11<?php
2- include ( dirname (__FILE__ ). "/headers.php " ) ;
3- include ( dirname (__FILE__ ). "/settings.php " ) ;
2+ include dirname (__FILE__ ) . "/headers.php " ;
3+ include dirname (__FILE__ ) . "/settings.php " ;
44
5+ // Set some common aliases
6+ $ aliasesarray (
7+ 'la ' =>'ls -la ' ,
8+ 'll ' =>'ls -lvhF ' ,
9+ );
510
6- function proc_open_enabled () {
7- $ disabled = explode ( ' , ' , ini_get ( ' disable_functions ' ));
8- return ! in_array ( ' proc_open ' , $ disabled
11+ // If we have a current working dir in session, change to that dir
12+ if ( true === isset ( $ _SESSION [ ' cwd ' ])) {
13+ chdir ( $ _SESSION [ ' cwd ' ] );
914}
1015
11- if (! proc_open_enabled ()) {
12- exit ( " <span style= \" color: #fff \" >Sorry but you can't use this terminal if your proc_open is disabled</span> \n\n"
13- }
16+ // Get current user and cwd
17+ $ user = str_replace ( "\n" , "" , shell_exec ( " whoami " ) );
18+ $ cwd = str_replace ( "\n" , "" , shell_exec ( " pwd " ));
1419
15- $ aliasesarray (
16- 'la ' =>'ls -la ' ,
17- 'll ' =>'ls -lvhF ' ,
18- );
20+ // Check if we have proc_open_enabled
21+ // (Used later to handle commands)
22+ function proc_open_enabled () {
23+ $ disabledexplode (', ' ,ini_get ('disable_functions ' ));
24+ return false ===in_array ('proc_open ' ,$ disabled
25+ }
1926
20- // Get current working dir
21- $ userstr_replace ("\n" ,"" ,shell_exec ("whoami " ));
22- $ cwdgetcwd ();
27+ // Return HTML prompt plus the command the user provided last
28+ function returnHTMLPromptCommand ($ cmd
29+ global $ user$ cwd
30+ // Begin output with prompt and user command
31+ return '<div class="commandLine"><div class="user"> ' .$ user' </div> ' .
32+ '<div class="cwd"> ' .$ cwd' </div> : ' .date ("H:m:s " ) .
33+ '<br> ' .
34+ '<div class="promptVLine"></div><div class="promptHLine">─<div class="promptArrow">▶</div></div> ' .$ cmd'</div></div><br> ' ;
35+ }
2336
24- // If we have a command
25- if (!empty ($ _REQUEST 'command ' ])) {
26- // Strip any slashes from it
27- if (get_magic_quotes_gpc ()) {
28- $ _REQUEST 'command ' ] =stripslashes ($ _REQUEST 'command ' ]);
29- }
37+ // If proc_open isn't enabled, display prompt, command and a message re needing this enabled
38+ if (false ===proc_open_enabled ()) {
39+ echo json_encode ([
40+ "output " =>returnHTMLPromptCommand ($ _REQUEST 'command ' ] ."<br><br>Sorry but you can't use this terminal if your proc_open is disabled " ),
41+ "user " =>$ user
42+ "cwd " =>$ cwd
43+ ]);
44+ exit ;
45+ }
3046
31- // Begin output with prompt and user command
32- $ output'<div class="commandLine"><div class="user"> ' .$ user' </div> ' .
33- '<div class="path"> ' .$ cwd' </div> : ' .date ("H:m:s " ).
34- '<br> ' .
35- '<div class="promptVLine"></div><div class="promptHLine">─<div class="promptArrow">▶</div></div> ' .$ _REQUEST 'command ' ].'</div><br><br> ' ;
47+ // If in demo mode, display message and go no further
48+ if (true ===$ demoMode
49+ echo json_encode ([
50+ "output " =>returnHTMLPromptCommand ($ _REQUEST 'command ' ] ."<br><br>Sorry, shell usage not enabled in demo mode " ),
51+ "user " =>$ user
52+ "cwd " =>$ cwd
53+ ]);
54+ exit ;
3655}
3756
3857// If in demo mode, display message and go no further
39- if ($ demoMode
40- $ output"Sorry, shell usage not enabled in demo mode \n\n" ;
41- echo $ output
42- exit ;
58+ if (false ===isset ($ _REQUEST 'command ' ])) {
59+ echo json_encode ([
60+ "output " =>returnHTMLPromptCommand ($ _REQUEST 'command ' ] ."<br><br>Sorry, no command received " ),
61+ "user " =>$ user
62+ "cwd " =>$ cwd
63+ ]);
64+ exit ;
4365}
4466
67+ // Strip any slashes from command
68+ $ _REQUEST 'command ' ] =stripslashes ($ _REQUEST 'command ' ]);
69+
70+ // Start output with the prompt and command they provided last
71+ $ outputreturnHTMLPromptCommand ($ _REQUEST 'command ' ]);
72+
4573// If command contains cd but no dir
46- if (preg_match ('/^[[:blank:]]*cd[[:blank:]]*$/ ' , @$ _REQUEST 'command ' ])) {
47- $ _SESSION 'cwd ' ] =getcwd ();//dirname(__FILE__);
74+ if (preg_match ('/^[[:blank:]]*cd[[:blank:]]*$/ ' ,$ _REQUEST 'command ' ])) {
75+ $ _SESSION 'cwd ' ] =$ cwd
76+ $ outputreturnHTMLPromptCommand ("cd " );
4877// Else cd to a dir
49- }elseif (preg_match ('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/ ' ,@ $ _REQUEST 'command ' ],$ regs
78+ }elseif (preg_match ('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/ ' ,$ _REQUEST 'command ' ],$ regs
5079// The current command is 'cd', which we have to handle as an internal shell command
51- // Absolute/relative path ?
