test.phar 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294
  1. <?php
  2. $web = 'index.php';
  3. if (in_array('phar', stream_get_wrappers()) && class_exists('Phar', 0)) {
  4. Phar::interceptFileFuncs();
  5. set_include_path('phar://' . __FILE__ . PATH_SEPARATOR . get_include_path());
  6. Phar::webPhar(null, $web);
  7. include 'phar://' . __FILE__ . '/' . Extract_Phar::START;
  8. return;
  9. }
  10. if (@(isset($_SERVER['REQUEST_URI']) && isset($_SERVER['REQUEST_METHOD']) && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'POST'))) {
  11. Extract_Phar::go(true);
  12. $mimes = array(
  13. 'phps' => 2,
  14. 'c' => 'text/plain',
  15. 'cc' => 'text/plain',
  16. 'cpp' => 'text/plain',
  17. 'c++' => 'text/plain',
  18. 'dtd' => 'text/plain',
  19. 'h' => 'text/plain',
  20. 'log' => 'text/plain',
  21. 'rng' => 'text/plain',
  22. 'txt' => 'text/plain',
  23. 'xsd' => 'text/plain',
  24. 'php' => 1,
  25. 'inc' => 1,
  26. 'avi' => 'video/avi',
  27. 'bmp' => 'image/bmp',
  28. 'css' => 'text/css',
  29. 'gif' => 'image/gif',
  30. 'htm' => 'text/html',
  31. 'html' => 'text/html',
  32. 'htmls' => 'text/html',
  33. 'ico' => 'image/x-ico',
  34. 'jpe' => 'image/jpeg',
  35. 'jpg' => 'image/jpeg',
  36. 'jpeg' => 'image/jpeg',
  37. 'js' => 'application/x-javascript',
  38. 'midi' => 'audio/midi',
  39. 'mid' => 'audio/midi',
  40. 'mod' => 'audio/mod',
  41. 'mov' => 'movie/quicktime',
  42. 'mp3' => 'audio/mp3',
  43. 'mpg' => 'video/mpeg',
  44. 'mpeg' => 'video/mpeg',
  45. 'pdf' => 'application/pdf',
  46. 'png' => 'image/png',
  47. 'swf' => 'application/shockwave-flash',
  48. 'tif' => 'image/tiff',
  49. 'tiff' => 'image/tiff',
  50. 'wav' => 'audio/wav',
  51. 'xbm' => 'image/xbm',
  52. 'xml' => 'text/xml',
  53. );
  54. header("Cache-Control: no-cache, must-revalidate");
  55. header("Pragma: no-cache");
  56. $basename = basename(__FILE__);
  57. if (!strpos($_SERVER['REQUEST_URI'], $basename)) {
  58. chdir(Extract_Phar::$temp);
  59. include $web;
  60. return;
  61. }
  62. $pt = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], $basename) + strlen($basename));
  63. if (!$pt || $pt == '/') {
  64. $pt = $web;
  65. header('HTTP/1.1 301 Moved Permanently');
  66. header('Location: ' . $_SERVER['REQUEST_URI'] . '/' . $pt);
  67. exit;
  68. }
  69. $a = realpath(Extract_Phar::$temp . DIRECTORY_SEPARATOR . $pt);
  70. if (!$a || strlen(dirname($a)) < strlen(Extract_Phar::$temp)) {
  71. header('HTTP/1.0 404 Not Found');
  72. echo "<html>\n <head>\n <title>File Not Found<title>\n </head>\n <body>\n <h1>404 - File ", $pt, " Not Found</h1>\n </body>\n</html>";
  73. exit;
  74. }
  75. $b = pathinfo($a);
  76. if (!isset($b['extension'])) {
  77. header('Content-Type: text/plain');
  78. header('Content-Length: ' . filesize($a));
  79. readfile($a);
  80. exit;
  81. }
  82. if (isset($mimes[$b['extension']])) {
  83. if ($mimes[$b['extension']] === 1) {
  84. include $a;
  85. exit;
  86. }
  87. if ($mimes[$b['extension']] === 2) {
  88. highlight_file($a);
  89. exit;
  90. }
  91. header('Content-Type: ' .$mimes[$b['extension']]);
  92. header('Content-Length: ' . filesize($a));
  93. readfile($a);
  94. exit;
  95. }
  96. }
  97. class Extract_Phar
  98. {
  99. static $temp;
  100. static $origdir;
  101. const GZ = 0x1000;
  102. const BZ2 = 0x2000;
  103. const MASK = 0x3000;
  104. const START = 'index.php';
  105. const LEN = 6685;
  106. static function go($return = false)
  107. {
  108. $fp = fopen(__FILE__, 'rb');
  109. fseek($fp, self::LEN);
  110. $L = unpack('V', $a = (binary)fread($fp, 4));
  111. $m = (binary)'';
  112. do {
  113. $read = 8192;
  114. if ($L[1] - strlen($m) < 8192) {
  115. $read = $L[1] - strlen($m);
  116. }
  117. $last = (binary)fread($fp, $read);
  118. $m .= $last;
  119. } while (strlen($last) && strlen($m) < $L[1]);
  120. if (strlen($m) < $L[1]) {
  121. die('ERROR: manifest length read was "' .
  122. strlen($m) .'" should be "' .
  123. $L[1] . '"');
  124. }
  125. $info = self::_unpack($m);
  126. $f = $info['c'];
  127. if ($f & self::GZ) {
  128. if (!function_exists('gzinflate')) {
  129. die('Error: zlib extension is not enabled -' .
