Update of /cvsroot/phpshell/phpshell
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21491

Modified Files:
        AUTHORS ChangeLog INSTALL README phpshell.php 
Added Files:
        phpshell.css valid-xhtml10.png vcss.png 
Removed Files:
        sample.htaccess 
Log Message:
Imported PHP Shell version 1.8.

Index: ChangeLog
===================================================================
RCS file: /cvsroot/phpshell/phpshell/ChangeLog,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- ChangeLog   13 Jan 2006 17:23:34 -0000      1.3
+++ ChangeLog   13 Jan 2006 17:29:47 -0000      1.4
@@ -1,3 +1,41 @@
+2003-04-01  Martin Geisler  <[EMAIL PROTECTED]>
+
+       * INSTALL 1.4:
+       New instructions on how to change the username and password.
+
+       * README 1.10:
+       Updated to be in sync with new instructions on how the password
+       protection works.
+
+       * phpshell.css 1.1: New file.
+
+       * phpshell.php 1.23:
+       Updated to use XHTML 1.0 Strict and the $_* variables in PHP
+       4.1.0. This effectively breaks compatibility with earlier versions of
+       PHP. If you cannot upgrade your PHP installation (you really should
+       consider upgrading to get hold of the latest security and bug fixes)
+       when just use PhpShell version 1.7 --- there's no new functionality in
+       this release.
+
+       * COPYING 1.1: New file.
+
+       * phpshell.php 1.22: Changed PHP Shell into PhpShell.
+
+       * phpshell.php 1.21: Added HTTP basic authentication to the script.
+
+       * .htaccess 1.2:
+       The .htaccess file will now prevent people from using phpshell.php on
+       new installations before they have either deleted it or changed the
+       path to the .htpasswd file.
+
+       * AUTHORS 1.5: Moved Jeremy Miller <[EMAIL PROTECTED]>.
+
+       * phpshell.php 1.20: Updated version.
+
+       * AUTHORS 1.4, phpshell.php 1.19:
+       Applied patch from Michael Zech <[EMAIL PROTECTED]> that made the
+       stderr-checkbox remember it's state.
+
 2002-09-18  Martin Geisler  <[EMAIL PROTECTED]>
 
        * phpshell.php 1.18:
@@ -84,7 +122,7 @@
 
        * INSTALL 1.2: Made BUGS lowercase.
 
-       * sample.htaccess 1.1, INSTALL 1.1, README 1.1: New file.
+       * .htaccess 1.1, INSTALL 1.1, README 1.1: New file.
 
        * phpshell.php 1.7:
        Removed 'Martin Geisler' from the title, putting my name on the bottom

--- sample.htaccess DELETED ---

--- NEW FILE: vcss.png ---
(This appears to be a binary file; contents omitted.)

Index: README
===================================================================
RCS file: /cvsroot/phpshell/phpshell/README,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- README      13 Jan 2006 17:23:34 -0000      1.3
+++ README      13 Jan 2006 17:29:47 -0000      1.4
@@ -1,42 +1,43 @@
-README for PHP Shell 1.7
-Copyright (C) 2000-2002 Martin Geisler <[EMAIL PROTECTED]>
-Licensed under the GNU GPL. See the file COPYING for details.
+README for PhpShell 1.8
+Copyright (C) 2000-2003 Martin Geisler <[EMAIL PROTECTED]>
+Licensed under the GNU GPL.  See the file COPYING for details.
 
-What is PHP Shell?
+What is PhpShell?
 ------------------
-PHP Shell is a shell wrapped in a PHP script. It's a tool you can use
+PhpShell is a shell wrapped in a PHP script.  It's a tool you can use
 to execute arbitrary shell-commands or browse the filesystem on your
-remote webserver. This replaces, to a degree, a normal telnet-connection.
-You can use it for transferring your site as a compressed file, and
-then unpack it on the webserver, administration and maintenance of
-your website using commands like ps, free, du, df etc...
+remote webserver.  This replaces, to a degree, a normal
+telnet-connection.  You can use it for transferring your site as a
+compressed file, and then unpack it on the webserver, administration
+and maintenance of your website using commands like ps, free, du, df
+etc...
  
