. *************************************/ function ldir($ListDir,$hiddentypes=array(NULL),$hiddenfiles=array(NULL),$GET=NULL) { $version = "1.7.6"; $Icons_Mirror = "http://dl.dropbox.com/u/14071642/lister/"; $Icons_Host = "http://dl.dropbox.com/"; $return = 1; $self=$_SERVER['SCRIPT_NAME']; $self_temp = strrpos($self,"/"); $self_temp = substr($self,$self_temp ,strlen($self)); $self_temp = ltrim($self_temp,"/"); $self = $self_temp; unset($self_temp); if($GET !== NULL) { $GET = "?".$GET."&"; } else { $GET = "?"; } function version_check($current,$latest_location) { $latest = @file_get_contents($latest_location); $latest = explode(".",$latest); $current = explode(".",$current); $li = count($latest); $ci = count($current); $i = 0; if($li==$ci) { do { if ($latest[$i] > $current[$i]) { return true; } else { $i++; } } while (($i != $ci)||($i != $li)); return false; } else { // This is if the version numbers are in different formats. return false; } } function url_exists($url) { $handle = curl_init($url); if (false === $handle) { return false; } curl_setopt($handle, CURLOPT_HEADER, false); curl_setopt($handle, CURLOPT_FAILONERROR, true); curl_setopt($handle, CURLOPT_HTTPHEADER, Array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15") ); curl_setopt($handle, CURLOPT_NOBODY, true); curl_setopt($handle, CURLOPT_RETURNTRANSFER, false); $connectable = curl_exec($handle); curl_close($handle); return $connectable; } echo "\n"; //Add these onto the list of what to hide and what not to $hiddenfiles[] = $self; $hiddenfiles[] = ".htpasswd"; $hiddenfiles[] = ".htaccess"; if(isset($_GET['f'])) { if((isset($_GET['f']))&&($_GET['f']=="")) { //This WILL break if ob_start() isnt called. header("location: ".$self.$GET); ob_flush(); return false; } // Add some checks here eventually! $fldr = $_GET['f']; //Checking for injection. Now allows ..folder/ $injection = strpos($fldr, ".."); if($injection > -1) { $inject_temp = strlen($fldr); $inject_temp = $inject_temp - $injection; $inject_temp2[0] = substr($fldr,$injection,$inject_temp); unset($inject_temp); $inject_temp2[1] = strlen($inject_temp2[0]); if($inject_temp2[1] > 2) { $inject_temp2[3] = strpos($inject_temp2[0], "/"); if($inject_temp2[3]!=2) { $injection = -1; echo $injection_temp2[3]; } unset ($inject_temp2); } } $directory = $ListDir."/".$fldr."/"; } else { $directory = $ListDir."/"; } if (@file_exists($directory)) { //Check for PHP version, v4 doesn't support scandir() if (!function_exists("scandir")) { function scandir($directory) { $dtemp = @opendir($directory); if($dtemp == true) { while (false !== ($ftemp = readdir($dtemp))) { $dir[] = $ftemp; } unset ($ftemp); unset ($dtemp); return $dir; } else { return false; } } } } else { echo "Cannot Display Directory"; } $dir = @scandir($directory); if ($dir==false) { $here = 1; if(!empty($fldr)) { $return = 2; } else { return false; } } if($injection > -1) { //This is when people try to Inject if($return==1) { $return = 4; } $entity[0] = "\n\t\t\n\t\t\t\"Error\"\n\t\t\t \n\t\t\tError: No access allowed.\n\t\t\t \n\t\t\tERROR\n\t\t"; } else { if(!url_exists($Icons_Host)) { //If the icons cannot be retreieved. $return = 3; } $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $URL = "http://".$host.$uri."/".$extra; $i = 0; do { $linkmaker = 0; $linky[$i] = $directory."/".$dir[$i]; $extt[0] = strrpos($dir[$i], "."); $extt[0]++; $extt[1] = strlen($dir[$i]); $extt[2] = ($extt[1] - $extt[0]); $ext = substr($dir[$i], $extt[0],$extt[2]); unset($extt); if(is_dir($linky[$i])) { $img = "folder.png"; $type = "Folder"; $size = "N/A"; if(isset($_GET['f'])) { $linky[$i] = $GET."f=".$fldr."/".$dir[$i]; } else { $linky[$i] = $GET."f=".$dir[$i]; } } else { if(url_exists($Icons_Mirror.strtolower($ext).".png")) { $img = strtolower($ext).".png"; $type = strtoupper($ext)." File"; } else { $img = "unknown.png"; $type = "Unknown File"; } $size = @filesize($linky[$i]); $size = round(($size/1024)/1024,2)." MB"; $linky[$i] = $URL.$directory.$dir[$i]; } // Hide dot files $dott = strpos($dir[$i],"."); $dott++; if(($dir[$i] == ".")||($dir[$i] == "..")) { // Hide parent folder and self $entity[$i] = ""; } elseif ((in_array($dir[$i],$hiddenfiles))||(in_array($ext,$hiddentypes))) { $entity[$i] = ""; } elseif((in_array(".?",$hiddentypes))&&($dott == "1")) { // Hide dot files $entity[$i] = ""; } else { $entity[$i] = "\n\t\t\n\t\t\t\"".$type."\"\n\t\t\t \n\t\t\t".$dir[$i]."\n\t\t\t \n\t\t\t".$size."\n\t\t"; } $i++; } while(isset($dir[$i])); $backlink = strrpos($fldr,"/"); $backlink = substr($fldr,$backlink,strlen($fldr)); $backlink = strlen($backlink); $backlink = substr($fldr,0,-$backlink); $backlink = $GET."f=".urlencode($backlink); } //Output the list echo "\n
"; echo "\n\tRefresh"; echo "\n\t

\"Directory ".ucfirst($directory)."

"; echo "\n\t"; echo "\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t"; if((isset($_GET['f']))&&(!($injection > -1))&&($_GET['f']!="")) { echo "\n\t\t"; } $i = 0; do { echo $entity[$i]; $i++; } while(isset($entity[$i])); echo "\n\t
Type File Name File Size
\"Parent Parent Folder  
"; echo "\n\t
"; if($update === true) { echo "

ldir() Update Available.

"; } echo "\n
"; echo "\n\n"; if ($return == 0) { return false; } else if($return == 1) { return true; } else { return $return; } } ?>