String obfuscation functions have been corrected
This commit is contained in:
netico
parent
df75ecd381
commit
862fb92e8f
1 changed files with 37 additions and 33 deletions
70
wfe.php
70
wfe.php
|
|
@ -18,16 +18,22 @@
|
|||
* - Mobile version
|
||||
*/
|
||||
|
||||
# Debug
|
||||
ini_set('display_errors', 1);
|
||||
ini_set('display_startup_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
|
||||
# Configuration
|
||||
// Code version
|
||||
$version = "1.0.0";
|
||||
$version = "1.1.0";
|
||||
// Set to 'false' to disable security
|
||||
$jail = true;
|
||||
$jail = false;
|
||||
|
||||
# Constants
|
||||
// Folder in which the script runs
|
||||
define("FOLDER", getcwd());
|
||||
|
||||
# Main variables (warning! Editing below this line is potentially dangerous!)
|
||||
// The document root directory under which the current script is executing
|
||||
// as defined in the server's configuration file
|
||||
$docroot = $_SERVER["DOCUMENT_ROOT"];
|
||||
// The script itself
|
||||
$url = $_SERVER["PHP_SELF"];
|
||||
$script = basename($url);
|
||||
|
|
@ -55,17 +61,19 @@ if (isset($_GET["d"])) {
|
|||
$directory = deobfuscate($directory);
|
||||
}
|
||||
// Canonicalized absolute pathname
|
||||
// Does not follow symbolic links
|
||||
$path = realpath($path) . "/";
|
||||
if ($directory !== null) {
|
||||
$path = realpath($directory) . "/";
|
||||
}
|
||||
|
||||
// Document root directory
|
||||
$root = substr($path, 0, strlen($docroot));
|
||||
$root = substr($path, 0, strlen(FOLDER));
|
||||
if ($download !== null) {
|
||||
$root = substr($download, 0, strlen($docroot));
|
||||
$root = substr($download, 0, strlen(FOLDER));
|
||||
}
|
||||
// Do not access the entire file system!
|
||||
if ($jail === true && $root !== $docroot) {
|
||||
if ($jail === true && $root !== FOLDER) {
|
||||
header("Location: $url");
|
||||
exit;
|
||||
}
|
||||
|
|
@ -118,7 +126,7 @@ for ($i = 0; $i < count($items); $i++) {
|
|||
$link = null;
|
||||
}
|
||||
$directories[$i]["link"] = $link;
|
||||
$directories[$i]["name"] = "<b>></b> " . $name;
|
||||
$directories[$i]["name"] = "<b>↘</b> " . $name;
|
||||
$directories[$i]["type"] = "Directory";
|
||||
$directories[$i]["size"] = 0;
|
||||
$directories[$i]["date"] = prettydate($path . $items[$i]);
|
||||
|
|
@ -131,7 +139,7 @@ for ($i = 0; $i < count($items); $i++) {
|
|||
$link = null;
|
||||
}
|
||||
$files[$i]["link"] = $link;
|
||||
$files[$i]["name"] = "<b>♦</b> " . $name;
|
||||
$files[$i]["name"] = "<b>★</b> " . $name;
|
||||
$files[$i]["type"] = prettytype($path . $items[$i]);
|
||||
$files[$i]["size"] = prettysize(filesize($path . $items[$i]));
|
||||
$files[$i]["date"] = prettydate($path . $items[$i]);
|
||||
|
|
@ -141,14 +149,14 @@ for ($i = 0; $i < count($items); $i++) {
|
|||
|
||||
// Home directory
|
||||
$default[0]["link"] = $url;
|
||||
$default[0]["name"] = "<b>♥</b> Home";
|
||||
$default[0]["name"] = "<b>⚑</b> Home";
|
||||
$default[0]["type"] = "Directory";
|
||||
$default[0]["size"] = 0;
|
||||
$default[0]["date"] = prettydate(__DIR__);
|
||||
|
||||
// Parent directory
|
||||
$default[1]["link"] = $url . "?d=" . obfuscate($path . "../");
|
||||
$default[1]["name"] = "<b><</b> Parent directory";
|
||||
$default[1]["name"] = "<b>↖</b> Parent directory";
|
||||
$default[1]["type"] = "Directory";
|
||||
$default[1]["size"] = 0;
|
||||
$default[1]["date"] = prettydate($path . "..");
|
||||
|
|
@ -182,32 +190,36 @@ a:visited {
|
|||
}
|
||||
b {
|
||||
color: BlanchedAlmond;
|
||||
font-weight: bold;
|
||||
font-weight: lighter;
|
||||
font-size: 14pt;
|
||||
font-family: Sans-serif !important;
|
||||
}
|
||||
h1 {
|
||||
font-size: 48pt;
|
||||
font-weight: bold;
|
||||
font-size: 35pt;
|
||||
font-weight: bolder;
|
||||
font-family: Sans-serif !important;
|
||||
padding: 0pt;
|
||||
margin: 0pt 0pt 8pt 0pt;
|
||||
color: BlanchedAlmond;
|
||||
color: DarkSlateGrey;
|
||||
text-align: center;
|
||||
text-shadow: 2pt 2pt 10pt DimGray;
|
||||
letter-spacing: -5pt;
|
||||
background-color: LightSlateGray;
|
||||
border-radius: 15pt 15pt 0pt 0pt;
|
||||
margin-bottom: -12pt;
|
||||
padding: 4pt 0pt 16pt 0pt;
|
||||
}
|
||||
footer {
|
||||
margin-top: 10pt;
|
||||
font-size: 11pt;
|
||||
text-align: center;
|
||||
font-family: Sans-serif !important;
|
||||
}
|
||||
footer > p {
|
||||
margin: 0pt;
|
||||
padding-top: 1pt;
|
||||
}
|
||||
.container {
|
||||
border: 1pt solid LightSlateGray;
|
||||
border-radius: 5pt;
|
||||
border: 3pt solid LightSlateGray;
|
||||
border-radius: 15pt;
|
||||
padding: 20pt 0pt 24pt 28pt;
|
||||
background-color: DarkSlateGrey;
|
||||
}
|
||||
.flex-container {
|
||||
display: flex;
|
||||
|
|
@ -292,23 +304,15 @@ echo $html5;
|
|||
# Functions
|
||||
// String obfuscation
|
||||
// ROT-13 + Zlib compression + base64 encoding
|
||||
/*
|
||||
* 0. Original string
|
||||
* 1. base64 encoding
|
||||
* 2. ROT-13 encryption
|
||||
* 3. Zlib compression
|
||||
* 4. base64 encoding (again)
|
||||
*/
|
||||
// See: https://stackoverflow.com/questions/2996049/how-to-compress-decompress-a-long-query-string-in-php
|
||||
function obfuscate($str)
|
||||
{
|
||||
$str = base64_encode(gzdeflate(str_rot13(base64_encode($str)), 9));
|
||||
return $str;
|
||||
return rtrim(strtr(base64_encode(gzdeflate(str_rot13($str), 9)), '+/', '-_'), '=');
|
||||
}
|
||||
|
||||
function deobfuscate($str)
|
||||
{
|
||||
$str = base64_decode(str_rot13(gzinflate(base64_decode($str))));
|
||||
return $str;
|
||||
return str_rot13(gzinflate(base64_decode(strtr($str, '-_', '+/'))));
|
||||
}
|
||||
|
||||
// Prettifies file size
|
||||
|
|
|
|||
Loading…
Reference in a new issue