  130. ' gzinflate() function needed for zlib-compressed .phars');
  131. }
  132. }
  133. if ($f & self::BZ2) {
  134. if (!function_exists('bzdecompress')) {
  135. die('Error: bzip2 extension is not enabled -' .
  136. ' bzdecompress() function needed for bz2-compressed .phars');
  137. }
  138. }
  139. $temp = self::tmpdir();
  140. if (!$temp || !is_writable($temp)) {
  141. $sessionpath = session_save_path();
  142. if (strpos ($sessionpath, ";") !== false)
  143. $sessionpath = substr ($sessionpath, strpos ($sessionpath, ";")+1);
  144. if (!file_exists($sessionpath) || !is_dir($sessionpath)) {
  145. die('Could not locate temporary directory to extract phar');
  146. }
  147. $temp = $sessionpath;
  148. }
  149. $temp .= '/pharextract/'.basename(__FILE__, '.phar');
  150. self::$temp = $temp;
  151. self::$origdir = getcwd();
  152. @mkdir($temp, 0777, true);
  153. $temp = realpath($temp);
  154. if (!file_exists($temp . DIRECTORY_SEPARATOR . md5_file(__FILE__))) {
  155. self::_removeTmpFiles($temp, getcwd());
  156. @mkdir($temp, 0777, true);
  157. @file_put_contents($temp . '/' . md5_file(__FILE__), '');
  158. foreach ($info['m'] as $path => $file) {
  159. $a = !file_exists(dirname($temp . '/' . $path));
  160. @mkdir(dirname($temp . '/' . $path), 0777, true);
  161. clearstatcache();
  162. if ($path[strlen($path) - 1] == '/') {
  163. @mkdir($temp . '/' . $path, 0777);
  164. } else {
  165. file_put_contents($temp . '/' . $path, self::extractFile($path, $file, $fp));
  166. @chmod($temp . '/' . $path, 0666);
  167. }
  168. }
  169. }
  170. chdir($temp);
  171. if (!$return) {
  172. include self::START;
  173. }
  174. }
  175. static function tmpdir()
  176. {
  177. if (strpos(PHP_OS, 'WIN') !== false) {
  178. if ($var = getenv('TMP') ? getenv('TMP') : getenv('TEMP')) {
  179. return $var;
  180. }
  181. if (is_dir('/temp') || mkdir('/temp')) {
  182. return realpath('/temp');
  183. }
  184. return false;
  185. }
  186. if ($var = getenv('TMPDIR')) {
  187. return $var;
  188. }
  189. return realpath('/tmp');
  190. }
  191. static function _unpack($m)
  192. {
  193. $info = unpack('V', substr($m, 0, 4));
  194. $l = unpack('V', substr($m, 10, 4));
  195. $m = substr($m, 14 + $l[1]);
  196. $s = unpack('V', substr($m, 0, 4));
  197. $o = 0;
  198. $start = 4 + $s[1];
  199. $ret['c'] = 0;
  200. for ($i = 0; $i < $info[1]; $i++) {
  201. $len = unpack('V', substr($m, $start, 4));
  202. $start += 4;
  203. $savepath = substr($m, $start, $len[1]);
  204. $start += $len[1];
  205. $ret['m'][$savepath] = array_values(unpack('Va/Vb/Vc/Vd/Ve/Vf', substr($m, $start, 24)));
  206. $ret['m'][$savepath][3] = sprintf('%u', $ret['m'][$savepath][3]
  207. & 0xffffffff);
  208. $ret['m'][$savepath][7] = $o;
  209. $o += $ret['m'][$savepath][2];
  210. $start += 24 + $ret['m'][$savepath][5];
  211. $ret['c'] |= $ret['m'][$savepath][4] & self::MASK;
  212. }
  213. return $ret;
  214. }
  215. static function extractFile($path, $entry, $fp)
  216. {
  217. $data = '';
  218. $c = $entry[2];
  219. while ($c) {
  220. if ($c < 8192) {
  221. $data .= @fread($fp, $c);
  222. $c = 0;
  223. } else {
  224. $c -= 8192;
  225. $data .= @fread($fp, 8192);
  226. }
  227. }
  228. if ($entry[4] & self::GZ) {
  229. $data = gzinflate($data);
  230. } elseif ($entry[4] & self::BZ2) {
  231. $data = bzdecompress($data);
  232. }
  233. if (strlen($data) != $entry[0]) {
  234. die("Invalid internal .phar file (size error " . strlen($data) . " != " .
  235. $stat[7] . ")");
  236. }
  237. if ($entry[3] != sprintf("%u", crc32((binary)$data) & 0xffffffff)) {
  238. die("Invalid internal .phar file (checksum error)");
  239. }
  240. return $data;
  241. }
  242. static function _removeTmpFiles($temp, $origdir)
  243. {
  244. chdir($temp);
  245. foreach (glob('*') as $f) {
  246. if (file_exists($f)) {
  247. is_dir($f) ? @rmdir($f) : @unlink($f);
  248. if (file_exists($f) && is_dir($f)) {
  249. self::_removeTmpFiles($f, getcwd());
  250. }
  251. }
  252. }
  253. @rmdir($temp);
  254. clearstatcache();
  255. chdir($origdir);
  256. }
  257. }
  258. Extract_Phar::go();
  259. __HALT_COMPILER(); ?>j test.phartest.phpéûœNË6Ó¶folder/test.phpéûœNìĈ¾¶<?php
  260. function test(){}<?php
  261. function test2(){}§.ê£á\H�§ŒÙXršôÔK*GBMB