123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303 |
- <?php
-
- $web = 'index.php';
-
- if (in_array('phar', stream_get_wrappers()) && class_exists('Phar', 0)) {
- Phar::interceptFileFuncs();
- set_include_path('phar://' . __FILE__ . PATH_SEPARATOR . get_include_path());
- Phar::webPhar(null, $web);
- include 'phar://' . __FILE__ . '/' . Extract_Phar::START;
- return;
- }
-
- if (@(isset($_SERVER['REQUEST_URI']) && isset($_SERVER['REQUEST_METHOD']) && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'POST'))) {
- Extract_Phar::go(true);
- $mimes = array(
- 'phps' => 2,
- 'c' => 'text/plain',
- 'cc' => 'text/plain',
- 'cpp' => 'text/plain',
- 'c++' => 'text/plain',
- 'dtd' => 'text/plain',
- 'h' => 'text/plain',
- 'log' => 'text/plain',
- 'rng' => 'text/plain',
- 'txt' => 'text/plain',
- 'xsd' => 'text/plain',
- 'php' => 1,
- 'inc' => 1,
- 'avi' => 'video/avi',
- 'bmp' => 'image/bmp',
- 'css' => 'text/css',
- 'gif' => 'image/gif',
- 'htm' => 'text/html',
- 'html' => 'text/html',
- 'htmls' => 'text/html',
- 'ico' => 'image/x-ico',
- 'jpe' => 'image/jpeg',
- 'jpg' => 'image/jpeg',
- 'jpeg' => 'image/jpeg',
- 'js' => 'application/x-javascript',
- 'midi' => 'audio/midi',
- 'mid' => 'audio/midi',
- 'mod' => 'audio/mod',
- 'mov' => 'movie/quicktime',
- 'mp3' => 'audio/mp3',
- 'mpg' => 'video/mpeg',
- 'mpeg' => 'video/mpeg',
- 'pdf' => 'application/pdf',
- 'png' => 'image/png',
- 'swf' => 'application/shockwave-flash',
- 'tif' => 'image/tiff',
- 'tiff' => 'image/tiff',
- 'wav' => 'audio/wav',
- 'xbm' => 'image/xbm',
- 'xml' => 'text/xml',
- );
-
- header("Cache-Control: no-cache, must-revalidate");
- header("Pragma: no-cache");
-
- $basename = basename(__FILE__);
- if (!strpos($_SERVER['REQUEST_URI'], $basename)) {
- chdir(Extract_Phar::$temp);
- include $web;
- return;
- }
- $pt = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], $basename) + strlen($basename));
- if (!$pt || $pt == '/') {
- $pt = $web;
- header('HTTP/1.1 301 Moved Permanently');
- header('Location: ' . $_SERVER['REQUEST_URI'] . '/' . $pt);
- exit;
- }
- $a = realpath(Extract_Phar::$temp . DIRECTORY_SEPARATOR . $pt);
- if (!$a || strlen(dirname($a)) < strlen(Extract_Phar::$temp)) {
- header('HTTP/1.0 404 Not Found');
- echo "<html>\n <head>\n <title>File Not Found<title>\n </head>\n <body>\n <h1>404 - File ", $pt, " Not Found</h1>\n </body>\n</html>";
- exit;
- }
- $b = pathinfo($a);
- if (!isset($b['extension'])) {
- header('Content-Type: text/plain');
- header('Content-Length: ' . filesize($a));
- readfile($a);
- exit;
- }
- if (isset($mimes[$b['extension']])) {
- if ($mimes[$b['extension']] === 1) {
- include $a;
- exit;
- }
- if ($mimes[$b['extension']] === 2) {
- highlight_file($a);
- exit;
- }
- header('Content-Type: ' .$mimes[$b['extension']]);
- header('Content-Length: ' . filesize($a));
- readfile($a);
- exit;
- }
- }
-
- class Extract_Phar
- {
- static $temp;
- static $origdir;
- const GZ = 0x1000;
- const BZ2 = 0x2000;
- const MASK = 0x3000;
- const START = 'index.php';
- const LEN = 6685;
-
- static function go($return = false)
- {
- $fp = fopen(__FILE__, 'rb');
- fseek($fp, self::LEN);
- $L = unpack('V', $a = (binary)fread($fp, 4));
- $m = (binary)'';
-
- do {
- $read = 8192;
- if ($L[1] - strlen($m) < 8192) {
- $read = $L[1] - strlen($m);
- }
- $last = (binary)fread($fp, $read);
- $m .= $last;
- } while (strlen($last) && strlen($m) < $L[1]);
-
- if (strlen($m) < $L[1]) {
- die('ERROR: manifest length read was "' .
- strlen($m) .'" should be "' .
- $L[1] . '"');
- }
-
- $info = self::_unpack($m);
- $f = $info['c'];
-
- if ($f & self::GZ) {
- if (!function_exists('gzinflate')) {
- die('Error: zlib extension is not enabled -' .
- ' gzinflate() function needed for zlib-compressed .phars');
- }
- }
-
- if ($f & self::BZ2) {
- if (!function_exists('bzdecompress')) {
- die('Error: bzip2 extension is not enabled -' .
