroot;
79: }
80:
81: // Dis-allow weird characters in the filename argument, for security.
82: // On this site, all names are simple ASCII:
83: function normalize ( $pathname ) {
84: $pathname = htmlentities($pathname, ENT_QUOTES, 'UTF-8');
85: $pathname = preg_replace('~&([a-z]{1,2})' .
86: '(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~i',
87: '$1', $pathname);
88: $pathname = html_entity_decode($pathname, ENT_QUOTES, 'UTF-8');
89: $pathname = preg_replace(array('~[^0-9a-z./_-]~i', '~[ ]+~'), ' ', $pathname);
90: $pathname = trim($pathname, ' -');
91:
92: // Check for illegal pathnames or pathnames outside of DOCROOT:
93: if ( realpath( $pathname ) ) {
94: $pathname = realpath( $pathname );
95: // Replace Windows back-slashes (forward ones work even on Windows):
96: $pathname = str_replace( "\\","/",$pathname );
97: // Finally, make sure the normalized absolute path is under DOCROOT:
98: $pos = strpos($pathname, getdocroot() );
99: if ( $pos !== false and $pos === 0 ) {
100: // In a more secure environment, should whitelist permitted files,
101: // or at least permitted extensions. This code allows any file
102: // below the docroot to be returned.
103: return $pathname;
104: }
105: }
106: return false; // Illegal pathname used
107: }
108:
109: if ( ! isset($dl) or $dl == "false" )
110: $dl = false;
111: else
112: $dl = true;
113:
114: if ( ! isset($linenums) or $linenums == "false" )
115: $linenums = false;
116: else
117: $linenums = true;
118:
119: // "nodir" means to only display the filename in the heading,
120: // and not the pathname.
121: if ( ! isset($nodir) or $nodir == "false" )
122: $nodir = false;
123: else
124: $nodir = true;
125:
126: // Output HTML document body (the file's contents):
127: if ( $nodir )
128: echo "<h1> " . basename($file) . " </h1>\n";
129: else
130: echo "<h1> $file </h1>\n";
131:
132: if ( $dl )
133: echo "<p class=\"Right\"><a href=\"$orig_file\">Download "
134: . basename($file) . "</a></p>\n";
135:
136: echo "<pre>\n";
137:
138: // echo htmlentities( file_get_contents($file) );
139: $contents = file( $file, FILE_IGNORE_NEW_LINES );
140: $linenumwidth = strlen( count($contents) );
141: $format = "<b>%" . $linenumwidth . "d: </b>";
142:
143: foreach ($contents as $line_num => $line) {
144: if ( $linenums )
145: printf( $format, ($line_num + 1) );
146: echo htmlentities( rtrim($line) ) . "\n";
147: }
148:
149: // Output HTML epilog:
150: echo "</pre>\n";
151: ?>
152: </div>
153:
154: <div>
155: <?php
156: echo '
157: <script type="text/JavaScript">
158: // <![CDATA[
159: document.title = "' . basename($file) . '";
160: addFooter( "Question: ' . basename($file) . '" );
161: // ]]>
162: </script>
163: <noscript>
164: <p> This page was last updated by Wayne Pollock. </p>
165: </noscript>
166: '
167: ?>
168: </div></body></html>