Rev 83 | Rev 87 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
80 | daniel-mar | 1 | #!/usr/bin/env php |
83 | daniel-mar | 2 | <?php @ob_end_clean(); ?><?php |
80 | daniel-mar | 3 | |
4 | $web = 'index.php'; |
||
5 | |||
6 | if (in_array('phar', stream_get_wrappers()) && class_exists('Phar', 0)) { |
||
7 | Phar::interceptFileFuncs(); |
||
8 | set_include_path('phar://' . __FILE__ . PATH_SEPARATOR . get_include_path()); |
||
9 | Phar::webPhar(null, $web); |
||
10 | include 'phar://' . __FILE__ . '/' . Extract_Phar::START; |
||
11 | return; |
||
12 | } |
||
13 | |||
14 | if (@(isset($_SERVER['REQUEST_URI']) && isset($_SERVER['REQUEST_METHOD']) && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'POST'))) { |
||
15 | Extract_Phar::go(true); |
||
16 | $mimes = array( |
||
17 | 'phps' => 2, |
||
18 | 'c' => 'text/plain', |
||
19 | 'cc' => 'text/plain', |
||
20 | 'cpp' => 'text/plain', |
||
21 | 'c++' => 'text/plain', |
||
22 | 'dtd' => 'text/plain', |
||
23 | 'h' => 'text/plain', |
||
24 | 'log' => 'text/plain', |
||
25 | 'rng' => 'text/plain', |
||
26 | 'txt' => 'text/plain', |
||
27 | 'xsd' => 'text/plain', |
||
28 | 'php' => 1, |
||
29 | 'inc' => 1, |
||
30 | 'avi' => 'video/avi', |
||
31 | 'bmp' => 'image/bmp', |
||
32 | 'css' => 'text/css', |
||
33 | 'gif' => 'image/gif', |
||
34 | 'htm' => 'text/html', |
||
35 | 'html' => 'text/html', |
||
36 | 'htmls' => 'text/html', |
||
37 | 'ico' => 'image/x-ico', |
||
38 | 'jpe' => 'image/jpeg', |
||
39 | 'jpg' => 'image/jpeg', |
||
40 | 'jpeg' => 'image/jpeg', |
||
41 | 'js' => 'application/x-javascript', |
||
42 | 'midi' => 'audio/midi', |
||
43 | 'mid' => 'audio/midi', |
||
44 | 'mod' => 'audio/mod', |
||
45 | 'mov' => 'movie/quicktime', |
||
46 | 'mp3' => 'audio/mp3', |
||
47 | 'mpg' => 'video/mpeg', |
||
48 | 'mpeg' => 'video/mpeg', |
||
49 | 'pdf' => 'application/pdf', |
||
50 | 'png' => 'image/png', |
||
51 | 'swf' => 'application/shockwave-flash', |
||
52 | 'tif' => 'image/tiff', |
||
53 | 'tiff' => 'image/tiff', |
||
54 | 'wav' => 'audio/wav', |
||
55 | 'xbm' => 'image/xbm', |
||
56 | 'xml' => 'text/xml', |
||
57 | ); |
||
58 | |||
59 | header("Cache-Control: no-cache, must-revalidate"); |
||
60 | header("Pragma: no-cache"); |
||
61 | |||
62 | $basename = basename(__FILE__); |
||
63 | if (!strpos($_SERVER['REQUEST_URI'], $basename)) { |
||
64 | chdir(Extract_Phar::$temp); |
||
65 | include $web; |
||
66 | return; |
||
67 | } |
||
68 | $pt = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], $basename) + strlen($basename)); |
||
69 | if (!$pt || $pt == '/') { |
||
70 | $pt = $web; |
||
71 | header('HTTP/1.1 301 Moved Permanently'); |
||
72 | header('Location: ' . $_SERVER['REQUEST_URI'] . '/' . $pt); |
||
73 | exit; |
||
74 | } |
||
75 | $a = realpath(Extract_Phar::$temp . DIRECTORY_SEPARATOR . $pt); |
||
76 | if (!$a || strlen(dirname($a)) < strlen(Extract_Phar::$temp)) { |
||
77 | header('HTTP/1.0 404 Not Found'); |
||
78 | echo "<html>\n <head>\n <title>File Not Found<title>\n </head>\n <body>\n <h1>404 - File Not Found</h1>\n </body>\n</html>"; |
||
79 | exit; |
||
80 | } |
||
81 | $b = pathinfo($a); |
||
82 | if (!isset($b['extension'])) { |
||
83 | header('Content-Type: text/plain'); |
||
84 | header('Content-Length: ' . filesize($a)); |
||
85 | readfile($a); |
||
86 | exit; |
||
87 | } |
||
88 | if (isset($mimes[$b['extension']])) { |
||
89 | if ($mimes[$b['extension']] === 1) { |
||
90 | include $a; |
||
91 | exit; |
