Instead of using is_writable(); I tried fileperms(); which seems to work ok.
I'm only checking the Public Write bit of the file permissions.
If you create a file somewhere and chmod it 666, it'll test it and display as
writeable.
Should be safe, as it won't be executable.
<?php
clearstatcache();
function checkFiles($dirname) {
$d = dir($dirname);
while ($filename = $d->read()) {
if ($filename != '.' && $filename != '..' && $filename != 'cgi-bin') {
if (is_dir($dirname.'/'.$filename)) {
checkFiles($dirname.'/'.$filename);
}
else {
$perms = fileperms($dirname.'/'.$filename);
$info = (($perms & 0x0002) ?
' - <b style="color:red">WRITABLE</b>' :
' - <b style="color:blue">SAFE</b>');
echo $dirname.'/'.$filename.$info."<br>\n";
}
}
}
$d->close();
}
checkFiles('.');
?>
If anyone want's to try it:
http://circlecity.co.uk/testarea/testfiles.txt
as Yahoo will probably screw the above code up.
You could add the following if you don't want to check every file:
substr($filename, -3) != 'jpg' &&
substr($filename, -3) != 'gif' &&
substr($filename, -3) != 'png' &&
substr($filename, -3) != 'css' &&
etc.
Hopefully, it will show up any files these clowns may try to attack.
Don't forget to delete it from your server when you've tried it.
Let me know if you can make any improvements.
Bob.
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
