Update of /cvsroot/phpshell/phpshell
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19452
Modified Files:
AUTHORS ChangeLog INSTALL README phpshell.php
Log Message:
Imported PHP Shell version 1.7.
Index: phpshell.php
===================================================================
RCS file: /cvsroot/phpshell/phpshell/phpshell.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- phpshell.php 13 Jan 2006 17:11:37 -0000 1.2
+++ phpshell.php 13 Jan 2006 17:23:34 -0000 1.3
@@ -1,6 +1,6 @@
<?php
-define('PHPSHELL_VERSION', '1.6');
+define('PHPSHELL_VERSION', '1.7');
/*
@@ -9,9 +9,10 @@
**************************************************************
$Id$
- An interactive PHP-page that will execute any command entered.
- See the files README and INSTALL or http://www.gimpster.com for
- further information.
+ PHP Shell is aninteractive PHP-page that will execute any command
+ entered. See the files README and INSTALL or http://www.gimpster.com
+ for further information.
+
Copyright (C) 2000-2002 Martin Geisler <[EMAIL PROTECTED]>
This program is free software; you can redistribute it and/or
@@ -40,15 +41,29 @@
<h1>PHP Shell <?php echo PHPSHELL_VERSION ?></h1>
<?php
+
+if (ini_get('register_globals') != '1') {
+ /* We'll register the variables as globals: */
+ if (!empty($HTTP_POST_VARS))
+ extract($HTTP_POST_VARS);
+
+ if (!empty($HTTP_GET_VARS))
+ extract($HTTP_GET_VARS);
+
+ if (!empty($HTTP_SERVER_VARS))
+ extract($HTTP_SERVER_VARS);
+}
+
/* First we check if there has been asked for a working directory. */
if (!empty($work_dir)) {
/* A workdir has been asked for */
if (!empty($command)) {
if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
+ /* We try and match a cd command. */
if ($regs[1][0] == '/') {
- $new_dir = $regs[1];
+ $new_dir = $regs[1]; // 'cd /something/...'
} else {
- $new_dir = $work_dir . '/' . $regs[1];
+ $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
}
if (file_exists($new_dir) && is_dir($new_dir)) {
$work_dir = $new_dir;
@@ -58,31 +73,33 @@
}
}
-/* we chdir to that dir. */
if (file_exists($work_dir) && is_dir($work_dir)) {
+ /* We change directory to that dir: */
chdir($work_dir);
- $work_dir = exec("pwd");
-} else {
- /* No work_dir - we chdir to $DOCUMENT_ROOT */
- chdir($DOCUMENT_ROOT);
- $work_dir = $DOCUMENT_ROOT;
}
+
+/* We now update $work_dir to avoid things like '/foo/../bar': */
+$work_dir = exec('pwd');
+
?>
<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
<p>Current working directory: <b>
<?php
-$work_dir_splitted = explode("/", substr($work_dir, 1));
-echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "/&command=" .
urlencode($command) . "\">Root</a>/";
-if ($work_dir_splitted[0] == "") {
- $work_dir = "/"; /* Root directory. */
-} else {
+
+$work_dir_splitted = explode('/', substr($work_dir, 1));
+
+echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
+
+if (!empty($work_dir_splitted[0])) {
+ $path = '';
for ($i = 0; $i < count($work_dir_splitted); $i++) {
- /* echo "i = $i";*/
- $url .= "/".$work_dir_splitted[$i];
- echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "&command=" .
urlencode($command) . "\">$work_dir_splitted[$i]</a>/";
+ $path .= '/' . $work_dir_splitted[$i];
+ printf('<a href="%s?work_dir=%s">%s</a>/',
+ $PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
}
}
+
?></b></p>
<p>Choose new working directory:
<select name="work_dir" onChange="this.form.submit()">
@@ -92,15 +109,15 @@
/* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
- if ($dir == ".") {
+ if ($dir == '.') {
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
- } elseif ($dir == "..") {
+ } elseif ($dir == '..') {
/* We have found the parent dir. We must be carefull if the parent
directory is the root directory (/). */
if (strlen($work_dir) == 1) {
/* work_dir is only 1 charecter - it can only be / There's no
parent directory then. */
- } elseif (strrpos($work_dir, "/") == 0) {
+ } elseif (strrpos($work_dir, '/') == 0) {
/* The last / in work_dir were the first charecter.
