<?
function rvError($code, $name, $message) {
global $raw;
header("Status: $code $name", true, 404);
if (!$raw) {
print "<h1>$code $name</h1>";
print "<p>".htmlspecialchars($message)."</p>";
}
die();
}
function pathencode( $p ) {
$p= urlencode( $p );
$p= str_replace('%2F', '/', $p);
return $p;
}
function rvURL($repos, $path, $params = '') {
global $rawview;
$u= $rawview;
if ($repos!=='' && $repos!=='/' && $repos!==NULL) {
$u.= '/' . pathencode($repos);
if ($path!=='' && $path!=='/' && $path!==NULL) {
$u.= '/' . pathencode($path);
}
}
if ($params !== '' && $params !== NULL) {
$u.= '?' . $params;
}
return $u;
}
function isTextType( $mime ) {
global $texttypes;
if (preg_match('!^text/!', $mime)) return true;
if (in_array( $mime, $texttypes )) return true;
return false;
}
function getMimeType( $file ) {
global $mimetypes, $externalmime;
if (preg_match('!\.([^./]+)$!', $file, $m)) $ext= $m[1];
else $ext= '';
$ext= strtolower($ext);
if (isset($mimetypes[$ext])) {
return $mimetypes[$ext];
}
$mime= false;
if (function_exists('finfo_open')) {
$fi= finfo_open( );
$mime= finfo_file( $fi, $file, FILEINFO_MIME );
finfo_close($fi);
}
else if ($externalmime) {
$f= escapeshellarg($file);
$mime= `file -bi $f`;
}
if (!$mime) {
$fh= fopen($file, 'r');
if ($fh) {
$chunk= fread($fh, 1024);
fclose($fh);
if (preg_match('@^#!/[-\w/]+/([\w+])[-\d\w]@ms', $chunk, $m)) {
$mime= 'application/x-shellscript'; #TODO: detect perl, etc?
}
else {
$sz= strlen($chunk);
for ($i= 0; $i<$sz; $i+= 1) {
$ch= ord($chunk[$i]);
if ( $ch < 0x09
|| ( $ch > 0x0D && $ch < 0x20 )
|| $ch=== 0x0B || $ch=== 0x0C ) {
if ($ext) $mime= 'application/x-'.$ext;
else $mime= 'application/octet-stream';
break;
}
}
if (!$mime) {
if ($ext) $mime= 'text/x-'.$ext;
else $mime= 'text/plain';
}
}
}
if (!$mime) {
if ($ext) $mime= 'application/x-'.$ext;
else $mime= 'application/octet-stream';
}
}
if (preg_match('!^(\w+)/([-.+\w\d]+).*!', $mime, $m)) $mime= $m[1].'/'.$m[2];
if ($mime=='application/octet-stream') $mime= '_binary_';
else if ($mime=='application/binary') $mime= '_binary_';
else if ($mime=='unknown/unknown') $mime= '_binary_';
return $mime;
}
function checkAccess( $path, $file ) {
global $deny;
if (!file_exists( $file )) {
#print "(( can't find $file ))";
return false;
}
if (!is_readable( $file )) {
#print "(( can't read $file ))";
return false;
}
$p= $path;
$f= $file;
while ($p !== '' && $p !== '/' && $p !== '.') {
if (is_link($f)) return false;
$p= dirname($p);
$f= dirname($f);
}
$path= "/$path"; #hack
foreach ( $deny as $pattern ) {
if ( preg_match($pattern, $path) ) {
#print "(( $path denied because: $pattern))";
return false;
}
}
return true;
}
error_reporting( E_ALL );
ini_set("display_errors", 1);
$deny= array(
#'!/\.!', #dot files
#'!/core$!', #core dumps
);
$texttypes= array(
'application/x-python',
'application/x-perl',
'application/x-httpd-php',
'application/x-shellscript',
);
$mimetypes= array(
'txt' => 'text/plain',
'html' => 'text/html',
'htm' => 'text/html',
'py' => 'application/x-python',
'pl' => 'application/x-perl',
'php' => 'application/x-php',
'sh' => 'application/x-shellscript',
'js' => 'text/javascript',
'css' => 'text/css',
'png' => 'image/png',
'jpg' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'gif' => 'image/gif',
);
$viewers= array(
'_root_' => 'rootview.php',
'_dir_' => 'dirview.php',
'_binary_' => 'linkview.php',
'text/plain' => 'textview.php',
'application/x-httpd-php' => 'phpview.php',
'application/x-php' => 'phpview.php',
'text/html' => 'geshiview.php',
'application/x-html' => 'geshiview.php',
'text/xml' => 'geshiview.php',
'application/xml' => 'geshiview.php',
'application/x-xml' => 'geshiview.php',
'application/x-perl' => 'geshiview.php',
'application/x-python' => 'geshiview.php',
'application/x-shellscript' => 'geshiview.php',
