📄 index.php
字号:
}
//
// STRIP SLASHES FROM GPC IF NECESSARY
//
if ($_system['stripslashes'])
{
function _stripslashes($value)
{
return is_array($value) ? array_map('_stripslashes', $value) : (is_string($value) ? stripslashes($value) : $value);
}
$_GET = _stripslashes($_GET);
$_POST = _stripslashes($_POST);
$_COOKIE = _stripslashes($_COOKIE);
}
//
// FIGURE OUT WHAT TO DO (POST URL-form submit, GET form request, regular request, basic auth, cookie manager, show URL-form)
//
if (isset($_POST[$_config['url_var_name']]) && !isset($_GET[$_config['url_var_name']]))
{
header('Location: ' . $_script_url . '?' . $_config['url_var_name'] . '=' . encode_url($_POST[$_config['url_var_name']]) . '&' . $_config['flags_var_name'] . '=' . base_convert($_iflags, 2, 16));
exit(0);
}
if (isset($_GET[$_config['get_form_name']]))
{
$_url = decode_url($_GET[$_config['get_form_name']]);
$qstr = strpos($_url, '?') !== false ? (strpos($_url, '?') === strlen($_url)-1 ? '' : '&') : '?';
$arr = explode('&', $_SERVER['QUERY_STRING']);
if (preg_match('#^\Q' . $_config['get_form_name'] . '\E#', $arr[0]))
{
array_shift($arr);
}
$_url .= $qstr . implode('&', $arr);
}
else if (isset($_GET[$_config['url_var_name']]))
{
$_url = decode_url($_GET[$_config['url_var_name']]);
}
else if (isset($_GET['action']) && $_GET['action'] == 'cookies')
{
show_report(array('which' => 'cookies'));
}
else
{
show_report(array('which' => 'index', 'category' => 'entry_form'));
}
if (isset($_GET[$_config['url_var_name']], $_POST[$_config['basic_auth_var_name']], $_POST['username'], $_POST['password']))
{
$_request_method = 'GET';
$_basic_auth_realm = base64_decode($_POST[$_config['basic_auth_var_name']]);
$_basic_auth_header = base64_encode($_POST['username'] . ':' . $_POST['password']);
}
//
// SET URL
//
if (strpos($_url, '://') === false)
{
$_url = 'http://' . $_url;
}
if (url_parse($_url, $_url_parts))
{
$_base = $_url_parts;
if (!empty($_hosts))
{
foreach ($_hosts as $host)
{
if (preg_match($host, $_url_parts['host']))
{
show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'external', 'error' => 1));
}
}
}
}
else
{
show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'external', 'error' => 2));
}
//
// HOTLINKING PREVENTION
//
if (!$_config['allow_hotlinking'] && isset($_SERVER['HTTP_REFERER']))
{
$_hotlink_domains[] = $_http_host;
$is_hotlinking = true;
foreach ($_hotlink_domains as $host)
{
if (preg_match('#^https?\:\/\/(www)?\Q' . $host . '\E(\/|\:|$)#i', trim($_SERVER['HTTP_REFERER'])))
{
$is_hotlinking = false;
break;
}
}
if ($is_hotlinking)
{
switch ($_config['upon_hotlink'])
{
case 1:
show_report(array('which' => 'index', 'category' => 'error', 'group' => 'resource', 'type' => 'hotlinking'));
break;
case 2:
header('HTTP/1.0 404 Not Found');
exit(0);
default:
header('Location: ' . $_config['upon_hotlink']);
exit(0);
}
}
}
//
// OPEN SOCKET TO SERVER
//
do
{
$_retry = false;
$_socket = @fsockopen(($_url_parts['scheme'] === 'https' && $_system['ssl'] ? 'ssl://' : 'tcp://') . $_url_parts['host'], $_url_parts['port'], $err_no, $err_str, 30);
if ($_socket === false)
{
show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'internal', 'error' => $err_no));
}
//
// SET REQUEST HEADERS
//
$_request_headers = $_request_method . ' ' . $_url_parts['path'];
if (isset($_url_parts['query']))
{
$_request_headers .= '?';
$query = preg_split('#([&;])#', $_url_parts['query'], -1, PREG_SPLIT_DELIM_CAPTURE);
for ($i = 0, $count = count($query); $i < $count; $_request_headers .= implode('=', array_map('urlencode', array_map('urldecode', explode('=', $query[$i])))) . (isset($query[++$i]) ? $query[$i] : ''), $i++);
}
$_request_headers .= " HTTP/1.0\r\n";
$_request_headers .= 'Host: ' . $_url_parts['host'] . $_url_parts['port_ext'] . "\r\n";
if (isset($_SERVER['HTTP_USER_AGENT']))
{
$_request_headers .= 'User-Agent: ' . $_SERVER['HTTP_USER_AGENT'] . "\r\n";
