source.php查看源文件
2024-05-04 22:14:11
供稿:网友
<?php
/**
* Show Source
*
* @author Avenger <avenger@php.net>
* @version $Id 2003-07-10 9:09:03 $
*/
require_once 'header.inc.php';
tpl_load('left.tpl');
// Check url value
if (!isset($_GET['file'])) {
$body = "No page URL specified.";
} else {
// Fix the security hole, thx for jun_test#hotmail.com
$url = str_replace('..', '', $_GET['file']);
if(file_exists($url)) {
$body = "<h4>Source of: /".htmlentities($url)."</h4><hr size=1>";
// If this is a legal dir, then it is under the docroot, else use basename
if (dirname($url)) {
$page_name = $Global['path']."/$url";
} else {
$page_name = basename($url);
}
if (strpos($page_name,'header.inc.php') || $page_name=='header.inc.php') {$page_name='header.inc.bak';}
if (strpos($page_name,'config.php') || $page_name=='config.php') {$page_name='my/config.php.bak';}
$body .= "<!-- ".htmlentities($page_name)." -->/n<code>";
$body .= highlight_file($page_name,true);
$body .= "</code>/n<br><hr size=1><br><br>/n";
} else {
$body .= "<table border='0'><tr><td><img hspace='5' vspace='5' src='/images/page.gif' width='25' height='33' border='0' alt=''></td><td valign='bottom'><h4>该文件不存在!</h4></td></tr></table><hr size=1><font style='COLOR: black; FONT: 8pt/11pt verdana'>Exceed PHP was unable to link to the Page you requested. The page might be temporarily unavailable.</font>/n";
}