 
 Limitations
 -----------
-There are some limitations on what kind of programs you can run. It
-won't do no good if you start something like Netscape or even vi. All
+There are some limitations on what kind of programs you can run.  It
+won't do no good if you start something like Netscape or even vi.  All
 programs have to be strictly command-line programs, and they will have
-no chance of getting user input after they have been lunched. They
-properly also have to terminate within 30 seconds, as this is the
+no chance of getting user input after they have been lunched.  They
+probably also have to terminate within 30 seconds, as this is the
 default time-limit imposed unto all PHP-scripts, to prevent them from
-running in an infinite loop. Your ISP may have set this time-limit to
+running in an infinite loop.  Your ISP may have set this time-limit to
 something else.
 
 But you can rely on all the normal shell-functionality, like pipes,
-output and input redirection, etc ... (There is no <tab>-completion,
+output and input redirection, etc...  (There is no <tab>-completion,
 though :-)
 
 
 Safe Mode
 ---------
-If PHP is running in Safe Mode, then you cannot use PHP Shell - sorry.
-Safe Mode restricts the commands that can be executed using the
-system() call in PHP, and it also restricts the files and directories
-that can be accessed using other calls in PHP.
+If PHP is running in Safe Mode, then you cannot use PhpShell ---
+sorry.  Safe Mode restricts the commands that can be executed using
+the shell_exec() call in PHP, and it also restricts the files and
+directories that can be accessed using other calls in PHP.
 
-The effect is, that PHP Shell simply doesn't work - you cannot change
-directory and you cannot execute any commands.
+The effect is, that PhpShell simply doesn't work --- you cannot
+change directory and you cannot execute any commands.
 
 Safe Mode is often used on servers that host several websites for
 different users to limit the users ability to peek at each others
@@ -47,30 +48,29 @@
 ---------
 (Well, my name is Martin, but that's not the point :-)
 
-You may not be the same user when using PHP Shell, as you are when you
-upload your files with ftp. On some systems you will be 'nobody', on
-other systems you will become 'httpd' or 'www-data'. This is a rather
-dangerous "feature" of PHP Shell! So use it at your own risk - I wont
-be responsible if your account is closed or something like that
+You may not be the same user when using PhpShell, as you are when you
+upload your files with ftp.  On some systems you will be 'nobody', on
+other systems you will become 'httpd' or 'www-data'.  This is a rather
+dangerous "feature" of PhpShell! So use it at your own risk --- I
+wont be responsible if your account is closed or something like that
 happens.
 
-If you want to execute code as different user, then it's possible
-to do so by using the Sudo program available from this address:
+If you want to execute code as different user, then it's possible to
+do so by using the Sudo program available from this address:
 
   http://www.courtesan.com/sudo/
 
 The trick is to configure Sudo to allow the user running the webserver
-to execute certain commands as a more privileged user. Please refer to
-the documentation for Sudo for further information about doing this.
-Thanks goes to Jeremy Miller <[EMAIL PROTECTED]> for this
-information.</p>
+to execute certain commands as a more privileged user.  Please refer
+to the documentation for Sudo for further information about doing
+this.
 
 
 How to use it
 -------------
-When you point your browser at PHP Shell and types in your password
-(see the file INSTALL for more information on how to password-protect
-PHP Shell), you'll be presented with a rather simple page. It has the
+When you point your browser at PhpShell and types in your password
+(see the file INSTALL for more information on how to change the
+password), you'll be presented with a rather simple page.  It has the
 following elements:
 
 The Command Input box:
@@ -78,68 +78,66 @@
   the command will be executed in the current working directory.
 
   If your command is 'cd something', then it won't be executed like an
-  ordinary command - the current working directory will be updated
-  instead. This works with both relative and absolute paths.
+  ordinary command --- the current working directory will be updated
+  instead.  This works with both relative and absolute paths.
 
   And if your command is 'ls', then it will be changed to 'ls -F'.
   This makes ls append indicators to the filenames: directories end with 
   a slash, executable files will end with an asterisk and so on.
 
 The current working directory:
-  This is the directory where all command are being executed. You can
-  use the dropdown-box to choose a new working directory. To quickly
-  jump toward the root of the filesystem, just click on
-  one of the links to jump to that directory.
+  This is the directory where all command are being executed.  You can
+  use the dropdown-box to choose a new working directory.  To quickly
+  jump toward the root of the filesystem, just click on one of the
+  links to jump to that directory.
 
