hello,
So I borrowed this fragment of code from a site which content is gone for now, so I can't contact The Author. Therefore I though I'll give it a try here. I searched Google for too long for a descent file & directory browser and I was'nt able to find anything better than this. The problem is, changing directoryes does'nt work, which really makes this script useless for me right now .(
So anyway I was wondering, if some (good&smart๐ person could take a quick look at this file browser script and give me some directions as what could be wrong here or maybe even fix it ๐
The other issue I was brought attention to was if this script is secure !? .. could it be someone could gain access through apache to say /etc or something like that, this cheeting check mechanism, how secure is it really?
here goes:
<?php if (file_exists($path."/.nobrowse")): header("Location: $path"); endif;
$title = "Browse directory"; ?>
<?php
// check for $path and reset if someone's cheating
if (!$path) { $path = "."; }
if (ereg("../", $path) or ereg("/", $path) or ereg("~", $path)) {
$path = ".";
}
?>
<p>Currently browsing: <?php $dir = str_replace("./", "/", $path); if ($dir == "."): echo "site root"; else: echo $dir; endif; ?></p>
<table border="0" class="text" cellpadding="1" cellspacing="0">
<tr>
<td background="images/shade.gif"><img src="images/shim.gif" width="13" height="9" align="middle"> <b>Name</b></td>
<td background="images/shade.gif"><b>Size</b></td>
<td background="images/shade.gif"><b>Last modified</b></td>
<td background="images/shade.gif"><b>Type</b></td>
<td background="images/shade.gif"><b>Comments</b></td>
</tr>
<?php
// calculate $levelup
$splitpath = split("/", $path);
for ($i = 0; $i < sizeof($splitpath)-1; $i++) {
if ($i != sizeof($splitpath)-2) {
$levelup .= $splitpath[$i] . "/";
} else {
$levelup .= $splitpath[$i];
}
}
// the parent row
if ($path != ".") {
?>
<tr>
<td><img src="images/dir.png" width=13 height=9 border=0 align="middle"> <a href="list.php?path=<?=$levelup?>">../</a></td>
<td>-</td>
<td>-</td>
<td>Directory up </td>
<td></td>
</tr>
<? } ?>
<?php
// define file descriptions
$desc['php'] = "PHP document";
$desc['htm'] = "HTML document";
$desc['txt'] = "Text document";
$desc['pl'] = "PERL script";
$desc['gz'] = "GZIP archive";
$desc['tgz'] = "GZIP archive";
$desc['jpg'] = "JPEG image";
$desc['gif'] = "GIF image";
$desc['png'] = "PNG image";
// open the comments file
$comments = @file($path."/.comments");
// parse and secure comments file, and generate variable variables
for ($i = 0; $i < sizeof($comments); $i++) {
$line = split("=", $comments[$i]);
$line[0] = str_replace(".", "", $line[0]);
$line[0] = str_replace(" ", "", $line[0]);
$$line[0] = $line[1];
}
// open the directory
$handle = opendir($path);
// loop through the handle to generate $list
while ($file = readdir($handle)) {
$list[] = $file; // why does this need to be here? I can't figure it out
}
// sort the list
sort($list);
// seperate files and directories
for ($i = 0; $i < sizeof($list); $i++) {
if (filetype($path."/".$list[$i]) == "dir") {
$list_dirs[] = $list[$i];
} else {
$list_files[] = $list[$i];
}
}
// merge the two file lists
$list = array_merge($list_dirs, $list_files);
// the main directory listing loop
for ($i = 0; $i < sizeof($list); $i++) {
// define $file and remove .*/_*
$file = $list[$i];
if (ereg("^\.", $file) or ereg("^_", $file)) { } else {
// cunningly get the extension
$ext = substr(strrchr($file, "."), 1);
// calculate the size of the file
$size = filesize($path."/".$file);
if ($size > 1024 and $size < 1024*1024) {
$size = $size/1024;
$size = round($size, 1)."kb";
}
if ($size > 1024*1024) {
$size = $size/1024/1024;
$size = round($size, 1)."mb";
}
// get the last modified date
$date = filemtime($path."/".$file);
// format last modified date
$date = date("d/m/y, H:i", $date);
// get the filetype and generate href="
$type = filetype($path."/".$file);
if ($type == "dir") {
if (file_exists($path."/".$file."/.nobrowse")) {
$href = $path."/".$file;
} else {
$href = "list.php?path=".$path."/".$file;
}
} else {
$href = $path."/".$file;
}
?>
<tr>
<td valign="top" nowrap>
<?php if ($type == "dir") {
echo "<img src=\"images/dir.png\" width=\"13\" height=\"9\" align=\"middle\">";
} else {
echo "<img src=\"images/shim.gif\" width=\"13\" height=\"9\" align=\"middle\">";
}
?>
<a href="<?=$href?>"><?=$file?></a> </td>
<td valign="top" nowrap><?=$size?> </td>
<td valign="top" nowrap><?=$date?> </td>
<td valign="top" nowrap><?php
if ($type == "dir") {
echo("Folder");
} else {
echo $desc["$ext"];
if (ereg('.php$', $file)) {
echo (" <a href=\"view-source.php?file=$path/$file\">[view source]</a>");
}
}
?> </td>
<td valign="top"><?php
$file = str_replace(".", "", $file);
$file = str_replace(" ", "", $file);
echo $$file; // this is a variable variable. Cunning, don't you think?
?></td>
</tr>
<?
}
}
?>
</table>