}
if (isset($_SERVER['HTTP_ACCEPT']))
{
$_request_headers .= 'Accept: ' . $_SERVER['HTTP_ACCEPT'] . "\r\n";
}
else
{
$_request_headers .= "Accept: */*;q=0.1\r\n";
}
if ($_flags['show_referer'] && isset($_SERVER['HTTP_REFERER']) && preg_match('#^\Q' . $_script_url . '?' . $_config['url_var_name'] . '=\E([^&]+)#', $_SERVER['HTTP_REFERER'], $matches))
{
$_request_headers .= 'Referer: ' . decode_url($matches[1]) . "\r\n";
}
if (!empty($_COOKIE))
{
$_cookie = '';
$_auth_creds = array();
foreach ($_COOKIE as $cookie_id => $cookie_content)
{
$cookie_id = explode(';', rawurldecode($cookie_id));
$cookie_content = explode(';', rawurldecode($cookie_content));
if ($cookie_id[0] === 'COOKIE')
{
$cookie_id[3] = str_replace('_', '.', $cookie_id[3]); //stupid PHP can't have dots in var names
if (count($cookie_id) < 4 || ($cookie_content[1] == 'secure' && $_url_parts['scheme'] != 'https'))
{
continue;
}
if ((preg_match('#\Q' . $cookie_id[3] . '\E$#i', $_url_parts['host']) || strtolower($cookie_id[3]) == strtolower('.' . $_url_parts['host'])) && preg_match('#^\Q' . $cookie_id[2] . '\E#', $_url_parts['path']))
{
$_cookie .= ($_cookie != '' ? '; ' : '') . (empty($cookie_id[1]) ? '' : $cookie_id[1] . '=') . $cookie_content[0];
}
}
else if ($cookie_id[0] === 'AUTH' && count($cookie_id) === 3)
{
$cookie_id[2] = str_replace('_', '.', $cookie_id[2]);
if ($_url_parts['host'] . ':' . $_url_parts['port'] === $cookie_id[2])
{
$_auth_creds[$cookie_id[1]] = $cookie_content[0];
}
}
}
if ($_cookie != '')
{
$_request_headers .= "Cookie: $_cookie\r\n";
}
}
if (isset($_url_parts['user'], $_url_parts['pass']))
{
$_basic_auth_header = base64_encode($_url_parts['user'] . ':' . $_url_parts['pass']);
}
if (!empty($_basic_auth_header))
{
$_set_cookie[] = add_cookie("AUTH;{$_basic_auth_realm};{$_url_parts['host']}:{$_url_parts['port']}", $_basic_auth_header);
$_request_headers .= "Authorization: Basic {$_basic_auth_header}\r\n";
}
else if (!empty($_basic_auth_realm) && isset($_auth_creds[$_basic_auth_realm]))
{
$_request_headers .= "Authorization: Basic {$_auth_creds[$_basic_auth_realm]}\r\n";
}
else if (list($_basic_auth_realm, $_basic_auth_header) = each($_auth_creds))
{
$_request_headers .= "Authorization: Basic {$_basic_auth_header}\r\n";
}
if ($_request_method == 'POST')
{
if (!empty($_FILES) && $_system['uploads'])
{
$_data_boundary = '----' . md5(uniqid(rand(), true));
$array = set_post_vars($_POST);
foreach ($array as $key => $value)
{
$_post_body .= "--{$_data_boundary}\r\n";
$_post_body .= "Content-Disposition: form-data; name=\"$key\"\r\n\r\n";
$_post_body .= urldecode($value) . "\r\n";
}
$array = set_post_files($_FILES);
foreach ($array as $key => $file_info)
{
$_post_body .= "--{$_data_boundary}\r\n";
$_post_body .= "Content-Disposition: form-data; name=\"$key\"; filename=\"{$file_info['name']}\"\r\n";
$_post_body .= 'Content-Type: ' . (empty($file_info['type']) ? 'application/octet-stream' : $file_info['type']) . "\r\n\r\n";
if (is_readable($file_info['tmp_name']))
{
$handle = fopen($file_info['tmp_name'], 'rb');
$_post_body .= fread($handle, filesize($file_info['tmp_name']));
fclose($handle);
}
$_post_body .= "\r\n";
}
$_post_body .= "--{$_data_boundary}--\r\n";
$_request_headers .= "Content-Type: multipart/form-data; boundary={$_data_boundary}\r\n";
$_request_headers .= "Content-Length: " . strlen($_post_body) . "\r\n\r\n";
$_request_headers .= $_post_body;
}
else
{
$array = set_post_vars($_POST);
foreach ($array as $key => $value)
{
$_post_body .= !empty($_post_body) ? '&' : '';
$_post_body .= $key . '=' . $value;
}
$_request_headers .= "Content-Type: application/x-www-form-urlencoded\r\n";
$_request_headers .= "Content-Length: " . strlen($_post_body) . "\r\n\r\n";
$_request_headers .= $_post_body;
$_request_headers .= "\r\n";
}
$_post_body = '';
}
else