 The Output
-  Here goes the output from your commands. You will be able to scroll
-  thought the box if the output is to large to fit inside.
-  It is only output to stdout that goes into the Output box. This can
-  be rather confusing, because then sometimes you just don't get any
-  output.
-  I've made a workaround, that fixes the problem. If you select
-  "Enable stderr-trapping" your command <command> will be executed
-  this way:
+  Here goes the output from your commands.  You will be able to scroll
+  thought the box if the output is to large to fit inside.  It is only
+  output to stdout that goes into the Output box.  This can be rather
+  confusing, because then sometimes you just don't get any output.
+  I've made a workaround, that fixes the problem most of the time.  If
+  you select "Enable stderr-trapping" your command <cmd> will be
+  executed this way:
   
-  <command> 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt
+  <cmd> 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt
 
-  It is done by simply appending the arguments to your command. It
+  It is done by simply appending the arguments to your command.  It
   redirects all output from your command to a file, both stdout and
-  stderr. It then shows the file, and cleans things up when
-  finished. It's quick and dirty, and will only work if you haven't
-  already redirected the output.
+  stderr.  It then shows the file, and cleans things up when finished.
+  It's quick and dirty, and will only work if you haven't already
+  redirected the output.
 
 
 Download
 --------
-You can download PHP Shell from http://www.gimpster.com. The tarball
-contains these files:
+You can download PhpShell from http://www.gimpster.com/wiki/PhpShell.
+The tarball/zipfile contains these files:
 
 phpshell.php
-  This is the script you run when you use PHP Shell.
+  This is the script you run when you use PhpShell.
 
 ChangeLog
-  This file describe the changes I've made to PHP Shell. By reading it
-  you'll always know when I've added a new feature or made a bugfix,
-  and the nature of the feature/bugfix.
+  This file describe the changes I've made to PhpShell.  By reading
+  it you'll always know when I've added a new feature or made a
+  bugfix, and the nature of the feature/bugfix.
 
 README
   This file :-)
 
 INSTALL
-  Tells you how to install PHP Shell. It explains how you can
-  password-protect PHP Shell - this is very important, or else
-  everybody will be able so snoop into your files and perhaps also be
-  able to delete them! I've already seen one site that were using PHP
-  Shell without password-protection - I was able so quickly find their
-  config.inc.php file from phpMyAdmin, and read the password to the
-  database! So please take the time to protect PHP Shell.
 
-sample.htaccess
-  To make it extra easy for you to password-protect PHP Shell, I've
-  include this template for a .htaccess-file. If you set this up
-  correctly Apache will prompt you for a username and password when
-  you try to access the directory containing PHP Shell.
+  Tells you how to install PhpShell.  Amoung other things, it
+  explains how to change the password protection so that you can use
+  PhpShell.
+
+  Remember that it's very important to have PhpShell password
+  protected, or else everybody will be able so snoop into your files
+  and perhaps also be able to delete them!  I've already seen one site
+  that were using PhpShell without password-protection --- I was able
+  so quickly find their config.inc.php file from phpMyAdmin, and read
+  the password to the database!  So please take the time to protect
+  PhpShell.
 
 COPYING
   Standard GNU disclaimer

--- NEW FILE: phpshell.css ---
/* Stylesheet for PhpShell. */

body {
  font-family: sans-serif;
  color: black;
  background: white;
}

h1 {
  color: red;
  background: white;
}

img {
  border: 0;
}

legend {
  font-weight: bold;
}

Index: INSTALL
===================================================================
RCS file: /cvsroot/phpshell/phpshell/INSTALL,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- INSTALL     13 Jan 2006 17:23:34 -0000      1.2
+++ INSTALL     13 Jan 2006 17:29:47 -0000      1.3
@@ -1,58 +1,53 @@
-Installation instructions for PHP Shell
-Copyright (C) 2000-2002 Martin Geisler <[EMAIL PROTECTED]>
-Licensed under the GNU GPL. See the file COPYING for details.
+Installation instructions for PhpShell 1.8
+Copyright (C) 2000-2003 Martin Geisler <[EMAIL PROTECTED]>
+Licensed under the GNU GPL.  See the file COPYING for details.
 
 
 Getting the tarball
 -------------------
 You can always get the latest version from my homepage:
 
-  http://www.gimpster.com/php/phpshell/
+  http://www.gimpster.com/wiki/PhpShell
 
 
 Installation
 ------------
-Installation is easy: just untar the tarball into your webserver, and
-then type in the URL of the page phpshell.php. It should look
-something like this:
-
-  http://your.server.com/phpshell/phpshell.php
+Installation is easy: first unpack the tarball or zipfile into your
+webserver.  This will create a subdirectory called phpweather-1.8.
 
