summaryrefslogtreecommitdiffstats
path: root/src/usr/local/www/exec.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr/local/www/exec.php')
-rw-r--r--src/usr/local/www/exec.php355
1 files changed, 355 insertions, 0 deletions
diff --git a/src/usr/local/www/exec.php b/src/usr/local/www/exec.php
new file mode 100644
index 0000000..e0220b7
--- /dev/null
+++ b/src/usr/local/www/exec.php
@@ -0,0 +1,355 @@
+<?php
+/* $Id$ */
+/*
+ Exec+ v1.02-000 - Copyright 2001-2003, All rights reserved
+ Created by technologEase (http://www.technologEase.com).
+
+ (modified for m0n0wall by Manuel Kasper <mk@neon1.net>)
+
+ Copyright (C) 2013-2015 Electric Sheep Fencing, LP
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/*
+ pfSense_MODULE: shell
+*/
+
+##|+PRIV
+##|*IDENT=page-diagnostics-command
+##|*NAME=Diagnostics: Command page
+##|*DESCR=Allow access to the 'Diagnostics: Command' page.
+##|*MATCH=exec.php*
+##|-PRIV
+
+$allowautocomplete = true;
+
+require("guiconfig.inc");
+
+if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) {
+ session_cache_limiter('public');
+ $fd = fopen($_POST['dlPath'], "rb");
+ header("Content-Type: application/octet-stream");
+ header("Content-Length: " . filesize($_POST['dlPath']));
+ header("Content-Disposition: attachment; filename=\"" .
+ trim(htmlentities(basename($_POST['dlPath']))) . "\"");
+ if (isset($_SERVER['HTTPS'])) {
+ header('Pragma: ');
+ header('Cache-Control: ');
+ } else {
+ header("Pragma: private");
+ header("Cache-Control: private, must-revalidate");
+ }
+
+ fpassthru($fd);
+ exit;
+} else if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) {
+ move_uploaded_file($_FILES['ulfile']['tmp_name'], "/tmp/" . $_FILES['ulfile']['name']);
+ $ulmsg = "Uploaded file to /tmp/" . htmlentities($_FILES['ulfile']['name']);
+ unset($_POST['txtCommand']);
+}
+
+if ($_POST) {
+ conf_mount_rw();
+}
+
+// Function: is Blank
+// Returns true or false depending on blankness of argument.
+
+function isBlank($arg) {
+ return preg_match("/^\s*$/", $arg);
+}
+
+// Function: Puts
+// Put string, Ruby-style.
+
+function puts($arg) {
+ echo "$arg\n";
+}
+
+// "Constants".
+
+$Version = '';
+$ScriptName = $REQUEST['SCRIPT_NAME'];
+
+// Get year.
+
+$arrDT = localtime();
+$intYear = $arrDT[5] + 1900;
+
+$closehead = false;
+$pgtitle = array(gettext("Diagnostics"), gettext("Execute command"));
+include("head.inc");
+?>
+
+<script type="text/javascript">
+//<![CDATA[
+
+ // Create recall buffer array (of encoded strings).
+
+<?php
+
+if (isBlank($_POST['txtRecallBuffer'])) {
+ puts(" var arrRecallBuffer = new Array;");
+} else {
+ puts(" var arrRecallBuffer = new Array(");
+ $arrBuffer = explode("&", $_POST['txtRecallBuffer']);
+ for ($i = 0; $i < (count($arrBuffer) - 1); $i++) {
+ puts(" '" . htmlspecialchars($arrBuffer[$i], ENT_QUOTES | ENT_HTML401) . "',");
+ }
+ puts(" '" . htmlspecialchars($arrBuffer[count($arrBuffer) - 1], ENT_QUOTES | ENT_HTML401) . "'");
+ puts(" );");
+}
+
+?>
+
+ // Set pointer to end of recall buffer.
+ var intRecallPtr = arrRecallBuffer.length-1;
+
+ // Functions to extend String class.
+ function str_encode() { return escape( this ) }
+ function str_decode() { return unescape( this ) }
+
+ // Extend string class to include encode() and decode() functions.
