0

这里的某些东西与 PHP5 不兼容,但我完全不知道是什么。我的网络服务器上有一个 .htaccess 文件,其中包含“AddHandler x-mapp-php5 .php”行,因为服务器上几乎所有其他内容都需要它,并且默认为 PHP4 ......但是;我需要这个脚本才能工作,但它只适用于 PHP4。知道问题出在哪里吗?

<?  
/* config for the script */  
$download_path = "content"; /* path to your files, NB: no slash at the end */  
$sort = "asort"; /* array sorting - alphabetical sorting for the array */  

/* start the script... no more editing from here on... */  

/* get a list of the files + dirs and turn the list into an array */  
function file_list($dir) {  
  global $sort;  
  global $file_file_count;  
  if (is_dir($dir)) {  
    $fd = @opendir($dir);  
    while (($part = @readdir($fd)) == true) {  
      clearstatcache();  
      if ($part != "." && $part != "..") {  
        $file_array[] = $part;  
      }  
    }  
  if ($fd == true) {  
    closedir($fd);  
  }  
  if (is_array($file_array)) {  
    $sort($file_array);  
    $file_file_count = count($file_array);  
    return $file_array;  
  } else {  
    return false;  
  }  
  } else {  
    return false;  
  }  
}  

/* function to convert to Mb, Kb and bytes */  
function file_size($size) {  
  $megabyte = 1024 * 1024;  
    if ($size > $megabyte) { /* literal.float */  
      $re_sized = sprintf("%01.2f", $size / $megabyte) . " Mb";  
    } elseif ($size > 1024) {  
      $re_sized = sprintf("%01.2f", $size / 1024) . " Kb";  
    } else {  
      $re_sized = $size . " bytes";  
    }  
  return $re_sized;  
}  

/* get a list of the files/dirs, put them into a table. */  
function generate_file_list($path) {  
  global $download_path;  
  global $PHP_SELF;  
  $final_path = str_replace("//","/",str_replace("..","",urldecode($path)));  
  $file_array = file_list("$download_path/$final_path/");  
  echo "<b>$final_path/</b>\n";  
  echo "<br><br>\n\n";  
  if ($file_array == false) { /* check if the dir is an array before we process it to foreach(); */  
    echo "directory empty\n";  
  } else {  
    echo "<table width=\"75%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";  
    echo "<tr><td><b>file</b></td><td><b>size</b></td></tr>\n";  
    foreach ($file_array as $file_name) {  
      $is_file = "$download_path/$final_path/$file_name";  
      $final_dir_name = urlencode($final_path); /* urlencode(); to prevent any broken links - decode on do_download(); */  
      $final_file_name = urlencode($file_name);  
      $file_size = filesize("$download_path/$final_path/$file_name");  
      $final_file_size = file_size($file_size);  
      if (is_file($is_file)) {  
        print "<tr><td><a href=\"$PHP_SELF?go=download&path=$final_dir_name&file=$final_file_name\">$file_name</a></td><td>$final_file_size</td></tr>\n";  
      } elseif (is_dir($is_file)) {  
        print "<tr><td><a href=\"$PHP_SELF?go=list&path=$final_dir_name/$final_file_name\">$file_name/</a></td><td>&lt;dir&gt;</td></tr>\n"; /* we don't need a size for a directory */  
      }  
    }  
    echo "</table>\n";  
  }  
}  
/* allow the user to download the file... */  
function do_download($path,$file) {  
  global $download_path;  
  $get_path = str_replace("//","/",str_replace("..","",stripslashes(urldecode($path)))); /* fopen adds \ to ' - so we strip 'em. */  
  $get_file = str_replace("//","/",str_replace("..","",stripslashes(urldecode($file))));  
    header("Content-Disposition: atachment; filename=$get_file");  
    header("Content-Type: application/octet-stream");  
    header("Content-Length: ".filesize("$download_path/$get_path/$get_file"));  
    header("Cache-Control: no-cache, must-revalidate");  
    header("Pragma: no-cache");  
    header("Expires: 0");  
  $fp = fopen("$download_path/$get_path/$get_file","r");  
  print fread($fp,filesize("$download_path/$get_path/$get_file"));  
  fclose($fp);  
  exit;  
}  

if (!isset($go)) {  
  $go = "dirlist";  
} if ($go == "dirlist") {  
    generate_file_list(""); /* null, so we get a list for the root directory */  
  } elseif ($go == "list" && isset($path)) {  
    if (isset($path)) { /* if the path is null - it returns a list for the root directory */  
      generate_file_list($path); /* get a list for the path specified */  
    } else {  
      generate_file_list("");  
    }  
  } elseif ($go == "download") {  
      if (isset($path) && isset($file)) {  
        do_download($path,$file); /* download the file... */  
      } else {  
    echo "no file selected to download :)\n";  
  }  
}  
?>
4

2 回答 2

2

当您修复了由 fiXedd 和 jmucchiello 建议的 Register Globals 问题后,请确保在generate_file_list函数中删除对 $PHP_SELF 的引用。首先,它不再那样存在:它现在是 $_SERVER['PHP_SELF'] 但更重要的是,您的脚本使用它的方式使您面临跨站点脚本问题。

阅读更多内容:http ://www.seancoates.com/xss-woes

于 2009-05-07T05:00:08.560 回答
1

代码假设$go$file$path变量被神奇地设置了。要解决这个问题(并修复脚本),您可以将脚本的开头更改为如下所示:

<?  
/* config for the script */  
$download_path = 'content'; /*path to your files, NB: no slash at the end*/  
$sort = 'asort'; /* array sorting - alphabetical sorting for the array */  

/* start the script... no more editing from here on... */  
$go   = $_REQUEST['go'];
$file = $_REQUEST['file'];
$path = $_REQUEST['path'];

// ...

由于称为Register Globals的东西,此用途为您工作。现在已将其关闭,因为它是一个相当大的安全问题,并且导致了草率的编码实践。

于 2009-05-07T04:35:50.133 回答