Menu
▾
▴
phpshell AUTHORS,1.2,1.3 ChangeLog,1.2,1.3 INSTALL,1.1,1.2 README,1.2,1.3 phpshell.php,1.2,1.3
|
From: Martin G. <mge...@us...> - 2006-01-13 17:23:49
|
Update of /cvsroot/phpshell/phpshell In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19452 Modified Files: AUTHORS ChangeLog INSTALL README phpshell.php Log Message: Imported PHP Shell version 1.7. Index: phpshell.php =================================================================== RCS file: /cvsroot/phpshell/phpshell/phpshell.php,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- phpshell.php 13 Jan 2006 17:11:37 -0000 1.2 +++ phpshell.php 13 Jan 2006 17:23:34 -0000 1.3 @@ -1,6 +1,6 @@ <?php -define('PHPSHELL_VERSION', '1.6'); +define('PHPSHELL_VERSION', '1.7'); /* @@ -9,9 +9,10 @@ ************************************************************** $Id$ - An interactive PHP-page that will execute any command entered. - See the files README and INSTALL or http://www.gimpster.com for - further information. + PHP Shell is aninteractive PHP-page that will execute any command + entered. See the files README and INSTALL or http://www.gimpster.com + for further information. + Copyright (C) 2000-2002 Martin Geisler <gim...@gi...> This program is free software; you can redistribute it and/or @@ -40,15 +41,29 @@ <h1>PHP Shell <?php echo PHPSHELL_VERSION ?></h1> <?php + +if (ini_get('register_globals') != '1') { + /* We'll register the variables as globals: */ + if (!empty($HTTP_POST_VARS)) + extract($HTTP_POST_VARS); + + if (!empty($HTTP_GET_VARS)) + extract($HTTP_GET_VARS); + + if (!empty($HTTP_SERVER_VARS)) + extract($HTTP_SERVER_VARS); +} + /* First we check if there has been asked for a working directory. */ if (!empty($work_dir)) { /* A workdir has been asked for */ if (!empty($command)) { if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) { + /* We try and match a cd command. */ if ($regs[1][0] == '/') { - $new_dir = $regs[1]; + $new_dir = $regs[1]; // 'cd /something/...' } else { - $new_dir = $work_dir . '/' . $regs[1]; + $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...' } if (file_exists($new_dir) && is_dir($new_dir)) { $work_dir = $new_dir; @@ -58,31 +73,33 @@ } } -/* we chdir to that dir. */ if (file_exists($work_dir) && is_dir($work_dir)) { + /* We change directory to that dir: */ chdir($work_dir); - $work_dir = exec("pwd"); -} else { - /* No work_dir - we chdir to $DOCUMENT_ROOT */ - chdir($DOCUMENT_ROOT); - $work_dir = $DOCUMENT_ROOT; } + +/* We now update $work_dir to avoid things like '/foo/../bar': */ +$work_dir = exec('pwd'); + ?> <form name="myform" action="<?php echo $PHP_SELF ?>" method="post"> <p>Current working directory: <b> <?php -$work_dir_splitted = explode("/", substr($work_dir, 1)); -echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "/&command=" . urlencode($command) . "\">Root</a>/"; -if ($work_dir_splitted[0] == "") { - $work_dir = "/"; /* Root directory. */ -} else { + +$work_dir_splitted = explode('/', substr($work_dir, 1)); + +echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/'; + +if (!empty($work_dir_splitted[0])) { + $path = ''; for ($i = 0; $i < count($work_dir_splitted); $i++) { - /* echo "i = $i";*/ - $url .= "/".$work_dir_splitted[$i]; - echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "&command=" . urlencode($command) . "\">$work_dir_splitted[$i]</a>/"; + $path .= '/' . $work_dir_splitted[$i]; + printf('<a href="%s?work_dir=%s">%s</a>/', + $PHP_SELF, urlencode($path), $work_dir_splitted[$i]); } } + ?