+ String.prototype.encode = str_encode
+ String.prototype.decode = str_decode
+
+ // Function: is Blank
+ // Returns boolean true or false if argument is blank.
+ function isBlank( strArg ) { return strArg.match( /^\s*$/ ) }
+
+ // Function: frmExecPlus onSubmit (event handler)
+ // Builds the recall buffer from the command string on submit.
+ function frmExecPlus_onSubmit( form ) {
+
+ if (!isBlank(form.txtCommand.value)) {
+ // If this command is repeat of last command, then do not store command.
+ if (form.txtCommand.value.encode() == arrRecallBuffer[arrRecallBuffer.length-1]) { return true }
+
+ // Stuff encoded command string into the recall buffer.
+ if (isBlank(form.txtRecallBuffer.value)) {
+ form.txtRecallBuffer.value = form.txtCommand.value.encode();
+ } else {
+ form.txtRecallBuffer.value += '&' + form.txtCommand.value.encode();
+ }
+ }
+
+ return true;
+ }
+
+ // Function: btnRecall onClick (event handler)
+ // Recalls command buffer going either up or down.
+ function btnRecall_onClick( form, n ) {
+
+ // If nothing in recall buffer, then error.
+ if (!arrRecallBuffer.length) {
+ alert('<?=gettext("Nothing to recall"); ?>!');
+ form.txtCommand.focus();
+ return;
+ }
+
+ // Increment recall buffer pointer in positive or negative direction
+ // according to <n>.
+ intRecallPtr += n;
+
+ // Make sure the buffer stays circular.
+ if (intRecallPtr < 0) { intRecallPtr = arrRecallBuffer.length - 1 }
+ if (intRecallPtr > (arrRecallBuffer.length - 1)) { intRecallPtr = 0 }
+
+ // Recall the command.
+ form.txtCommand.value = arrRecallBuffer[intRecallPtr].decode();
+ }
+
+ // Function: Reset onClick (event handler)
+ // Resets form on reset button click event.
+ function Reset_onClick( form ) {
+
+ // Reset recall buffer pointer.
+ intRecallPtr = arrRecallBuffer.length;
+
+ // Clear form (could have spaces in it) and return focus ready for cmd.
+ form.txtCommand.value = '';
+ form.txtCommand.focus();
+
+ return true;
+ }
+//]]>
+</script>
+<style type="text/css">
+/*<![CDATA[*/
+
+input {
+ font-family: courier new, courier;
+ font-weight: normal;
+ font-size: 9pt;
+}
+
+pre {
+ border: 2px solid #435370;
+ background: #F0F0F0;
+ padding: 1em;
+ font-family: courier new, courier;
+ white-space: pre;
+ line-height: 10pt;
+ font-size: 10pt;
+}
+
+.label {
+ font-family: tahoma, verdana, arial, helvetica;
+ font-size: 11px;
+ font-weight: bold;
+}
+
+.button {
+ font-family: tahoma, verdana, arial, helvetica;
+ font-weight: bold;
+ font-size: 11px;
+}
+
+/*]]>*/
+</style>
+</head>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<?php if (isBlank($_POST['txtCommand'])): ?>
+<p class="red"><strong><?=gettext("Note: this function is unsupported. Use it " .
