Show sourcecode
The following files exists in this folder. Click to view.
comments.php
dbconnection.php
exercises/
exercises.php
img/
incl/
index-no-include.php
index.php
source.php
style/
viewsource.php
source.php
391 lines ASCII Windows (CRLF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
<?php
// ===========================================================================================
//
// Origin: http://github.com/mosbth/Utility
//
// Filename: source.php
//
// Description: Shows a directory listning and view content of files.
//
// Author: Mikael Roos, mos@bth.se
//
// Change history:
//
// 2012-08-06:
// Quick fix to display images in base directory. Worked only in subdirectories.
//
// 2012-05-30:
// Added meta tags to remove this page from search engines and avoid ending up in search results.
//
// 2011-12-15:
// Changed stylesheet to be compatible with blueprintcss style. Made all dirs clickable when
// traversing down a dir-chain.
//
// 2011-05-31:
// The update 2011-04-13 which supported follow symlinks has security issues. The follow of
// symlinks, where destination path (realpath) is not below $BASEPATH, is disabled.
//
// 2011-04-13:
// Improved support for including source.php in another context where header and footer is already
// set. Added $sourceSubDir, $sourceBaseUrl. Source.php can now display a subdirectory and will
// work where the directory structure contains symbolic links. Changed all variable names to
// isolate them. It's soon time to rewrite the whole code to version 2 of source.php...
//
// 2011-04-01:
// Added detection of line-endings, Unix-style (LF) or Windows-style (CRLF).
//
// 2011-03-31:
// Feature to try and detect chacter encoding of file by using mb_detect_encoding (if available)
// and by looking for UTF-8 BOM sequence in the start of the file. $encoding is set to contain the
// found encoding.
//
// 2011-02-21:
// Can now have same link to subdirs, independently on host os. Links that contain / or \ is
// converted to DIRECTORY_SEPARATOR.
//
// 2011-02-04:
// Can now link to #file to start from filename.
//
// 2011-01-26:
// Added $sourceBasedir which makes it possible to set which basedir to use. This makes it
// possible to store source.php in another place. It does not need to be in the same directory
// it displays. Use it like this (before including source.php):
// $sourceBasedir=dirname(__FILE__);
//
// 2011-01-20:
// Can be included and integrated in an existing website where you already have a header
// and footer. Do like this in another file:
// $sourceNoEcho=true;
// include("source.php");
// echo "<html><head><style type='text/css'>$sourceStyle</style></header>";
// echo "<body>$sourceBody</body></html>";
//
// 2010-09-14:
// Thanks to Rocky. Corrected NOTICE when files had no extension.
//
// 2010-09-09:
// Changed error_reporting to from E_ALL to -1.
// Display images of certain types, configurable option $IMAGES.
// Enabled display option of SVG-graphics.
//
// 2010-09-07:
// Added replacement of \t with spaces as configurable option ($SPACES).
// Removed .htaccess-files. Do not show them.
//
// 2010-04-27:
// Hide password even in config.php~.
// Added rownumbers and enabled linking to specific row-number.
//
// -------------------------------------------------------------------------------------------
//
// Settings for this pagecontroller. Review and change these settings to match your own
// environment.
//
error_reporting(-1);
// The link to this page. You may want to change it from relative link to absolute link.
if(isset($sourceBaseUrl)) {
$HREF = $sourceBaseUrl;
} else {
$HREF = '?';
}
// Should the result be printed or stored in variables?
// Default is to print out the result, with header and everything.
// If $sourceNoEcho is set, no printing of the result will be done. It will only be stored
// in the variables $sourceBody and $sourceStyle
//
if(!isset($sourceNoEcho)) {
$sourceNoEcho = null;
}
if(!isset($sourceSubDir)) {
$sourceSubDir = null;
}
if(!isset($sourceNoIntro)) {
$sourceNoIntro=null; // Set to true to avoid printing title and ingress
}
$sourceBody=""; // resulting html, can be echoed out to print the result
$sourceStyle=""; // css-style needed to print out the page
// Show the content of files named config.php, except the rows containing DB_USER, DB_PASSWORD
$HIDE_DB_USER_PASSWORD = TRUE; // TRUE or FALSE
// Separator between directories and files, change between Unix/Windows
$SEPARATOR = DIRECTORY_SEPARATOR; // Using built-in PHP-constant for separator.
//$SEPARATOR = '/'; // Unix, Linux, MacOS, Solaris
//$SEPARATOR = '\\'; // Windows
// Which directory to use as basedir for file listning, end with separator.
// Default is current directory
$BASEDIR = "." . $SEPARATOR;
if(isset($sourceBasedir)) {
$BASEDIR = $sourceBasedir . $SEPARATOR;
}
// Display pictures instead of their source, if they have a certain extension (filetype).
$IMAGES = Array('png', 'gif', 'jpg', 'ico');
// Show syntax of the code, currently only supporting PHP or DEFAULT.
// PHP uses PHP built-in function highlight_string.
// DEFAULT performs <pre> and htmlspecialchars.
// HTML to be done.
// CSS to be done.
$SYNTAX = 'PHP'; // DEFAULT or PHP
$SPACES = ' '; // Number of spaces to replace each \t
// -------------------------------------------------------------------------------------------
//
// Page specific code
//
if($sourceNoIntro) {
$source_html = "";
} else {
$source_html = <<<EOD
<header>
<h1>Show sourcecode</h1>
<p>
The following files exists in this folder. Click to view.
</p>
</header>
EOD;
}
// -------------------------------------------------------------------------------------------
//
// Verify the input variable _GET, no tampering with it
//
$source_currentdir = isset($_GET['dir']) ? preg_replace('/[\/\\\]/', $SEPARATOR, strip_tags(trim($_GET['dir']))) : '';
$source_fullpath1 = realpath($BASEDIR);
$source_fullpath2 = realpath($BASEDIR . $source_currentdir);
$source_len = strlen($source_fullpath1);
if(!(is_dir($source_fullpath1) && is_dir($source_fullpath2))) {
die('Not a directory.');
}
if( strncmp($source_fullpath1, $source_fullpath2, $source_len) !== 0 ||
strcmp($source_currentdir, substr($source_fullpath2, $source_len+1)) !== 0 ) {
die('Tampering with directory?');
//if(preg_match("/\.\./", $source_currentdir)) {}
}
$source_fullpath = $source_fullpath2;
$source_currpath = substr($source_fullpath2, $source_len+1);
// -------------------------------------------------------------------------------------------
//
// Show the name of the current directory
//
$source_dir = basename($source_fullpath1);
$source_dirname = basename($source_fullpath);
$source_dir_parts = !empty($source_currpath) ? explode($SEPARATOR, trim($source_currpath, $SEPARATOR)) : array();
$source_dir_path = "<a href='{$HREF}dir='>" . trim($source_dir, $SEPARATOR) . "</a>{$SEPARATOR}";
foreach($source_dir_parts as $val) {
@$dir .= "{$val}{$SEPARATOR}";
$source_dir_path .= "<a href='{$HREF}dir=" . rtrim($dir, $SEPARATOR) . "'>{$val}</a>{$SEPARATOR}";
}
$source_html .= "<p><code>$source_dir_path</code></p>";
// -------------------------------------------------------------------------------------------
//
// Open and read a directory, show its content
//
$source_dir = $source_fullpath;
$source_curdir1 = empty($source_currpath) ? "" : "{$source_currpath}{$SEPARATOR}";
$source_curdir2 = empty($source_currpath) ? "" : "{$source_currpath}";
$source_list = Array();
if(is_dir($source_dir)) {
if ($source_dh = opendir($source_dir)) {
while (($source_file = readdir($source_dh)) !== false) {
if($source_file != '.' && $source_file != '..' && $source_file != '.svn' && $source_file != '.git' && $source_file != '.htaccess') {
$source_curfile = $source_fullpath . $SEPARATOR . $source_file;
if(is_dir($source_curfile)) {
$source_list[$source_file] = "<code><a href='{$HREF}dir={$source_curdir1}{$source_file}'>{$source_file}{$SEPARATOR}</a></code>";
} else if(is_file($source_curfile)) {
$source_list[$source_file] = "<code><a href='{$HREF}dir={$source_curdir2}&file={$source_file}'>{$source_file}</a></code>";
}
}
}
closedir($source_dh);
}
}
ksort($source_list);
$source_html .= '<p>';
foreach($source_list as $source_val => $source_key) {
$source_html .= "{$source_key}<br />\n";
}
$source_html .= '</p>';
// -------------------------------------------------------------------------------------------
//
// Show the content of a file, if a file is set
//
$source_dir = $source_fullpath;
$source_file = "";
if(isset($_GET['file'])) {
$source_file = basename($_GET['file']);
$source_filename = $source_dir . $SEPARATOR . $source_file;
if(!is_file($source_filename)) {
die("The file is not a regular file.");
}
// Get the content of the file
$source_content = file_get_contents($source_dir . $SEPARATOR . $source_file);
// Try to detect character encoding
$source_encoding = null;
// Detect character encoding
if(function_exists('mb_detect_encoding')) {
if($source_res = mb_detect_encoding($source_content, "auto, ISO-8859-1", true)) {
$source_encoding = $source_res;
}
}
// Is it BOM?
if(substr($source_content, 0, 3) == chr(0xEF) . chr(0xBB) . chr(0xBF)) {
$source_encoding .= " BOM";
}
// Checking style of line-endings
$source_lineendings = null;
if(isset($source_encoding)) {
$source_lines = explode("\n", $source_content);
$source_l = strlen($source_lines[0]);
if(substr($source_lines[0], $source_l-1, 1) == "\r") {
$source_lineendings = " Windows (CRLF) ";
}else {
$source_lineendings = " Unix (LF) ";
}
}
// Remove password and user from config.php, if enabled
if($HIDE_DB_USER_PASSWORD == TRUE &&
($source_file == 'config.php' || $source_file == 'config.php~')) {
$source_pattern[0] = '/(DB_PASSWORD|DB_USER)(.+)/';
$source_replace[0] = '/* <em>\1, is removed and hidden for security reasons </em> */ \');';
$source_content = preg_replace($source_pattern, $source_replace, $source_content);
}
// Remove password and user from dbconnection.php, if enabled
if($HIDE_DB_USER_PASSWORD == TRUE &&
($source_file == 'dbconnection.php' || $source_file == 'dbconnection.php~')) {
$source_pattern[0] = '/(DB_PASSWORD|DB_USER)(.+)/';
$source_replace[0] = '/* \1, is removed and hidden for security reasons */ ;';
$source_content = preg_replace($source_pattern, $source_replace, $source_content);
}
//
// Display image if a valid image file
//
$source_pathParts = pathinfo($source_dir . $SEPARATOR . $source_file);
$source_extension = isset($source_pathParts['extension']) ? strtolower($source_pathParts['extension']) : '';
//
// Display svg-image or enable link to display svg-image.
//
$source_linkToDisplaySvg = "";
if($source_extension == 'svg') {
if(isset($_GET['displaysvg'])) {
header("Content-type: image/svg+xml");
echo $source_content;
exit;
} else {
$source_linkToDisplaySvg = "<a href='{$_SERVER['REQUEST_URI']}&displaysvg'>Display as SVG</a>";
}
}
//
// Display image if a valid image file
//
if(in_array($source_extension, $IMAGES)) {
if(empty($sourceSubDir) && empty($source_currentdir)) {
$source_imgSrc = $source_file;
} else {
$source_imgSrc = "{$sourceSubDir}{$source_currentdir}/{$source_file}";
}
$source_content = "<div style='overflow:auto;'><img src='{$source_imgSrc}' alt='[image not found]'></div>";
//
// Show syntax if defined
//
} elseif($SYNTAX == 'PHP') {
$source_content = str_replace("\t", $SPACES, $source_content);
$source_content = highlight_string($source_content, TRUE);
$source_sloc = 0;
$source_i=0;
$source_rownums = "";
$source_text = "";
$source_a = explode('<br />', $source_content);
foreach($source_a as $source_row) {
$source_i++;
$source_sloc += (empty($source_row)) ? 0 : 1;
$source_rownums .= "<code><a id='L{$source_i}' href='#L{$source_i}'>{$source_i}</a></code><br />";
$source_text .= $source_row . '<br />';
}
$source_content = <<< EOD
<div class='container'>
<div class='header'>
<!-- {$source_i} lines ({$source_sloc} sloc) -->
<code>{$source_i} lines {$source_encoding} {$source_lineendings} {$source_linkToDisplaySvg}</code>
</div>
<div class='rows'>
{$source_rownums}
</div>
<div class='code'>
{$source_text}
</div>
</div>
EOD;
}
//
// DEFAULT formatting
//
else {
$source_content = htmlspecialchars($source_content);
$source_content = "<pre>{$source_content}</pre>";
}
$source_html .= <<<EOD
<h3 id="file"><code><a href="#file">{$source_file}</a></code></h3>
{$source_content}
EOD;
}
// -------------------------------------------------------------------------------------------
//
// Create and print out the html-page
//
$source_pageTitle = "Show sourcecode";
$source_pageCharset = "utf-8";
$source_pageLanguage = "en";
$sourceBody=$source_html;
$sourceStyle=<<<EOD
div.container {
min-width: 40em;
}
div.header {
color: #000;
border: solid 1px #999;
border-bottom: 0px;
background: #eee;
padding: 0.5em 0.5em 0.5em 0.5em;
}
div.rows {
float: left;
text-align: right;
color: #999;
border: solid 1px #999;
background: #eee;
padding: 0.5em 0.5em 0.5em 0.5em;
}
div.rows a:link,
div.rows a:visited,
div.rows a:hover,
div.rows a:active {
text-decoration:none;
color: inherit;
}
div.code {
white-space: nowrap;
border: solid 1px #999;
background: #f9f9f9;
padding: 0.5em 0.5em 0.5em 0.5em;
overflow:auto;
}
EOD;
if(!isset($sourceNoEcho)) {
// Print the header and page
header("Content-Type: text/html; charset={$source_pageCharset}");
echo <<<EOD
<!DOCTYPE html>
<html lang="{$source_pageLanguage}">
<head>
<meta charset="{$source_pageCharset}" />
<title>{$source_pageTitle}</title>
<meta name="robots" content="noindex" />
<meta name="robots" content="noarchive" />
<style>{$sourceStyle}</style>
<!--[if IE]>
<script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
{$sourceBody}
</body>
</html>
EOD;
exit;
}