></b></p> <p>Choose new working directory: <select name="work_dir" onChange="this.form.submit()"> @@ -92,15 +109,15 @@ /* Run through all the files and directories to find the dirs. */ while ($dir = readdir($dir_handle)) { if (is_dir($dir)) { - if ($dir == ".") { + if ($dir == '.') { echo "<option value=\"$work_dir\" selected>Current Directory</option>\n"; - } elseif ($dir == "..") { + } elseif ($dir == '..') { /* We have found the parent dir. We must be carefull if the parent directory is the root directory (/). */ if (strlen($work_dir) == 1) { /* work_dir is only 1 charecter - it can only be / There's no parent directory then. */ - } elseif (strrpos($work_dir, "/") == 0) { + } elseif (strrpos($work_dir, '/') == 0) { /* The last / in work_dir were the first charecter. This means that we have a top-level directory eg. /bin or /home etc... */ @@ -111,7 +128,7 @@ echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n"; } } else { - if ($work_dir == "/") { + if ($work_dir == '/') { echo "<option value=\"$work_dir$dir\">$dir</option>\n"; } else { echo "<option value=\"$work_dir/$dir\">$dir</option>\n"; @@ -120,6 +137,7 @@ } } closedir($dir_handle); + ?> </select></p> @@ -152,7 +170,7 @@ </script> <hr> -<i>Copyright © 2000-2002, <a +<i>Copyright © 2000–2002, <a href="mailto:gim...@gi...">Martin Geisler</a>. Get the latest version at <a href="http://www.gimpster.com">www.gimpster.com</a>.</i> </body> Index: README =================================================================== RCS file: /cvsroot/phpshell/phpshell/README,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- README 13 Jan 2006 17:11:37 -0000 1.2 +++ README 13 Jan 2006 17:23:34 -0000 1.3 @@ -1,11 +1,11 @@ -README for PHP Shell 1.6 -Copyright (C) 2000 Martin Geisler <gim...@gi...> +README for PHP Shell 1.7 +Copyright (C) 2000-2002 Martin Geisler <gim...@gi...> Licensed under the GNU GPL. See the file COPYING for details. What is PHP Shell? ------------------ PHP Shell is a shell wrapped in a PHP script. It's a tool you can use -to execute arbiritary shell-commands or browse the filesystem on your +to execute arbitrary shell-commands or browse the filesystem on your remote webserver. This replaces, to a degree, a normal telnet-connection. You can use it for transferring your site as a compressed file, and then unpack it on the webserver, administration and maintenance of @@ -28,6 +28,21 @@ though :-) +Safe Mode +--------- +If PHP is running in Safe Mode, then you cannot use PHP Shell - sorry. +Safe Mode restricts the commands that can be executed using the +system() call in PHP, and it also restricts the files and directories +that can be accessed using other calls in PHP. + +The effect is, that PHP Shell simply doesn't work - you cannot change +directory and you cannot execute any commands. + +Safe Mode is often used on servers that host several websites for +different users to limit the users ability to peek at each others +files. + + Who am I? --------- (Well, my name is Martin, but that's not the point :-) @@ -73,7 +88,7 @@ The current working directory: This is the directory where all command are being executed. You can use the dropdown-box to choose a new working directory. To quickly - jump towards the root of the filesystem, just click on + jump toward the root of the filesystem, just click on one of the links to jump to that directory. The Output @@ -109,16 +124,16 @@ and the nature of the feature/bugfix. README - (This file:-) + This file :-) INSTALL Tells you how to install PHP Shell. It explains how you can password-protect PHP Shell - this is very important, or else everybody will be able so snoop into your files and perhaps also be - able to delete them! I've already seem one site that were using PHP - Shell without password-protection, I was able so quickly find their - config.inc.php-file from phpMyAdmin, and read the password to the - database! So please take the time to password-protect PHP Shell. + able to delete them! I've already seen one site that were using PHP + Shell without password-protection - I was able so quickly find their + config.inc.php file