-Please note, that PHP Shell doesn't work if PHP is running in Safe
-Mode. There is nothing I can do about this - Safe Mode was made to
-prevent scripts just like PHP Shell.
+If you're using PhpShell on an Apache webserver running PHP as a
+module, then PhpShell wont work until you've edited phpshell.php.  You
+can see this when you try and load the file phpshell.php from the
+directory just created --- you should get a prompt from your browser
+asking you to authenticate you.  In the default setup, no username or
+password will authenticate you, this what you'll have to change next.
 
+In the phpshell.php file you'll find comments near the top that
+explains how to enable access for a username with a password. In
+short, you'll simply add the pair as an entry in the $passwd array
+like this:
 
-Password-protecting PHP Shell
------------------------------
-This will work, but i STRONGLY urge you to take a look at the file
-sample.htaccess. You will be using it to password-protect PHP Shell.
-To do so, first rename it to .htaccess, and then if you already have a
-file with usernames and passwords for Apache, just change the bit
-saying <path to auth-file> to the path of you file.
+  $passwd = array('username' => 'password');
 
-If you don't have such a file, then creating one is easy. Type the
-following as root:
+It is important that you password-protect PhpShell with a good
+password.  If someone is able to guess your password, then they'll
+have access to your webserver over the Internet, and they might be
+able to erase your files, and perhaps even shutdown the webserver!  So
+be careful with this and remember that you can always find the usual
+disclaimer in the file LICENSE.  (This software is licensed under GPL,
+I'm not responsible if you blow things up, etc... :-)
 
-  $ htpasswd -c /home/httpd/auth_users <username>
 
-This will create the file /home/httpd/auth_users and promt for a
-password for the username supplied. If your Apache is installed
-somewhere else, then just adjust the path in both the command above
-and in the .htaccess-file.
-If you need to add extra usernames and passwords, then leave out the
--c in the command above.
-It is important that you password-protect PHP Shell, or else everybody
-will have access to your webserver over the Internet. They will be
-able to erase your files, and perhaps even shutdown the webserver!
-So be careful with this and remember that you can always find the
-usual disclaimer in the file LICENSE. (This software is licensed under
-GPL, I'm not responsible if you blow things up, etc... :-)
+Safe Mode
+---------
+PhpShell doesn't work if PHP is running in Safe Mode.  There is
+nothing I can do about this --- Safe Mode was made to prevent scripts
+just like PhpShell.
 
 
 Bugs?
 -----
-If you find a bug or miss something in PHP Shell, please don't
-hesitate to mail me at <[EMAIL PROTECTED]>!
+If you find a bug or miss something in PhpShell, please don't hesitate
+to mail me at <[EMAIL PROTECTED]>!
 
 Enjoy! - Martin Geisler <[EMAIL PROTECTED]>

Index: AUTHORS
===================================================================
RCS file: /cvsroot/phpshell/phpshell/AUTHORS,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- AUTHORS     13 Jan 2006 17:23:34 -0000      1.3
+++ AUTHORS     13 Jan 2006 17:29:47 -0000      1.4
@@ -11,3 +11,14 @@
 
 Gerry Calderhead <[EMAIL PROTECTED]>
   Patch for PHP 4.2.0 where register_globals are turned off.
+
+Jeremy Miller <[EMAIL PROTECTED]>
+  Suggested that one could use Sudo from
+
+    http://www.courtesan.com/sudo/
+
+  to let PhpShell execute code with different privileges than the
+  webserver.
+
+Michael Zech <[EMAIL PROTECTED]>
+  Patch to make the stderr-checkbox remember it's state.

Index: phpshell.php
===================================================================
RCS file: /cvsroot/phpshell/phpshell/phpshell.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- phpshell.php        13 Jan 2006 17:23:34 -0000      1.3
+++ phpshell.php        13 Jan 2006 17:29:47 -0000      1.4
@@ -1,19 +1,17 @@
-<?php
-
-define('PHPSHELL_VERSION', '1.7');
+<?php // -*- coding: utf-8 -*-
 
 /*
 
   **************************************************************
-  *                        PHP Shell                           *
+  *                      PhpShell 1.8                        *
   **************************************************************
   $Id$
 
-  PHP Shell is aninteractive PHP-page that will execute any command
-  entered. See the files README and INSTALL or http://www.gimpster.com
-  for further information.
+  PhpShell is aninteractive PHP-page that will execute any command
+  entered. See the files README and INSTALL or
+  http://www.gimpster.com/wiki/PhpShell for further information.
 