{
$_request_headers .= "\r\n";
}
fwrite($_socket, $_request_headers);
//
// PROCESS RESPONSE HEADERS
//
$_response_headers = $_response_keys = array();
$line = fgets($_socket, 8192);
while (strspn($line, "\r\n") !== strlen($line))
{
@list($name, $value) = explode(':', $line, 2);
$name = trim($name);
$_response_headers[strtolower($name)][] = trim($value);
$_response_keys[strtolower($name)] = $name;
$line = fgets($_socket, 8192);
}
sscanf(current($_response_keys), '%s %s', $_http_version, $_response_code);
if (isset($_response_headers['content-type']))
{
list($_content_type, ) = explode(';', str_replace(' ', '', strtolower($_response_headers['content-type'][0])), 2);
}
if (isset($_response_headers['content-length']))
{
$_content_length = $_response_headers['content-length'][0];
unset($_response_headers['content-length'], $_response_keys['content-length']);
}
if (isset($_response_headers['content-disposition']))
{
$_content_disp = $_response_headers['content-disposition'][0];
unset($_response_headers['content-disposition'], $_response_keys['content-disposition']);
}
if (isset($_response_headers['set-cookie']) && $_flags['accept_cookies'])
{
foreach ($_response_headers['set-cookie'] as $cookie)
{
$name = $value = $expires = $path = $domain = $secure = $expires_time = '';
preg_match('#^\s*([^=;,\s]*)\s*=?\s*([^;]*)#', $cookie, $match) && list(, $name, $value) = $match;
preg_match('#;\s*expires\s*=\s*([^;]*)#i', $cookie, $match) && list(, $expires) = $match;
preg_match('#;\s*path\s*=\s*([^;,\s]*)#i', $cookie, $match) && list(, $path) = $match;
preg_match('#;\s*domain\s*=\s*([^;,\s]*)#i', $cookie, $match) && list(, $domain) = $match;
preg_match('#;\s*(secure\b)#i', $cookie, $match) && list(, $secure) = $match;
$expires_time = empty($expires) ? 0 : intval(@strtotime($expires));
$expires = ($_flags['session_cookies'] && !empty($expires) && time()-$expires_time < 0) ? '' : $expires;
$path = empty($path) ? '/' : $path;
if (empty($domain))
{
$domain = $_url_parts['host'];
}
else
{
$domain = '.' . strtolower(str_replace('..', '.', trim($domain, '.')));
if ((!preg_match('#\Q' . $domain . '\E$#i', $_url_parts['host']) && $domain != '.' . $_url_parts['host']) || (substr_count($domain, '.') < 2 && $domain{0} == '.'))
{
continue;
}
}
if (count($_COOKIE) >= 15 && time()-$expires_time <= 0)
{
$_set_cookie[] = add_cookie(current($_COOKIE), '', 1);
}
$_set_cookie[] = add_cookie("COOKIE;$name;$path;$domain", "$value;$secure", $expires_time);
}
}
if (isset($_response_headers['set-cookie']))
{
unset($_response_headers['set-cookie'], $_response_keys['set-cookie']);
}
if (!empty($_set_cookie))
{
$_response_keys['set-cookie'] = 'Set-Cookie';
$_response_headers['set-cookie'] = $_set_cookie;
}
if (isset($_response_headers['p3p']) && preg_match('#policyref\s*=\s*[\'"]?([^\'"\s]*)[\'"]?#i', $_response_headers['p3p'][0], $matches))
{ $_response_headers['p3p'][0] = str_replace($matches[0], 'policyref="' . complete_url($matches[1]) . '"', $_response_headers['p3p'][0]); }
if (isset($_response_headers['refresh']) && preg_match('#([0-9\s]*;\s*URL\s*=)\s*(\S*)#i', $_response_headers['refresh'][0], $matches))
{
$_response_headers['refresh'][0] = $matches[1] . complete_url($matches[2]);
}
if (isset($_response_headers['location']))
{
$_response_headers['location'][0] = complete_url($_response_headers['location'][0]);
}
if (isset($_response_headers['uri']))
{
$_response_headers['uri'][0] = complete_url($_response_headers['uri'][0]);
}
if (isset($_response_headers['content-location']))
{
$_response_headers['content-location'][0] = complete_url($_response_headers['content-location'][0]);
}
if (isset($_response_headers['connection']))
{
unset($_response_headers['connection'], $_response_keys['connection']);
}
if (isset($_response_headers['keep-alive']))
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -