寻找 PHP5 不兼容性
这里的某些内容与 PHP5 不兼容,但我完全不知道是什么。 我的网络服务器上有一个 .htaccess 文件,其中包含“AddHandler x-mapp-php5 .php”行,因为服务器上的几乎所有其他内容都需要它,并且默认为 PHP4...但是; 我需要这个脚本才能工作,但它仅适用于 PHP4。 知道问题出在哪里吗?
<?
/* config for the script */
$download_path = "content"; /* path to your files, NB: no slash at the end */
$sort = "asort"; /* array sorting - alphabetical sorting for the array */
/* start the script... no more editing from here on... */
/* get a list of the files + dirs and turn the list into an array */
function file_list($dir) {
global $sort;
global $file_file_count;
if (is_dir($dir)) {
$fd = @opendir($dir);
while (($part = @readdir($fd)) == true) {
clearstatcache();
if ($part != "." && $part != "..") {
$file_array[] = $part;
}
}
if ($fd == true) {
closedir($fd);
}
if (is_array($file_array)) {
$sort($file_array);
$file_file_count = count($file_array);
return $file_array;
} else {
return false;
}
} else {
return false;
}
}
/* function to convert to Mb, Kb and bytes */
function file_size($size) {
$megabyte = 1024 * 1024;
if ($size > $megabyte) { /* literal.float */
$re_sized = sprintf("%01.2f", $size / $megabyte) . " Mb";
} elseif ($size > 1024) {
$re_sized = sprintf("%01.2f", $size / 1024) . " Kb";
} else {
$re_sized = $size . " bytes";
}
return $re_sized;
}
/* get a list of the files/dirs, put them into a table. */
function generate_file_list($path) {
global $download_path;
global $PHP_SELF;
$final_path = str_replace("//","/",str_replace("..","",urldecode($path)));
$file_array = file_list("$download_path/$final_path/");
echo "<b>$final_path/</b>\n";
echo "<br><br>\n\n";
if ($file_array == false) { /* check if the dir is an array before we process it to foreach(); */
echo "directory empty\n";
} else {
echo "<table width=\"75%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
echo "<tr><td><b>file</b></td><td><b>size</b></td></tr>\n";
foreach ($file_array as $file_name) {
$is_file = "$download_path/$final_path/$file_name";
$final_dir_name = urlencode($final_path); /* urlencode(); to prevent any broken links - decode on do_download(); */
$final_file_name = urlencode($file_name);
$file_size = filesize("$download_path/$final_path/$file_name");
$final_file_size = file_size($file_size);
if (is_file($is_file)) {
print "<tr><td><a href=\"$PHP_SELF?go=download&path=$final_dir_name&file=$final_file_name\">$file_name</a></td><td>$final_file_size</td></tr>\n";
} elseif (is_dir($is_file)) {
print "<tr><td><a href=\"$PHP_SELF?go=list&path=$final_dir_name/$final_file_name\">$file_name/</a></td><td><dir></td></tr>\n"; /* we don't need a size for a directory */
}
}
echo "</table>\n";
}
}
/* allow the user to download the file... */
function do_download($path,$file) {
global $download_path;
$get_path = str_replace("//","/",str_replace("..","",stripslashes(urldecode($path)))); /* fopen adds \ to ' - so we strip 'em. */
$get_file = str_replace("//","/",str_replace("..","",stripslashes(urldecode($file))));
header("Content-Disposition: atachment; filename=$get_file");
header("Content-Type: application/octet-stream");
header("Content-Length: ".filesize("$download_path/$get_path/$get_file"));
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Expires: 0");
$fp = fopen("$download_path/$get_path/$get_file","r");
print fread($fp,filesize("$download_path/$get_path/$get_file"));
fclose($fp);
exit;
}
if (!isset($go)) {
$go = "dirlist";
} if ($go == "dirlist") {
generate_file_list(""); /* null, so we get a list for the root directory */
} elseif ($go == "list" && isset($path)) {
if (isset($path)) { /* if the path is null - it returns a list for the root directory */
generate_file_list($path); /* get a list for the path specified */
} else {
generate_file_list("");
}
} elseif ($go == "download") {
if (isset($path) && isset($file)) {
do_download($path,$file); /* download the file... */
} else {
echo "no file selected to download :)\n";
}
}
?>
Something in here is incompatible with PHP5, but I am totally lost as to what. I have an .htaccess file on my web server that has the line "AddHandler x-mapp-php5 .php", as it is required by just about everything else on the server and it defaults to PHP4...however; I need this one script to work, but it only works on PHP4. Any idea where the problem is?
<?
/* config for the script */
$download_path = "content"; /* path to your files, NB: no slash at the end */
$sort = "asort"; /* array sorting - alphabetical sorting for the array */
/* start the script... no more editing from here on... */
/* get a list of the files + dirs and turn the list into an array */
function file_list($dir) {
global $sort;
global $file_file_count;
if (is_dir($dir)) {
$fd = @opendir($dir);
while (($part = @readdir($fd)) == true) {
clearstatcache();
if ($part != "." && $part != "..") {
$file_array[] = $part;
}
}
if ($fd == true) {
closedir($fd);
}
if (is_array($file_array)) {
$sort($file_array);
$file_file_count = count($file_array);
return $file_array;
} else {
return false;
}
} else {
return false;
}
}
/* function to convert to Mb, Kb and bytes */
function file_size($size) {
$megabyte = 1024 * 1024;
if ($size > $megabyte) { /* literal.float */
$re_sized = sprintf("%01.2f", $size / $megabyte) . " Mb";
} elseif ($size > 1024) {
$re_sized = sprintf("%01.2f", $size / 1024) . " Kb";
} else {
$re_sized = $size . " bytes";
}
return $re_sized;
}
/* get a list of the files/dirs, put them into a table. */
function generate_file_list($path) {
global $download_path;
global $PHP_SELF;
$final_path = str_replace("//","/",str_replace("..","",urldecode($path)));
$file_array = file_list("$download_path/$final_path/");
echo "<b>$final_path/</b>\n";
echo "<br><br>\n\n";
if ($file_array == false) { /* check if the dir is an array before we process it to foreach(); */
echo "directory empty\n";
} else {
echo "<table width=\"75%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
echo "<tr><td><b>file</b></td><td><b>size</b></td></tr>\n";
foreach ($file_array as $file_name) {
$is_file = "$download_path/$final_path/$file_name";
$final_dir_name = urlencode($final_path); /* urlencode(); to prevent any broken links - decode on do_download(); */
$final_file_name = urlencode($file_name);
$file_size = filesize("$download_path/$final_path/$file_name");
$final_file_size = file_size($file_size);
if (is_file($is_file)) {
print "<tr><td><a href=\"$PHP_SELF?go=download&path=$final_dir_name&file=$final_file_name\">$file_name</a></td><td>$final_file_size</td></tr>\n";
} elseif (is_dir($is_file)) {
print "<tr><td><a href=\"$PHP_SELF?go=list&path=$final_dir_name/$final_file_name\">$file_name/</a></td><td><dir></td></tr>\n"; /* we don't need a size for a directory */
}
}
echo "</table>\n";
}
}
/* allow the user to download the file... */
function do_download($path,$file) {
global $download_path;
$get_path = str_replace("//","/",str_replace("..","",stripslashes(urldecode($path)))); /* fopen adds \ to ' - so we strip 'em. */
$get_file = str_replace("//","/",str_replace("..","",stripslashes(urldecode($file))));
header("Content-Disposition: atachment; filename=$get_file");
header("Content-Type: application/octet-stream");
header("Content-Length: ".filesize("$download_path/$get_path/$get_file"));
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Expires: 0");
$fp = fopen("$download_path/$get_path/$get_file","r");
print fread($fp,filesize("$download_path/$get_path/$get_file"));
fclose($fp);
exit;
}
if (!isset($go)) {
$go = "dirlist";
} if ($go == "dirlist") {
generate_file_list(""); /* null, so we get a list for the root directory */
} elseif ($go == "list" && isset($path)) {
if (isset($path)) { /* if the path is null - it returns a list for the root directory */
generate_file_list($path); /* get a list for the path specified */
} else {
generate_file_list("");
}
} elseif ($go == "download") {
if (isset($path) && isset($file)) {
do_download($path,$file); /* download the file... */
} else {
echo "no file selected to download :)\n";
}
}
?>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
当您解决了 fiXedd 和 jmucchiello 建议的注册全局问题后,请确保在 generate_file_list 函数中删除对 $PHP_SELF 的引用。 首先,它不再像以前那样存在:它现在是 $_SERVER['PHP_SELF'] 但更重要的是,您的脚本使用它的方式使您面临跨站点脚本问题。
阅读更多相关内容:http://www.seancoates.com/xss-woes
When you've fixed the Register Globals issue suggested by fiXedd and jmucchiello, make sure you remove the reference to $PHP_SELF in the generate_file_list function. First, it doesn't exist like that anymore: it's now $_SERVER['PHP_SELF'] but more importantly, the way your script is using it is exposing you to a cross-site-scripting issue.
Read more on this on: http://www.seancoates.com/xss-woes
该代码假设 $go、$file 和 $path< /em> 变量正在被神奇地设置。 要解决此问题(并修复脚本),您可以将脚本的开头更改为如下所示:
由于称为 注册全局变量。 现在它已被关闭,因为这是一个相当大的安全问题,并且导致了草率的编码实践。
The code is assuming that the $go, $file, and $path variables are being magically set. To get around this (and fix the script) you could change the beginning of the script to look like this:
This use to work for you because of something known as Register Globals. This is now turned off since it was a pretty big security problem and it led to sloppy coding practices.