52- $ regs1 ][0 ] =='/ ' ) ?$ newDir$ regs1 ] :$ newDir$ _SESSION 'cwd ' ].'/ ' .$ regs1 ];
80+ $ newDir"/ " ===$ regs1 ][0 ] ?$ regs1 ] :$ _SESSION 'cwd ' ] ."/ " .$ regs1 ];
5381
5482// Tidy up appearance on /./
55- while (strpos ($ newDir'/./ ' ) !== false ) {
83+ while (false !== strpos ($ newDir'/./ ' )) {
5684$ newDirstr_replace ('/./ ' ,'/ ' ,$ newDir
5785}
5886// Tidy up appearance on //
59- while (strpos ($ newDir'// ' ) !== false ) {
87+ while (false !== strpos ($ newDir'// ' )) {
6088$ newDirstr_replace ('// ' ,'/ ' ,$ newDir
6189}
6290// Tidy up appearance on other variations
63- while (preg_match ('|/\ .\.(?!\.)| ,$ newDir
64- $ newDirpreg_replace ('|/ ?[^/]+/\.\.(?!\.)| ,'' ,$ newDir
91+ while (preg_match ('/\/\ .\.(?!\.)/ ,$ newDir
92+ $ newDirpreg_replace ('/\/ ?[^\ /]+\ /\.\.(?!\.)/ ,'' ,$ newDir
6593}
6694
6795// Empty dir
@@ -70,36 +98,35 @@ function proc_open_enabled() {
7098}
7199
72100// Test if we could change to that dir, else display error
73- (@chdir ($ newDir$ _SESSION 'cwd ' ] =$ newDir$ output"\n\n Could not change to:$ newDir ;
101+ (@chdir ($ newDir$ _SESSION 'cwd ' ] =$ newDir$ output"Could not change to:$ newDir ;
74102}else {
75- // The command is not a 'cd' command, so we execute it after
76- // changing the directory and save the output.
77- chdir ($ _SESSION 'cwd ' ]);
103+ // The command is not a 'cd' command
78104
79105// Alias expansion
80- $ lengthstrcspn (@ $ _REQUEST 'command ' ]," );
81- $ tokensubstr (@ $ _REQUEST 'command ' ],0 ,$ length
82- if (isset ($ aliases$ token
83- $ _REQUEST 'command ' ] =$ aliases$ token. substr ($ _REQUEST 'command ' ],$ length
106+ $ lengthstrcspn ($ _REQUEST 'command ' ]," );
107+ $ tokensubstr ($ _REQUEST 'command ' ],0 ,$ length
108+ if (true === isset ($ aliases$ token
109+ $ _REQUEST 'command ' ] =$ aliases$ token . substr ($ _REQUEST 'command ' ],$ length
84110}
85111
86112// Open a proc with array and $io return
87113$ pproc_open (
88- @ $ _REQUEST 'command ' ],
114+ $ _REQUEST 'command ' ],
89115array (
901161 =>array ('pipe ' ,'w ' ),
911172 =>array ('pipe ' ,'w ' )
92118),
93119$ io
94120);
95-
121+
96122// Read output sent to stdout
97- while (!feof ($ io1 ])) {/// this will return always false ... and will loop forever until "fork: retry: no child processes" will show if proc_open is disabled;
98- $ outputhtmlspecialchars (fgets ($ io1 ]),ENT_COMPAT ,'UTF-8 ' );
123+ while (false ===feof ($ io1 ])) {
124+ // this will return always false ... and will loop forever until "fork: retry: no child processes" will show if proc_open is disabled;
125+ $ outputhtmlspecialchars (fgets ($ io1 ]),ENT_COMPAT ,'UTF-8 ' );
99126}
100127// Read output sent to stderr
101- while (! feof ($ io2 ])) {
102- $ outputhtmlspecialchars (fgets ($ io2 ]),ENT_COMPAT ,'UTF-8 ' );
128+ while (false === feof ($ io2 ])) {
129+ $ outputhtmlspecialchars (fgets ($ io2 ]),ENT_COMPAT ,'UTF-8 ' );
103130}
104131$ output"\n" ;
105132
@@ -109,6 +136,16 @@ function proc_open_enabled() {
109136proc_close ($ p
110137}
111138
112- // Finally, output our string
113- echo $ output
139+ // Change to the cwd in session
140+ chdir ($ _SESSION 'cwd ' ]);
141+ // and again ask for current user and working dir
142+ $ userstr_replace ("\n" ,"" ,shell_exec ("whoami " ));
143+ $ cwdstr_replace ("\n" ,"" ,shell_exec ("pwd " ));
144+
145+ // Finally, output our JSON data
146+ echo json_encode ([
147+ "output " =>$ output
148+ "user " =>$ user
149+ "cwd " =>$ cwd
150+ ]);
114151
