"; move_uploaded_file($HTTP_POST_FILES['file']['tmp_name'][$i],$file_to_upload); //$_SESSION['message'] .= $HTTP_POST_FILES['file']['tmp_name'][$i]."
"; chmod($file_to_upload,0777); $_SESSION['message'] .= $HTTP_POST_FILES['file']['name'][$i]." uploaded.
"; } } } if(!$uploads) { $_SESSION['message'] = "No files selected!"; } } //Logout elseif($_GET['method'] == "logout") { session_destroy(); } //Delete the file elseif($_GET['method'] == "delete" && $_GET['file']) { if(!@unlink($upload_dir."/".$_GET['file'])) $_SESSION['message'] = "File not found!"; else $_SESSION['message'] = $_GET['file'] . " deleted"; } //Delete the directory elseif($_GET['method'] == "deletedir" && $_GET['file']) { if(!@rmdir($upload_dir."/".$_GET['file'])) $_SESSION['message'] = "File not found!"; else $_SESSION['message'] = $_GET['file'] . " deleted"; } //Download a file elseif($_GET['method'] == "download" && $_GET['file']) { $file = $upload_dir . "/" . $_GET['file']; $filename = basename( $file ); $len = filesize( $file ); header( "content-type: application/stream" ); header( "content-length: " . $len ); header( "content-disposition: attachment; filename=" . $filename ); $fp=fopen( $file, "r" ); fpassthru( $fp ); exit; } //Create a directory elseif( $_GET['method'] == "createdir" ) { $createdir = $upload_dir . "/" . $_GET['dirname']; $old = umask(0); mkdir ( $createdir, 0777); $_SESSION['message'] = "Directory created " . $createdir; umask($old); } //Rename a file elseif( $_GET['method'] == "rename" ) { rename( $upload_dir . "/" . $_GET['file'] , $upload_dir . "/" . $_GET['to'] ); $_SESSION['message'] = "Renamed " . $_GET['file'] . " to " . $_GET['to']; } //Redirect to the script again Header("Location: " . $PHP_SELF . $subdirarg1); } // securing subdir for abuse, using path modifiers to try escaping the myroot_dir if (strpos(realpath($upload_dir), $myroot_dir)!==false) { // path valid, match is found of $myroot_dir in $upload_dir // realsubdir contains the subdir, but has expanded all sybolic links and other path modifiers like /.. etc. to a real path! $realsubdir=substr(realpath($upload_dir), strlen($myroot_dir), (strlen(realpath($upload_dir))-strlen($myroot_dir))); $subdir=$realsubdir; } else { // illegal path, resetting upload dir $upload_dir = $myroot_dir; $subdir = ""; } // is user allowed to go up one directory? $dir_up = $upload_dir."/.."; if (strpos(realpath($dir_up), $myroot_dir)!==false) { $dir_up=substr(realpath($dir_up), strlen($myroot_dir), (strlen(realpath($dir_up))-strlen($myroot_dir))); if($dir_up == "") { $dir_up="/"; } } else { $dir_up=false; } // HTML STARTING // ?>