This means that we have a top-level directory
eg. /bin or /home etc... */
@@ -111,7 +128,7 @@
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"),
1)) ."\">Parent Directory</option>\n";
}
} else {
- if ($work_dir == "/") {
+ if ($work_dir == '/') {
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
} else {
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
@@ -120,6 +137,7 @@
}
}
closedir($dir_handle);
+
?>
</select></p>
@@ -152,7 +170,7 @@
</script>
<hr>
-<i>Copyright © 2000-2002, <a
+<i>Copyright © 2000–2002, <a
href="mailto:[EMAIL PROTECTED]">Martin Geisler</a>. Get the latest
version at <a href="http://www.gimpster.com";>www.gimpster.com</a>.</i>
</body>
Index: README
===================================================================
RCS file: /cvsroot/phpshell/phpshell/README,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- README 13 Jan 2006 17:11:37 -0000 1.2
+++ README 13 Jan 2006 17:23:34 -0000 1.3
@@ -1,11 +1,11 @@
-README for PHP Shell 1.6
-Copyright (C) 2000 Martin Geisler <[EMAIL PROTECTED]>
+README for PHP Shell 1.7
+Copyright (C) 2000-2002 Martin Geisler <[EMAIL PROTECTED]>
Licensed under the GNU GPL. See the file COPYING for details.
What is PHP Shell?
------------------
PHP Shell is a shell wrapped in a PHP script. It's a tool you can use
-to execute arbiritary shell-commands or browse the filesystem on your
+to execute arbitrary shell-commands or browse the filesystem on your
remote webserver. This replaces, to a degree, a normal telnet-connection.
You can use it for transferring your site as a compressed file, and
then unpack it on the webserver, administration and maintenance of
@@ -28,6 +28,21 @@
though :-)
+Safe Mode
+---------
+If PHP is running in Safe Mode, then you cannot use PHP Shell - sorry.
+Safe Mode restricts the commands that can be executed using the
+system() call in PHP, and it also restricts the files and directories
+that can be accessed using other calls in PHP.
+
+The effect is, that PHP Shell simply doesn't work - you cannot change
+directory and you cannot execute any commands.
+
+Safe Mode is often used on servers that host several websites for
+different users to limit the users ability to peek at each others
+files.
+
+
Who am I?
---------
(Well, my name is Martin, but that's not the point :-)
@@ -73,7 +88,7 @@
The current working directory:
This is the directory where all command are being executed. You can
use the dropdown-box to choose a new working directory. To quickly
- jump towards the root of the filesystem, just click on
+ jump toward the root of the filesystem, just click on
one of the links to jump to that directory.
The Output
@@ -109,16 +124,16 @@
and the nature of the feature/bugfix.
README
- (This file:-)
+ This file :-)
INSTALL
Tells you how to install PHP Shell. It explains how you can
password-protect PHP Shell - this is very important, or else
everybody will be able so snoop into your files and perhaps also be
- able to delete them! I've already seem one site that were using PHP
- Shell without password-protection, I was able so quickly find their
- config.inc.php-file from phpMyAdmin, and read the password to the
- database! So please take the time to password-protect PHP Shell.
+ able to delete them! I've already seen one site that were using PHP
+ Shell without password-protection - I was able so quickly find their
+ config.inc.php file from phpMyAdmin, and read the password to the
+ database! So please take the time to protect PHP Shell.
sample.htaccess
To make it extra easy for you to password-protect PHP Shell, I've
@@ -127,4 +142,4 @@
you try to access the directory containing PHP Shell.
