<?php ob_start(); ?>
<html>
<head>
<title>Hack This Site! :: Browsing Source</title>
<link rel="StyleSheet" href="codes.css" type="text/css" media="screen" />
</head>
<body>
<?php
$want_path = htmlentities($_GET['g']);
$startwith = $_SERVER['DOCUMENT_ROOT'];
// Relative -> absolute.
$want_path = "$startwith/$want_path/";
// Path resolution and ok-ness.
$path_parts = pathinfo($want_path.'/no_exist_file');
$full_file = htmlentities (realpath($path_parts['dirname']."/source.php"));
$full_path = htmlentities (realpath($path_parts['dirname']));
$rel_path = strip_abs($full_path);
$source_file = htmlentities($_GET['f']);
$source_full_file=$full_path.'/'.$source_file;
$source_rel_file = $rel_path . '/'. $source_file;
// Ok if the file exists and it's in the site dir.
$ok = false;
if (!empty($full_file) && strstr($full_file, $startwith) == $full_file)
{
$ok = true;
}
// If a sourceok regulation file exists.
if (file_exists($full_file) && $ok)
{
include($full_file);
// If the file is NOT in the ok list.
if (!in_array($source_file, $ok) && $source_file != 'source.php')
{
// List the stuff we can see.
echo "<h2>Index of $rel_path</h2><hr />";
echo "<ol style=\"list-style-type: none;\">";
echo "<li><span style=\"font-family: 'Courier New', monospace;\">[DIR]</span> <a href=\"loopdeloop.php\">Go Back</a></li>";
foreach($ok as $file_in_ok)
{
$file_in_ok = htmlentities ($file_in_ok);
echo "<li>";
echo "<span style=\"font-family: 'Courier New', monospace;\">[PHP]</span>";
echo "<a href=\"viewhts.php?g=$rel_path&f=$file_in_ok\">$file_in_ok</a>";
echo "</li>";
}
echo "<li><span style=\"font-family: 'Courier New', monospace;\">[PHP]</span><a href=\"viewhts.php?g=$rel_path&f=source.php\">source.php</a></li>";
echo "</ol>";
}
else
{
echo "<a href=\"viewhts.php?g=$rel_path\">go back</a> ";
echo "<a href=\"viewhts.php?g=$rel_path&f=$source_file&mode=line\">see line numbers</a> ";
echo "<a href=\"viewhts.php?g=$rel_path&f=$source_file&mode=raw\">get (semi)raw file</a> ";
echo "<a href=\"viewhts.php?g=$rel_path&f=$source_file&mode=download\">download file</a> ";
echo "<br />you are viewing $source_rel_file<br />";
echo "<a href=\"viewhts.php?g=$rel_path\">Back to Directory</a><br /><br />";
echo "<hr />";
switch (@$_GET['mode']) {
case 'line':
highlight_num($source_full_file);
break;
case 'raw':
echo "<pre>". htmlentities(file_get_contents($source_full_file)) ."</pre>";
break;
case 'download':
ob_end_clean();
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="' . $source_file . '"');
readfile($source_full_file);
echo "You are currently viewing the HTS source code. Copyright held by HTS developers. No permission to reproduce is given.";
exit;
break;
case 'file':
default:
highlight_file($source_full_file);
}
echo "<hr />";
echo "You are currently viewing the HTS source code. Copyright held by HTS developers. No permission to reproduce is given.";
}
}
else
{
highlight_file(__FILE__);
echo "<hr />";
echo "You are currently viewing the HTS source code. Copyright held by HTS developers. No permission to reproduce is given.";
}
function highlight_num($file)
{
echo '<code class="num">', implode(range(1, count(file($file))), '<br />'), '</code>';
highlight_file($file);
}
?>
</body>
</html>
<?php
ob_end_flush();
function strip_abs($path)
{
global $startwith;
return substr($path, strlen($startwith));
}
?>
You are currently viewing the HTS source code. Copyright held by HTS developers. No permission to reproduce is given.