1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
<?php
function php_chdir($dir) {
$ret = chdir($dir);
echo '<input type="hidden" name="d" value="'.getcwd().'" />';
return $ret;
}
abstract class prog { public static abstract function main($args, $env); }
function php_exec($com, $cwd='') {
if ($cwd != '') { php_chdir($cwd); }
if ($com=='') { return 0; }
$root = dirname(__FILE__);
$ifs=' ';
$path = $root.'/bin';
$env = array('IFS' => $ifs, 'PATH' => $path);
$coms = array(); $stdout_dest = array();
$a = 0;
$c = 0;
$q = '';
while ($com != '') {
$char = substr($com,0,1);
$com = substr($com,1);
if (substr_count ('\'',$char)!==0) {
if (substr($q,0,1)===$char) {
$q = substr($q,1);
} else {
$q = $char.$q;
}
} elseif ($q != '') {
$coms[$c][$a].=$char;
} elseif (substr_count ($ifs,$char)!==0) {
if (isset($coms[$c][$a])) {
$a++;
}
} elseif (substr_count (';',$char)!==0) {
$stdout_dest[$c] = '/dev/stdout';
$c++; $a=0;
} elseif (substr_count ('|',$char)!==0) {
$stdout_dest[$c] = '/dev/stdin';
$c++; $a=0;
} else {
$coms[$c][$a].=$char;
}
}
if (!isset($stdout_dest[$c])) {
$stdout_dest[$c] = '/dev/stdout';
}
$ret=0;
if (!isset($_POST['stdin'])) { $_POST['stdin']=''; }
foreach ($coms as $key => $args) {
if ($stdout_dest[$key] != '/dev/stdout') {
ob_start();
}
if (!class_exists('p_'.$args[0])) {
$file=$path.'/'.$args[0].'.php';
if (file_exists($file)) {
include($file);
}
}
if (class_exists('p_'.$args[0])) {
$ret = call_user_func(array('p_'.$args[0],'main'),$args,$env);//main($args,$env);
} else {
echo 'sh: command not found: `'.$args[0]."'\n";
$ret = 1;
}
if ($stdout_dest[$key] != '/dev/stdout') {
switch ($stdout_dest[$key]) {
case '/dev/stdin': $_POST['stdin']=ob_get_contents(); break;
default: file_put_contents($stdout_dest[$key],ob_get_contents()); break;
}
ob_end_clean();
}
}
return $ret;
}
|