COPYING
- Standard GNU disclamer
\ No newline at end of file
+ Standard GNU disclaimer
Index: AUTHORS
===================================================================
RCS file: /cvsroot/phpshell/phpshell/AUTHORS,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- AUTHORS 13 Jan 2006 17:11:37 -0000 1.2
+++ AUTHORS 13 Jan 2006 17:23:34 -0000 1.3
@@ -8,3 +8,6 @@
Robert Niess <[EMAIL PROTECTED]>
Made me aware of a security hole in the handling of stderr-trapping.
+
+Gerry Calderhead <[EMAIL PROTECTED]>
+ Patch for PHP 4.2.0 where register_globals are turned off.
Index: INSTALL
===================================================================
RCS file: /cvsroot/phpshell/phpshell/INSTALL,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- INSTALL 13 Jan 2006 16:58:45 -0000 1.1
+++ INSTALL 13 Jan 2006 17:23:34 -0000 1.2
@@ -1,10 +1,13 @@
Installation instructions for PHP Shell
-Copyright (C) 2000 Martin Geisler <[EMAIL PROTECTED]>
+Copyright (C) 2000-2002 Martin Geisler <[EMAIL PROTECTED]>
Licensed under the GNU GPL. See the file COPYING for details.
+
Getting the tarball
-------------------
-You can always get the latest version from www.gimpster.com.
+You can always get the latest version from my homepage:
+
+ http://www.gimpster.com/php/phpshell/
Installation
@@ -12,7 +15,12 @@
Installation is easy: just untar the tarball into your webserver, and
then type in the URL of the page phpshell.php. It should look
something like this:
-http://your.server.com/phpshell/phpshell.php
+
+ http://your.server.com/phpshell/phpshell.php
+
+Please note, that PHP Shell doesn't work if PHP is running in Safe
+Mode. There is nothing I can do about this - Safe Mode was made to
+prevent scripts just like PHP Shell.
Password-protecting PHP Shell
@@ -26,7 +34,7 @@
If you don't have such a file, then creating one is easy. Type the
following as root:
-$ htpasswd -c /home/httpd/auth_users <username>
+ $ htpasswd -c /home/httpd/auth_users <username>
This will create the file /home/httpd/auth_users and promt for a
password for the username supplied. If your Apache is installed
@@ -41,11 +49,10 @@
usual disclaimer in the file LICENSE. (This software is licensed under
GPL, I'm not responsible if you blow things up, etc... :-)
+
Bugs?
-----
If you find a bug or miss something in PHP Shell, please don't
-hesitate to mail me at <[EMAIL PROTECTED]>! It has only been
-tested for a very short time, so there might be some quirks in odd
-situations.
+hesitate to mail me at <[EMAIL PROTECTED]>!
-Enjoy! - Martin Geisler <[EMAIL PROTECTED]>
\ No newline at end of file
+Enjoy! - Martin Geisler <[EMAIL PROTECTED]>
Index: ChangeLog
===================================================================
RCS file: /cvsroot/phpshell/phpshell/ChangeLog,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- ChangeLog 13 Jan 2006 17:11:37 -0000 1.2
+++ ChangeLog 13 Jan 2006 17:23:34 -0000 1.3
@@ -1,5 +1,25 @@
+2002-09-18 Martin Geisler <[EMAIL PROTECTED]>
+
+ * phpshell.php 1.18:
+ Use the directory of phpshell.php as the default working directory.
+
+ * AUTHORS 1.3: Added Gerry Calderhead <[EMAIL PROTECTED]>.
+
+ * phpshell.php 1.17:
+ PHP Shell now works on PHP 4.2.0 with register_globals turned off.
+
+2002-06-10 Martin Geisler <[EMAIL PROTECTED]>
+
+ * INSTALL 1.3: Added a section about Safe Mode in PHP.
+
+ * README 1.9:
+ Added a section about Safe Mode in PHP. Also fixed a lot of spelling
+ errors.
+
2002-03-23 Martin Geisler <[EMAIL PROTECTED]>
+ * README 1.8: Added a version number to the file.
+
* AUTHORS 1.2: Added a notice about Robert Niess <[EMAIL PROTECTED]>.
* phpshell.php 1.16:
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
phpshell-commits mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/phpshell-commits
