/home/wpollock1/public_html/AUnixNet/LDAP/lister.php.bak
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html lang="en"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta name="description" content="PHP File Lister">
<meta name="author" content="Wayne Pollock">
<link rel="Shortcut Icon" type="image/x-icon" href="../../images/PHP.ico">
<link rel="stylesheet" href="../../Styles.css" type="text/css">
<script type="text/JavaScript" src="../../Common.js"> </script>
<title> PHP File Lister </title>
<style type="text/css">
<!--
@media screen {
b { color: yellow; }
}
-->
</style>
</head>
<body>
<div>
<?php
// Script to list files, preserving white space,
// with optional line numbers.
// Arguments: file=path_to_file (NOT a URI, to prevent foreign
// documents)
// linenums=true_or_false (default=false if omitted)
// nodir=true_or_false (default=false if omitted)
//
// Written 2/2009 by Wayne Pollock, Tampa Florida USA. All Rights Reserved.
// 11/2013 Updated the normalize function to allow filenames with
// hyphens and underscores.
// Parse args: filename (string) and linenums (true or false):
if ( isset($_REQUEST['file']) ) $orig_file = $_REQUEST['file'];
if ( isset($_REQUEST['linenums']) ) $linenums = $_REQUEST['linenums'];
if ( isset($_REQUEST['nodir']) ) $nodir = $_REQUEST['nodir'];
if ( isset($_REQUEST['dl']) ) $dl = $_REQUEST['dl'];
if ( ! isset( $orig_file ) or strlen($orig_file) === 0 ) {
echo "<h2>No filename provided!</h2>\n"
. "<p><em>You need to pass</em> "
. "<q><code>file=<em>name</em></code></q> in the query string.\n"
. "You can also add the <q><code>linenums</code></q> parameter "
. "to display line numbers, the <q><code>nodir</code></q> "
. "parameter to truncate the heading to only show the filename, "
. "and the <q><code>dl</code></q> parameter to add a download link "
. "(useful when showing line numbers).</p>\n";
echo '</div></body></html>';
exit;
}
$file = normalize ( $orig_file );
if ( $file === false or is_dir($file) ) {
header('HTTP/1.0 404 Not Found');
echo "<h1>404 Not Found</h1>\n";
echo "<p>The page that you have requested could not be found.</p>\n";
echo "</div>\n</body></html>\n";
exit();
}
// Sanitize filenames for security: only allow access to files below the
// DOCROOT:
function getdocroot () {
$localpath=getenv("SCRIPT_NAME");
$absolutepath= getenv("SCRIPT_FILENAME");
// Although Some OSes are case-sensitive, some are not, so
// get the position in a case-insensitive way, then use the
// case returned from getenv("SCRIPT_FILENAME"):
$docroot=substr( $absolutepath,0,
strpos( strtolower($absolutepath), strtolower($localpath) ) );
// Replace Windows back-slashes (forward ones work even on Windows):
$docroot = str_replace( "\\","/",$docroot );
return $docroot;
}
// Dis-allow weird characters in the filename argument, for security.
// On this site, all names are simple ASCII:
function normalize ( $pathname ) {
$pathname = htmlentities($pathname, ENT_QUOTES, 'UTF-8');
$pathname = preg_replace('~&([a-z]{1,2})' .
'(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~i',
'$1', $pathname);
$pathname = html_entity_decode($pathname, ENT_QUOTES, 'UTF-8');
$pathname = preg_replace(array('~[^0-9a-z./_-]~i', '~[ ]+~'), ' ', $pathname);
$pathname = trim($pathname, ' -');
// Check for illegal pathnames or pathnames outside of DOCROOT:
if ( realpath( $pathname ) ) {
$pathname = realpath( $pathname );
// Replace Windows back-slashes (forward ones work even on Windows):
$pathname = str_replace( "\\","/",$pathname );
// Finally, make sure the normalized absolute path is under DOCROOT:
$pos = strpos($pathname, getdocroot() );
if ( $pos !== false and $pos === 0 ) {
// In a more secure environment, should whitelist permitted files,
// or at least permitted extensions. This code allows any file
// below the docroot to be returned.
return $pathname;
}
}
return false; // Illegal pathname used
}
if ( ! isset($dl) or $dl == "false" )
$dl = false;
else
$dl = true;
if ( ! isset($linenums) or $linenums == "false" )
$linenums = false;
else
$linenums = true;
// "nodir" means to only display the filename in the heading,
// and not the pathname.
if ( ! isset($nodir) or $nodir == "false" )
$nodir = false;
else
$nodir = true;
// Output HTML document body (the file's contents):
if ( $nodir )
echo "<h1> " . basename($file) . " </h1>\n";
else
echo "<h1> $file </h1>\n";
if ( $dl )
echo "<p class=\"Right\"><a href=\"$orig_file\">Download "
. basename($file) . "</a></p>\n";
echo "<pre>\n";
// echo htmlentities( file_get_contents($file) );
$contents = file( $file, FILE_IGNORE_NEW_LINES );
$linenumwidth = strlen( count($contents) );
$format = "<b>%" . $linenumwidth . "d: </b>";
foreach ($contents as $line_num => $line) {
if ( $linenums )
printf( $format, ($line_num + 1) );
echo htmlentities( rtrim($line) ) . "\n";
}
// Output HTML epilog:
echo "</pre>\n";
?>
</div>
<div>
<?php
echo '
<script type="text/JavaScript">
// <![CDATA[
document.title = "' . basename($file) . '";
addFooter( "Question: ' . basename($file) . '" );
// ]]>
</script>
<noscript>
<p> This page was last updated by Wayne Pollock. </p>
</noscript>
'
?>
</div></body></html>