'application/x-php' => 'geshiview.php',
'application/x-java' => 'geshiview.php',
'application/x-javascript' => 'geshiview.php',
'application/x-sql' => 'geshiview.php',
'text/javascript' => 'geshiview.php',
'text/ecmascript' => 'geshiview.php',
'image/png' => 'imageview.php',
'image/jpeg' => 'imageview.php',
'image/gif' => 'imageview.php',
);
$geshilang= array(
'application/x-shellscript' => 'bash',
'text/html' => 'html4strict',
'text/ecmascript' => 'javascript',
);
$externalmime= true;
$geshipath= false;
$charset= "utf-8";
$timezone= 'UTC';
$hideforbidden= true;
$skin= "skin.php";
$css= false;
$header= false;
$footer= false;
$sidebar= false;
$cachetime= 24 * 60 * 60;
include('rvconfig.php');
if (function_exists('date_default_timezone_set')) {
date_default_timezone_set( $timezone );
}
$p= '';
if (isset($_REQUEST['path'])) $p= $_REQUEST['path'];
else if (isset($_SERVER['PATH_INFO'])) $p= $_SERVER['PATH_INFO'];
if (get_magic_quotes_gpc()) $p= stripslashes($p);
$rawview= false;
if (isset($_SERVER['PATH_INFO']) && isset($_SERVER['SCRIPT_URL'])) {
$rawview= substr($_SERVER['SCRIPT_URL'], 0, strlen($_SERVER['SCRIPT_URL']) - strlen($_SERVER['PATH_INFO']));
}
if (!$rawview) $rawview= $_SERVER['SCRIPT_NAME'];
$rawpath= dirname($rawview);
if ($p==='' || $p==='/') {
$repos= "_root_";
$path= false;
}
else {
if (preg_match('!^[/:]?([-_\w\d]+)[:/](.*)$!', $p, $m)) {
$path= $m[2];
$repos= $m[1];
}
else {
$path= '/';
if (preg_match('!^[/:](.*)$!', $p, $m)) $repos= $m[1];
else $repos= $p;
}
}
if ($path==='' || $path==='.') $path= '/';
$raw= isset($_REQUEST['raw']);
$reposconf= "$repos.repos.php";
if (!preg_match('!^[\w\d]([.-\w\s]*[\w\d])?$!', $repos)) {
rvError(404, 'Not Found', 'bad repository: ' . $repos);
}
if (!file_exists($reposconf)) {
if ( $repos == '_root_' ) {
$reposconf= false;
$reposdir= false;
}
else {
rvError(404, 'Not Found', 'no such repository: ' . $repos);
}
}
if (file_exists('_default_.repos.php')) require('_default_.repos.php');
if ($reposconf) require($reposconf);
if ($repos!='_root_') {
if (!isset($reposdir)) {
rvError(500, 'Internal Server Error', 'misconfigured repository, missing $reposdir');
}
if (preg_match('!(/\.\.?/|^\.\.?/|/\.\.?$|^\.\.?$)!', $path)) {
rvError(404, 'Not Found', 'bad path: ' . $path);
}
if ($path=='/') {
$file= $reposdir;
$title= "$repos";
}
else {
$file= "$reposdir/$path";
$title= basename($path);
}
if (!checkAccess($path, $file)) {
rvError(403, 'Forbidden', 'access denied to ' . $path);
}
if (is_dir($file)) $filetype= '_dir_';
else {
$filetype = getMimeType( $file );
}
}
else {
$file= false;
$path= false;
$filetype= '_root_';
$title= "root";
}
$mimetype= $filetype;
if ( isTextType( $mimetype ) ) $mimetype= "$mimetype; charset=$charset"; #FIXME: different charset?...
if ($filetype!='_root_') $modtime= filemtime($file);
else $modtime= false;
if ($raw && $filetype!='_root_' && $filetype!='_dir_') {
if ($mimetype=='_binary_') $mimetype= "application/octet-stream";
header("Content-Type: $mimetype");
if ($modtime) {
header("Last-Modified: " . date('r', $modtime));
if ($cachetime) header("Expires: " . date('r', $modtime + $cachetime));
}
readfile( $file );
}
else {
if (preg_match('!_\w+_!',$mimetype)) $mimetype= "text/html; charset=$charset";
$view= @$viewers[ $filetype ];
if (!$view) {
if ( isTextType( $filetype ) ) $view= @$viewers[ 'text/plain' ];
else $view= @$viewers[ '_binary_' ];
}
if (!$view) {
rvError(500, 'Internal Server Error', 'misconfigured repository, can\'t determine view template for type ' . $filetype);
}
header("Content-Type: text/html; charset=$charset" );
if ($modtime) {
header("Last-Modified: " . date('r', $modtime));
if ($cachetime) header("Expires: " . date('r', $modtime + $cachetime));
}
require( $skin );
}
?> rawview.php.bak
text/x-php, 9381 bytes (load raw)