-  Copyright (C) 2000-2002 Martin Geisler <[EMAIL PROTECTED]>
+  Copyright (C) 2000-2003 Martin Geisler <[EMAIL PROTECTED]>
 
   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public License
@@ -31,33 +29,75 @@
   Place - Suite 330, Boston, MA  02111-1307, USA.
   
 */
-?>
 
-<html>
+define('PHPSHELL_VERSION', '1.8');
+
+/* Set your usernames and passwords like this:
+
+   $passwd = array('username' => 'password');
+
+   You can add several pairs of usernames and passwords to the array
+   to give several different people access to PhpShell.
+
+   $passwd = array('username_1' => 'password_1',
+                   'username_2' => 'password_2',
+                   // ...
+                   'username_n' => 'password_n');
+
+*/
+$passwd = array();
+
+if (!isset($_SERVER['PHP_AUTH_USER']) ||
+    !isset($_SERVER['PHP_AUTH_PW']) ||
+    !isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
+    $passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
+  header('WWW-Authenticate: Basic realm="PhpShell 1.8"');
+  header('HTTP/1.0 401 Unauthorized');
+  $authenticated = false;
+} else {
+  $authenticated = true;
+}
+
+header('Content-Type: text/html; charset=UTF-8');
+/* Since most installations still operate with short_open_tag enabled,
+ * we have to echo this string from within PHP: */
+echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
 <head>
-<title>PHP Shell <?php echo PHPSHELL_VERSION ?></title>
+  <title>PhpShell <?php echo PHPSHELL_VERSION ?></title>
+  <link rel="stylesheet" href="phpshell.css" type="text/css" />
 </head>
 <body>
-<h1>PHP Shell <?php echo PHPSHELL_VERSION ?></h1>
+
+<h1>PhpShell <?php echo PHPSHELL_VERSION ?></h1>
+
+<?php if (!$authenticated) { ?>
+<p>You failed to authenticate yourself to PhpShell. You can <a
+href="phpshell.php">reload</a> to try again.</p>
+
+<p>Try reading the <a href="INSTALL">INSTALL</a> file if you're having
+problems with installing PhpShell.</p>
+
+</body>
+</html>
+
+<?php exit; } //' <- fix syntax highlight... ?>
 
 <?php
 
-if (ini_get('register_globals') != '1') {
-  /* We'll register the variables as globals: */
-  if (!empty($HTTP_POST_VARS))
-    extract($HTTP_POST_VARS);
-  
-  if (!empty($HTTP_GET_VARS))
-    extract($HTTP_GET_VARS);
+error_reporting (E_ALL);
 
-  if (!empty($HTTP_SERVER_VARS))
-    extract($HTTP_SERVER_VARS);
-}
+$work_dir = empty($_REQUEST['work_dir']) ? '' : $_REQUEST['work_dir'];
+$command  = empty($_REQUEST['command'])  ? '' : $_REQUEST['command'];
+$stderr   = empty($_REQUEST['stderr'])   ? '' : $_REQUEST['stderr'];
 
 /* First we check if there has been asked for a working directory. */
-if (!empty($work_dir)) {
+if ($work_dir != '') {
   /* A workdir has been asked for */
-  if (!empty($command)) {
+  if ($command != '') {
     if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
       /* We try and match a cd command. */
       if ($regs[1][0] == '/') {
@@ -68,12 +108,12 @@
       if (file_exists($new_dir) && is_dir($new_dir)) {
         $work_dir = $new_dir;
       }
-      unset($command);
+      $command = '';
     }
   }
 }
 
-if (file_exists($work_dir) && is_dir($work_dir)) {
+if ($work_dir != '' && file_exists($work_dir) && is_dir($work_dir)) {
   /* We change directory to that dir: */
   chdir($work_dir);
 }
@@ -83,26 +123,29 @@
 
 ?>
 
-<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
+<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
+<fieldset><legend>Input</legend>
 <p>Current working directory: <b>
 <?php
 
 $work_dir_splitted = explode('/', substr($work_dir, 1));
 
-echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
+echo '<a href="' . $_SERVER['PHP_SELF'] . '?work_dir=/">Root</a>/';
 
 if (!empty($work_dir_splitted[0])) {
   $path = '';
   for ($i = 0; $i < count($work_dir_splitted); $i++) {
     $path .= '/' . $work_dir_splitted[$i];
     printf('<a href="%s?work_dir=%s">%s</a>/',
-           $PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
+           $_SERVER['PHP_SELF'],
+           urlencode($path),
+           $work_dir_splitted[$i]);
   }
 }
 