from phpMyAdmin, and read the password to the + database! So please take the time to protect PHP Shell. sample.htaccess To make it extra easy for you to password-protect PHP Shell, I've @@ -127,4 +142,4 @@ you try to access the directory containing PHP Shell. COPYING - Standard GNU disclamer \ No newline at end of file + Standard GNU disclaimer Index: AUTHORS =================================================================== RCS file: /cvsroot/phpshell/phpshell/AUTHORS,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- AUTHORS 13 Jan 2006 17:11:37 -0000 1.2 +++ AUTHORS 13 Jan 2006 17:23:34 -0000 1.3 @@ -8,3 +8,6 @@ Robert Niess <st...@i-...> Made me aware of a security hole in the handling of stderr-trapping. + +Gerry Calderhead <cal...@ev...> + Patch for PHP 4.2.0 where register_globals are turned off. Index: INSTALL =================================================================== RCS file: /cvsroot/phpshell/phpshell/INSTALL,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- INSTALL 13 Jan 2006 16:58:45 -0000 1.1 +++ INSTALL 13 Jan 2006 17:23:34 -0000 1.2 @@ -1,10 +1,13 @@ Installation instructions for PHP Shell -Copyright (C) 2000 Martin Geisler <gim...@gi...> +Copyright (C) 2000-2002 Martin Geisler <gim...@gi...> Licensed under the GNU GPL. See the file COPYING for details. + Getting the tarball ------------------- -You can always get the latest version from www.gimpster.com. +You can always get the latest version from my homepage: + + http://www.gimpster.com/php/phpshell/ Installation @@ -12,7 +15,12 @@ Installation is easy: just untar the tarball into your webserver, and then type in the URL of the page phpshell.php. It should look something like this: -http://your.server.com/phpshell/phpshell.php + + http://your.server.com/phpshell/phpshell.php + +Please note, that PHP Shell doesn't work if PHP is running in Safe +Mode. There is nothing I can do about this - Safe Mode was made to +prevent scripts just like PHP Shell. Password-protecting PHP Shell @@ -26,7 +34,7 @@ If you don't have such a file, then creating one is easy. Type the following as root: -$ htpasswd -c /home/httpd/auth_users <username> + $ htpasswd -c /home/httpd/auth_users <username> This will create the file /home/httpd/auth_users and promt for a password for the username supplied. If your Apache is installed @@ -41,11 +49,10 @@ usual disclaimer in the file LICENSE. (This software is licensed under GPL, I'm not responsible if you blow things up, etc... :-) + Bugs? ----- If you find a bug or miss something in PHP Shell, please don't -hesitate to mail me at <gim...@gi...>! It has only been -tested for a very short time, so there might be some quirks in odd -situations. +hesitate to mail me at <gim...@gi...>! -Enjoy! - Martin Geisler <gim...@gi...> \ No newline at end of file +Enjoy! - Martin Geisler <gim...@gi...> Index: ChangeLog =================================================================== RCS file: /cvsroot/phpshell/phpshell/ChangeLog,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- ChangeLog 13 Jan 2006 17:11:37 -0000 1.2 +++ ChangeLog 13 Jan 2006 17:23:34 -0000 1.3 @@ -1,5 +1,25 @@ +2002-09-18 Martin Geisler <gim...@gi...> + + * phpshell.php 1.18: + Use the directory of phpshell.php as the default working directory. + + * AUTHORS 1.3: Added Gerry Calderhead <cal...@ev...>. + + * phpshell.php 1.17: + PHP Shell now works on PHP 4.2.0 with register_globals turned off. + +2002-06-10 Martin Geisler <gim...@gi...> + + * INSTALL 1.3: Added a section about Safe Mode in PHP. + + * README 1.9: + Added a section about Safe Mode in PHP. Also fixed a lot of spelling + errors. + 2002-03-23 Martin Geisler <gim...@gi...> + * README 1.8: Added a version number to the file. + * AUTHORS 1.2: Added a notice about Robert Niess <st...@i-...>. * phpshell.php 1.16: |