||
92 | } |
||
93 | if ($mimes[$b['extension']] === 2) { |
||
94 | highlight_file($a); |
||
95 | exit; |
||
96 | } |
||
97 | header('Content-Type: ' .$mimes[$b['extension']]); |
||
98 | header('Content-Length: ' . filesize($a)); |
||
99 | readfile($a); |
||
100 | exit; |
||
101 | } |
||
102 | } |
||
103 | |||
104 | class Extract_Phar |
||
105 | { |
||
106 | static $temp; |
||
107 | static $origdir; |
||
108 | const GZ = 0x1000; |
||
109 | const BZ2 = 0x2000; |
||
110 | const MASK = 0x3000; |
||
111 | const START = 'plugins/smart/check_smart.phps'; |
||
112 | const LEN = 6664; |
||
113 | |||
114 | static function go($return = false) |
||
115 | { |
||
116 | $fp = fopen(__FILE__, 'rb'); |
||
117 | fseek($fp, self::LEN); |
||
118 | $L = unpack('V', $a = fread($fp, 4)); |
||
119 | $m = ''; |
||
120 | |||
121 | do { |
||
122 | $read = 8192; |
||
123 | if ($L[1] - strlen($m) < 8192) { |
||
124 | $read = $L[1] - strlen($m); |
||
125 | } |
||
126 | $last = fread($fp, $read); |
||
127 | $m .= $last; |
||
128 | } while (strlen($last) && strlen($m) < $L[1]); |
||
129 | |||
130 | if (strlen($m) < $L[1]) { |
||
131 | die('ERROR: manifest length read was "' . |
||
132 | strlen($m) .'" should be "' . |
||
133 | $L[1] . '"'); |
||
134 | } |
||
135 | |||
136 | $info = self::_unpack($m); |
||
137 | $f = $info['c']; |
||
138 | |||
139 | if ($f & self::GZ) { |
||
140 | if (!function_exists('gzinflate')) { |
||
141 | die('Error: zlib extension is not enabled -' . |
||
142 | ' gzinflate() function needed for zlib-compressed .phars'); |
||
143 | } |
||
144 | } |
||
145 | |||
146 | if ($f & self::BZ2) { |
||
147 | if (!function_exists('bzdecompress')) { |
||
148 | die('Error: bzip2 extension is not enabled -' . |
||
149 | ' bzdecompress() function needed for bz2-compressed .phars'); |
||
150 | } |
||
151 | } |
||
152 | |||
153 | $temp = self::tmpdir(); |
||
154 | |||
155 | if (!$temp || !is_writable($temp)) { |
||
156 | $sessionpath = session_save_path(); |
||
157 | if (strpos ($sessionpath, ";") !== false) |
||
158 | $sessionpath = substr ($sessionpath, strpos ($sessionpath, ";")+1); |
||
159 | if (!file_exists($sessionpath) || !is_dir($sessionpath)) { |
||
160 | die('Could not locate temporary directory to extract phar'); |
||
161 | } |
||
162 | $temp = $sessionpath; |
||
163 | } |
||
164 | |||
165 | $temp .= '/pharextract/'.basename(__FILE__, '.phar'); |
||
166 | self::$temp = $temp; |
||
167 | self::$origdir = getcwd(); |
||
168 | @mkdir($temp, 0777, true); |
||
169 | $temp = realpath($temp); |
||
170 | |||
171 | if (!file_exists($temp . DIRECTORY_SEPARATOR . md5_file(__FILE__))) { |
||
172 | self::_removeTmpFiles($temp, getcwd()); |
||
173 | @mkdir($temp, 0777, true); |
||
174 | @file_put_contents($temp . '/' . md5_file(__FILE__), ''); |
||
175 | |||
176 | foreach ($info['m'] as $path => $file) { |
||
177 | $a = !file_exists(dirname($temp . '/' . $path)); |
||
178 | @mkdir(dirname($temp . '/' . $path), 0777, true); |
||
179 | clearstatcache(); |
||
180 | |||
181 | if ($path[strlen($path) - 1] == '/') { |
||
182 | @mkdir($temp . '/' . $path, 0777); |
||
183 | } else { |
||
184 | file_put_contents($temp . '/' . $path, self::extractFile($path, $file, $fp)); |
||
185 | @chmod($temp . '/' . $path, 0666); |
||
186 | } |
||
187 | } |
||
188 | } |
||
189 | |||
190 | chdir($temp); |
||
191 | |||
192 | if (!$return) { |
||
193 | include self::START; |
||
194 | } |
||
195 | } |
||
196 | |||
197 | static function tmpdir() |