+"on your own risk"); ?>!</strong></p>
+<?php endif; ?>
+<?php if ($ulmsg) echo "<p><strong>" . $ulmsg . "</strong></p>\n"; ?>
+<?php
+
+if (!isBlank($_POST['txtCommand'])) {
+ puts("<pre>");
+ puts("\$ " . htmlspecialchars($_POST['txtCommand']));
+ putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin");
+ putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " ")); /* PHP scripts */
+ $ph = popen($_POST['txtCommand'] . ' 2>&1', "r");
+ while ($line = fgets($ph)) {
+ echo htmlspecialchars($line);
+ }
+ pclose($ph);
+ puts("&nbsp;</pre>");
+}
+
+
+if (!isBlank($_POST['txtPHPCommand'])) {
+ puts("<pre>");
+ require_once("config.inc");
+ require_once("functions.inc");
+ echo eval($_POST['txtPHPCommand']);
+ puts("&nbsp;</pre>");
+}
+
+?>
+<div id="niftyOutter">
+<form action="exec.php" method="post" enctype="multipart/form-data" name="frmExecPlus" onsubmit="return frmExecPlus_onSubmit(this);">
+ <table summary="exec">
+ <tr>
+ <td colspan="2" valign="top" class="vnsepcell"><?=gettext("Execute Shell command"); ?></td>
+ </tr>
+ <tr>
+ <td class="label" align="right"><?=gettext("Command"); ?>:</td>
+ <td class="type"><input id="txtCommand" name="txtCommand" type="text" class="formfld unknown" size="80" value="<?=htmlspecialchars($_POST['txtCommand']);?>" /></td>
+ </tr>
+ <tr>
+ <td valign="top">&nbsp;&nbsp;&nbsp;</td>
+ <td valign="top" class="label">
+ <input type="hidden" name="txtRecallBuffer" value="<?=htmlspecialchars($_POST['txtRecallBuffer']) ?>" />
+ <input type="button" class="button" name="btnRecallPrev" value="<" onclick="btnRecall_onClick(this.form, -1);" />
+ <input type="submit" class="button" value="<?=gettext("Execute"); ?>" />
+ <input type="button" class="button" name="btnRecallNext" value=">" onclick="btnRecall_onClick(this.form, 1);" />
+ <input type="button" class="button" value="<?=gettext("Clear"); ?>" onclick="return Reset_onClick(this.form);" />
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" height="16"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vnsepcell"><?=gettext("Download"); ?></td>
+ </tr>
+ <tr>
+ <td align="right"><?=gettext("File to download"); ?>:</td>
+ <td>
+ <input name="dlPath" type="text" class="formfld file" id="dlPath" size="50" value="<?php echo htmlspecialchars($_GET['dlPath']) ?>" />
+ </td>
+ </tr>
+ <tr>
+ <td valign="top">&nbsp;&nbsp;&nbsp;</td>
+ <td valign="top" class="label">
+ <input name="submit" type="submit" class="button" id="download" value="<?=gettext("Download"); ?>" />
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" height="16"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vnsepcell"><?=gettext("Upload"); ?></td>
+ </tr>
+ <tr>
+ <td align="right"><?=gettext("File to upload"); ?>:</td>
+ <td valign="top" class="label">
+ <input name="ulfile" type="file" class="formfld file" id="ulfile" />
+ </td>
+ </tr>
+ <tr>
+ <td valign="top">&nbsp;&nbsp;&nbsp;</td>
+ <td valign="top" class="label">
+ <input name="submit" type="submit" class="button" id="upload" value="<?=gettext("Upload"); ?>" /></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" height="16"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vnsepcell"><?=gettext("PHP Execute"); ?></td>
+ </tr>
+ <tr>
+ <td align="right"><?=gettext("Command"); ?>:</td>
+ <td class="type"><textarea id="txtPHPCommand" name="txtPHPCommand" rows="9" cols="80"><?=htmlspecialchars($_POST['txtPHPCommand']);?></textarea></td>
+ </tr>
+ <tr>
+ <td valign="top">&nbsp;&nbsp;&nbsp;</td>
+ <td valign="top" class="label">
+ <input type="submit" class="button" value="<?=gettext("Execute"); ?>" />
+ <p>
+ <strong><?=gettext("Example"); ?>:</strong> interfaces_sync_setup();
+ </p>
+ </td>
+ </tr>
+
+ </table>
+</form>
+</div>
+<?php include("fend.inc"); ?>
+<script type="text/javascript">
+//<![CDATA[
+document.forms[0].txtCommand.focus();
+//]]>
+</script>
+</body>
+</html>
+
+<?php
+
+if ($_POST) {
+ conf_mount_ro();
+}
+
+?>
OpenPOWER on IntegriCloud