/home/wpollock1/public_html/PHP/lister.php
1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
2: "http://www.w3.org/TR/html4/strict.dtd">
3: <html lang="en"> <head>
4: <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5: <meta name="description" content="PHP File Lister">
6: <meta name="author" content="Wayne Pollock">
7: <link rel="contents" href="../index.htm">
8: <link rel="previous" href="../index.htm">
9: <link rel="Icon" type="image/x-icon" href="../images/PHP.ico">
10: <link rel="stylesheet" href="../Styles.css" type="text/css">
11: <script type="text/JavaScript" src="../Common.js"> </script>
12:
13: <title> PHP File Lister (with optional line numbers) </title>
14:
15: <style type="text/css">
16: <!--
17: @media screen {
18: b { color: yellow; }
19: }
20: -->
21: </style>
22:
23: </head>
24: <body>
25: <div>
26: <?php
27: // Script to list files, preserving white space,
28: // with optional line numbers.
29: // Arguments: file=path_to_file (NOT a URI, to prevent foreign
30: // documents)
31: // linenums=true_or_false (default=false if omitted)
32: // nodir=true_or_false (default=false if omitted)
33: //
34: // Written 2/2009 by Wayne Pollock, Tampa Florida USA. All Rights Reserved.
35:
36: // Parse args: filename (string) and linenums (true or false):
37: if ( isset($_REQUEST['file']) ) $orig_file = $_REQUEST['file'];
38: if ( isset($_REQUEST['linenums']) ) $linenums = $_REQUEST['linenums'];
39: if ( isset($_REQUEST['nodir']) ) $nodir = $_REQUEST['nodir'];
40: if ( isset($_REQUEST['dl']) ) $dl = $_REQUEST['dl'];
41:
42: if ( ! isset( $orig_file ) or strlen($orig_file) === 0 ) {
43: echo "<h2>No filename provided!</h2>\n"
44: . "<p><em>You need to pass</em> "
45: . "<q><code>file=<em>name</em></code></q> in the query string.\n"
46: . "You can also add the <q><code>linenums</code></q> parameter "
47: . "to display line numbers, the <q><code>nodir</code></q> "
48: . "parameter to truncate the heading to only show the filename, "
49: . "and the <q><code>dl</code></q> parameter to add a download link "
50: . "(useful when showing line numbers).</p>\n";
51: echo '</div></body></html>';
52: exit;
53: }
54:
55: $file = normalize ( $orig_file );
56:
57: if ( $file === false or is_dir($file) ) {
58: header('HTTP/1.0 404 Not Found');
59: echo "<h1>404 Not Found</h1>\n";
60: echo "<p>The page that you have requested could not be found.</p>\n";
61: echo "</div>\n</body></html>\n";
62: exit();
63: }
64:
65: // Sanitize filenames for security: only allow access to files below the
66: // DOCROOT:
67: function getdocroot () {
68: $localpath=getenv("SCRIPT_NAME");
69: $absolutepath= getenv("SCRIPT_FILENAME");
70: // Although Some OSes are case-sensitive, some are not, so
71: // get the position in a case-insensitive way, then use the
72: // case returned from getenv("SCRIPT_FILENAME"):
73:
74: $docroot=substr( $absolutepath,0,
75: strpos( strtolower($absolutepath), strtolower($localpath) ) );
76: // Replace Windows back-slashes (forward ones work even on Windows):
77: $docroot = str_replace( "\\","/",$docroot );
78: return $docroot;
79: }
80:
81: // Dis-allow weird characters in the filename argument, for security.
82: // On this site, all names are simple ASCII:
83: function normalize ( $pathname ) {
84: $pathname = htmlentities($pathname, ENT_QUOTES, 'UTF-8');
85: $pathname = preg_replace('~&([a-z]{1,2})' .
86: '(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~i',
87: '$1', $pathname);
88: $pathname = html_entity_decode($pathname, ENT_QUOTES, 'UTF-8');
89: $pathname = preg_replace(array('~[^0-9a-z./]~i', '~[ -]+~'), ' ', $pathname);
90: $pathname = trim($pathname, ' -');
91:
92: // Check for illegal pathnames or pathnames outside of DOCROOT:
93: if ( realpath( $pathname ) ) {
94: $pathname = realpath( $pathname );
95: // Replace Windows back-slashes (forward ones work even on Windows):
96: $pathname = str_replace( "\\","/",$pathname );
97: if ( empty($pathname) ) return false;
98: // Finally, make sure the normalized absolute path is under DOCROOT:
99: $pos = strpos($pathname, getdocroot() );
100: if ( $pos !== false and $pos === 0 ) {
101: // In a more secure environment, should whitelist permitted files,
102: // or at least permitted extensions. This code allows any file
103: // below the docroot to be returned.
104: return $pathname;
105: }
106: }
107: return false; // Illegal pathname used
108: }
109:
110: if ( ! isset($dl) or $dl == "false" )
111: $dl = false;
112: else
113: $dl = true;
114:
115: if ( ! isset($linenums) or $linenums == "false" )
116: $linenums = false;
117: else
118: $linenums = true;
119:
120: // "nodir" means to only display the filename in the heading,
121: // and not the pathname.
122: if ( ! isset($nodir) or $nodir == "false" )
123: $nodir = false;
124: else
125: $nodir = true;
126:
127: // Output HTML document body (the file's contents):
128: if ( $nodir )
129: echo "<h1> " . basename($file) . " </h1>\n";
130: else
131: echo "<h1> $file </h1>\n";
132:
133: if ( $dl )
134: echo "<p class=\"Right\"><a href=\"$orig_file\">Download "
135: . basename($file) . "</a></p>\n";
136:
137: echo "<pre>\n";
138:
139: // echo htmlentities( file_get_contents($file) );
140: $contents = file( $file, FILE_IGNORE_NEW_LINES );
141: $linenumwidth = strlen( count($contents) );
142: $format = "<b>%" . $linenumwidth . "d: </b>";
143:
144: foreach ($contents as $line_num => $line) {
145: if ( $linenums )
146: printf( $format, ($line_num + 1) );
147: echo htmlentities( rtrim($line) ) . "\n";
148: }
149:
150: // Output HTML epilog:
151: echo "</pre>\n";
152: ?>
153: </div>
154:
155: <div>
156: <script type="text/JavaScript">
157: // <![CDATA[
158: addFooter( "Question: PHP File Lister" );
159: // ]]>
160: </script>
161: <noscript>
162: <p> This page was last updated by Wayne Pollock. </p>
163: </noscript>
164:
165: </div></body></html>