 ?></b></p>
 <p>Choose new working directory:
-<select name="work_dir" onChange="this.form.submit()">
+<select name="work_dir" onchange="this.form.submit()">
 <?php
 /* Now we make a list of the directories. */
 $dir_handle = opendir($work_dir);
@@ -110,21 +153,21 @@
 while ($dir = readdir($dir_handle)) {
   if (is_dir($dir)) {
     if ($dir == '.') {
-      echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
+      echo "<option value=\"$work_dir\" selected=\"selected\">Current 
Directory</option>\n";
     } elseif ($dir == '..') {
-      /* We have found the parent dir. We must be carefull if the parent 
-        directory is the root directory (/). */
+      /* We have found the parent dir. We must be carefull if the
+       * parent directory is the root directory (/). */
       if (strlen($work_dir) == 1) {
        /* work_dir is only 1 charecter - it can only be / There's no
-          parent directory then. */
+         * parent directory then. */
       } elseif (strrpos($work_dir, '/') == 0) {
-       /* The last / in work_dir were the first charecter.
-          This means that we have a top-level directory
-          eg. /bin or /home etc... */
+       /* The last / in work_dir were the first charecter.  This
+         * means that we have a top-level directory eg. /bin or /home
+         * etc... */
       echo "<option value=\"/\">Parent Directory</option>\n";
       } else {
       /* We do a little bit of string-manipulation to find the parent
-        directory... Trust me - it works :-) */
+       * directory... Trust me - it works :-) */
       echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 
1)) ."\">Parent Directory</option>\n";
       }
     } else {
@@ -142,36 +185,55 @@
 
 </select></p>
 
-<p>Command: <input type="text" name="command" size="60">
-<input name="submit_btn" type="submit" value="Execute Command"></p>
+<p>Command: <input type="text" name="command" size="60" /></p>
 
-<p>Enable <code>stderr</code>-trapping? <input type="checkbox" 
name="stderr"></p>
-<textarea cols="80" rows="20" readonly>
 
+<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"
+<?php if ($stderr) echo "checked=\"checked\""; ?> /> <input name="submit_btn" 
type="submit" value="Execute Command" /></p>
+</fieldset>
+
+<fieldset><legend>Output</legend>
+
+<p><textarea cols="80" rows="20" readonly="readonly">
 <?php
 if (!empty($command)) {
   if ($stderr) {
     $tmpfile = tempnam('/tmp', 'phpshell');
-    $command .= " 1> $tmpfile 2>&1; " .
-    "cat $tmpfile; rm $tmpfile";
-  } else if ($command == 'ls') {
+    $command .= " 1> $tmpfile 2>&1; cat $tmpfile; rm $tmpfile";
+  } elseif ($command == 'ls') {
     /* ls looks much better with ' -F', IMHO. */
     $command .= ' -F';
   }
-  system($command);
+  echo htmlspecialchars(shell_exec($command), ENT_COMPAT, 'UTF-8');
 }
 ?>
+</textarea></p>
 
-</textarea>
+</fieldset>
 </form>
 
-<script language="JavaScript" type="text/javascript">
+<script type="text/javascript">
 document.forms[0].command.focus();
 </script>
 
-<hr>
-<i>Copyright &copy; 2000&ndash;2002, <a
+<hr />
+
+<address>Copyright &copy; 2000&ndash;2003, <a
 href="mailto:[EMAIL PROTECTED]">Martin Geisler</a>. Get the latest
-version at <a href="http://www.gimpster.com";>www.gimpster.com</a>.</i>
+version at <a
+href="http://www.gimpster.com/";>www.gimpster.com/wiki/PhpShell</a>.</address>
+
+<p>
+  <a href="http://validator.w3.org/check/referer";>
+    <img src="valid-xhtml10" alt="Valid XHTML 1.0 Strict!"
+         height="31" width="88" />
+  </a>
+  <a href="http://jigsaw.w3.org/css-validator/check/referer";>
+    <img src="http://jigsaw.w3.org/css-validator/images/vcss";
+         width="88" height="31"
+         alt="Valid CSS!" />
+  </a>
+</p>
+
 </body>
 </html>

--- NEW FILE: valid-xhtml10.png ---
(This appears to be a binary file; contents omitted.)



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
phpshell-commits mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/phpshell-commits

Reply via email to