||
198 | { |
||
199 | if (strpos(PHP_OS, 'WIN') !== false) { |
||
200 | if ($var = getenv('TMP') ? getenv('TMP') : getenv('TEMP')) { |
||
201 | return $var; |
||
202 | } |
||
203 | if (is_dir('/temp') || mkdir('/temp')) { |
||
204 | return realpath('/temp'); |
||
205 | } |
||
206 | return false; |
||
207 | } |
||
208 | if ($var = getenv('TMPDIR')) { |
||
209 | return $var; |
||
210 | } |
||
211 | return realpath('/tmp'); |
||
212 | } |
||
213 | |||
214 | static function _unpack($m) |
||
215 | { |
||
216 | $info = unpack('V', substr($m, 0, 4)); |
||
217 | $l = unpack('V', substr($m, 10, 4)); |
||
218 | $m = substr($m, 14 + $l[1]); |
||
219 | $s = unpack('V', substr($m, 0, 4)); |
||
220 | $o = 0; |
||
221 | $start = 4 + $s[1]; |
||
222 | $ret['c'] = 0; |
||
223 | |||
224 | for ($i = 0; $i < $info[1]; $i++) { |
||
225 | $len = unpack('V', substr($m, $start, 4)); |
||
226 | $start += 4; |
||
227 | $savepath = substr($m, $start, $len[1]); |
||
228 | $start += $len[1]; |
||
229 | $ret['m'][$savepath] = array_values(unpack('Va/Vb/Vc/Vd/Ve/Vf', substr($m, $start, 24))); |
||
230 | $ret['m'][$savepath][3] = sprintf('%u', $ret['m'][$savepath][3] |
||
231 | & 0xffffffff); |
||
232 | $ret['m'][$savepath][7] = $o; |
||
233 | $o += $ret['m'][$savepath][2]; |
||
234 | $start += 24 + $ret['m'][$savepath][5]; |
||
235 | $ret['c'] |= $ret['m'][$savepath][4] & self::MASK; |
||
236 | } |
||
237 | return $ret; |
||
238 | } |
||
239 | |||
240 | static function extractFile($path, $entry, $fp) |
||
241 | { |
||
242 | $data = ''; |
||
243 | $c = $entry[2]; |
||
244 | |||
245 | while ($c) { |
||
246 | if ($c < 8192) { |
||
247 | $data .= @fread($fp, $c); |
||
248 | $c = 0; |
||
249 | } else { |
||
250 | $c -= 8192; |
||
251 | $data .= @fread($fp, 8192); |
||
252 | } |
||
253 | } |
||
254 | |||
255 | if ($entry[4] & self::GZ) { |
||
256 | $data = gzinflate($data); |
||
257 | } elseif ($entry[4] & self::BZ2) { |
||
258 | $data = bzdecompress($data); |
||
259 | } |
||
260 | |||
261 | if (strlen($data) != $entry[0]) { |
||
262 | die("Invalid internal .phar file (size error " . strlen($data) . " != " . |
||
263 | $stat[7] . ")"); |
||
264 | } |
||
265 | |||
266 | if ($entry[3] != sprintf("%u", crc32($data) & 0xffffffff)) { |
||
267 | die("Invalid internal .phar file (checksum error)"); |
||
268 | } |
||
269 | |||
270 | return $data; |
||
271 | } |
||
272 | |||
273 | static function _removeTmpFiles($temp, $origdir) |
||
274 | { |
||
275 | chdir($temp); |
||
276 | |||
277 | foreach (glob('*') as $f) { |
||
278 | if (file_exists($f)) { |
||
279 | is_dir($f) ? @rmdir($f) : @unlink($f); |
||
280 | if (file_exists($f) && is_dir($f)) { |
||
281 | self::_removeTmpFiles($f, getcwd()); |
||
282 | } |
||
283 | } |
||
284 | } |
||
285 | |||
286 | @rmdir($temp); |
||
287 | clearstatcache(); |
||
288 | chdir($origdir); |
||
289 | } |
||
290 | } |
||
291 | |||
292 | Extract_Phar::go(); |
||
293 | __HALT_COMPILER(); ?> |
||
84 | daniel-mar | 294 | q « a:1:{s:23:"1.3.6.1.4.1.37476.3.0.2";s:381:"sha256||<builder>|481cf75d675006b504520fd2acb3b29c89aea03aab64754e0adfb364de4914b2||framework/vnag_framework.inc.php|0387bf3134f8cc2d1ae24e139019c0edef19c1ba5ca765624efea0b469c7897f||plugins/smart/SmartCheck.class.php|3452daca55c37c75ebe2574f421778582664830f2d4052b2b9a265320c871146||plugins/smart/check_smart.phps|5d6f84f743cdb971371082cf1070b1bca1dc3b1f8478f53509b257ea565b4b77||";} framework/vnag_framework.inc.phpBÙ » +eBÙ Þß=¤ " |