- ' bzdecompress() function needed for bz2-compressed .phars');
- }
- }
-
- $temp = self::tmpdir();
-
- if (!$temp || !is_writable($temp)) {
- $sessionpath = session_save_path();
- if (strpos ($sessionpath, ";") !== false)
- $sessionpath = substr ($sessionpath, strpos ($sessionpath, ";")+1);
- if (!file_exists($sessionpath) || !is_dir($sessionpath)) {
- die('Could not locate temporary directory to extract phar');
- }
- $temp = $sessionpath;
- }
-
- $temp .= '/pharextract/'.basename(__FILE__, '.phar');
- self::$temp = $temp;
- self::$origdir = getcwd();
- @mkdir($temp, 0777, true);
- $temp = realpath($temp);
-
- if (!file_exists($temp . DIRECTORY_SEPARATOR . md5_file(__FILE__))) {
- self::_removeTmpFiles($temp, getcwd());
- @mkdir($temp, 0777, true);
- @file_put_contents($temp . '/' . md5_file(__FILE__), '');
-
- foreach ($info['m'] as $path => $file) {
- $a = !file_exists(dirname($temp . '/' . $path));
- @mkdir(dirname($temp . '/' . $path), 0777, true);
- clearstatcache();
-
- if ($path[strlen($path) - 1] == '/') {
- @mkdir($temp . '/' . $path, 0777);
- } else {
- file_put_contents($temp . '/' . $path, self::extractFile($path, $file, $fp));
- @chmod($temp . '/' . $path, 0666);
- }
- }
- }
-
- chdir($temp);
-
- if (!$return) {
- include self::START;
- }
- }
-
- static function tmpdir()
- {
- if (strpos(PHP_OS, 'WIN') !== false) {
- if ($var = getenv('TMP') ? getenv('TMP') : getenv('TEMP')) {
- return $var;
- }
- if (is_dir('/temp') || mkdir('/temp')) {
- return realpath('/temp');
- }
- return false;
- }
- if ($var = getenv('TMPDIR')) {
- return $var;
- }
- return realpath('/tmp');
- }
-
- static function _unpack($m)
- {
- $info = unpack('V', substr($m, 0, 4));
- $l = unpack('V', substr($m, 10, 4));
- $m = substr($m, 14 + $l[1]);
- $s = unpack('V', substr($m, 0, 4));
- $o = 0;
- $start = 4 + $s[1];
- $ret['c'] = 0;
-
- for ($i = 0; $i < $info[1]; $i++) {
- $len = unpack('V', substr($m, $start, 4));
- $start += 4;
- $savepath = substr($m, $start, $len[1]);
- $start += $len[1];
- $ret['m'][$savepath] = array_values(unpack('Va/Vb/Vc/Vd/Ve/Vf', substr($m, $start, 24)));
- $ret['m'][$savepath][3] = sprintf('%u', $ret['m'][$savepath][3]
- & 0xffffffff);
- $ret['m'][$savepath][7] = $o;
- $o += $ret['m'][$savepath][2];
- $start += 24 + $ret['m'][$savepath][5];
- $ret['c'] |= $ret['m'][$savepath][4] & self::MASK;
- }
- return $ret;
- }
-
- static function extractFile($path, $entry, $fp)
- {
- $data = '';
- $c = $entry[2];
-
- while ($c) {
- if ($c < 8192) {
- $data .= @fread($fp, $c);
- $c = 0;
- } else {
- $c -= 8192;
- $data .= @fread($fp, 8192);
- }
- }
-
- if ($entry[4] & self::GZ) {
- $data = gzinflate($data);
- } elseif ($entry[4] & self::BZ2) {
- $data = bzdecompress($data);
- }
-
- if (strlen($data) != $entry[0]) {
- die("Invalid internal .phar file (size error " . strlen($data) . " != " .
- $stat[7] . ")");
- }
-
- if ($entry[3] != sprintf("%u", crc32((binary)$data) & 0xffffffff)) {
- die("Invalid internal .phar file (checksum error)");
- }
-
- return $data;
- }
-
- static function _removeTmpFiles($temp, $origdir)
- {
- chdir($temp);
-
- foreach (glob('*') as $f) {
- if (file_exists($f)) {
- is_dir($f) ? @rmdir($f) : @unlink($f);
- if (file_exists($f) && is_dir($f)) {
- self::_removeTmpFiles($f, getcwd());
- }
- }
- }
-
- @rmdir($temp);
- clearstatcache();
- chdir($origdir);
- }
- }
-
- Extract_Phar::go();
- __HALT_COMPILER(); ?>: manifest.xmlˆ '…;Xˆ vyP§¶ <?xml version="1.0" encoding="UTF-8"?>
- <phar xmlns="https://phar.io/xml/manifest/1.0">
- <contains name="some/library" version="1.0.0" type="library" />
- <copyright>
- <author name="Reiner Zufall" email="reiner@zufall.de"/>
- <license type="BSD-3-Clause" url="https://domain.tld/LICENSE"/>
- </copyright>
- <requires>
- <php version="7.0"/>
- </requires>
- </phar>
- !7]O>èaá~^ÐïY¸àÞy³ GBMB
|