This zip file was identified as ltshell-3.6.zip

1 files changed, 37 insertions, 17 deletions

diff --git a/shell/shell.php b/shell/shell.php
index 7ad8ae2..499441d 100644
--- a/shell/shell.php
+++ b/shell/shell.php
@@ -1,28 +1,48 @@
 <?php if (!isset($LTS)) { die(); }
 
-	include('exec.php');
-	if (isset($_POST['stddest'])) {
-		$_POST['c'] = $_POST['stddest'];
-	}
+include('exec.php');
+
+// Set up environment
+$ltshell_dir = dirname(__FILE__);
+$env['PATH'] = $ltshell_dir.'/bin';
+$env['IFS'] = " \t\n";
+if (isset($_POST['d'])) { chdir($_POST['d']); }
+$env['CWD'] = getcwd();
+
+// Check for an incomplete command
+if (isset($_POST['stdout_dest'])) {
+	$_POST['c'] = $_POST['stdout_dest'];
+	unset($_POST['stdout_dest']);
+}
+
+// Figure out what needs to be displayed on the terminal
+ob_start();
 	if ($_POST['c'] == 'clear') {
-		$term = '';
+		lts_chdir('.');
 	} else {
-		ob_start();
-		echo $_POST['t'];
+		echo htmlentities($_POST['stdout']);
 		echo $_POST['c']."\n";
-		php_exec($_POST['c'],$_POST['d']);
+		
+		lts_shell_exec($_POST['c'],$env);
+		
 		echo '$ ';
-		$term = ob_get_contents();
-		ob_end_clean();
 	}
+$term = ob_get_contents();
+ob_end_clean();
+
+// Display it
 ?>
 <div class="term"><?php
-	?><form action="<?php echo $_SERVER['PHP_SELF'];?>#prompt" method="post"><?php
-	php_chdir('.');
-	echo $term;
-	echo $sh;
-	?><input id="prompt" type="text" name="c" /><?php
-	?><textarea name="t" class="hidden" readonly="readonly"><?php echo preg_replace('/<[^>]*>/','',$term); ?></textarea><?php
-	?></form><?php
+	echo '<form action="'.$_SERVER['PHP_SELF'].'#prompt" method="post">';
+		echo $term;
+		echo '<input id="prompt" type="text" name="c" />';
+		echo '<textarea name="stdout" class="hidden" readonly="readonly">';
+			// this PCRE is so that only markup from the current
+			// command ends up on the terminal; the rest gets
+			// stripped out
+			echo preg_replace('/<[^>]*>/','',$term);
+		echo '</textarea>';
+	echo '</form>';
 ?></div>
 </form>
+