diff options
Diffstat (limited to 'usr/local/www/exec.php')
-rw-r--r-- | usr/local/www/exec.php | 355 |
1 files changed, 0 insertions, 355 deletions
diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php deleted file mode 100644 index e0220b7..0000000 --- a/usr/local/www/exec.php +++ /dev/null @@ -1,355 +0,0 @@ -<?php -/* $Id$ */ -/* - Exec+ v1.02-000 - Copyright 2001-2003, All rights reserved - Created by technologEase (http://www.technologEase.com). - - (modified for m0n0wall by Manuel Kasper <mk@neon1.net>) - - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -/* - pfSense_MODULE: shell -*/ - -##|+PRIV -##|*IDENT=page-diagnostics-command -##|*NAME=Diagnostics: Command page -##|*DESCR=Allow access to the 'Diagnostics: Command' page. -##|*MATCH=exec.php* -##|-PRIV - -$allowautocomplete = true; - -require("guiconfig.inc"); - -if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) { - session_cache_limiter('public'); - $fd = fopen($_POST['dlPath'], "rb"); - header("Content-Type: application/octet-stream"); - header("Content-Length: " . filesize($_POST['dlPath'])); - header("Content-Disposition: attachment; filename=\"" . - trim(htmlentities(basename($_POST['dlPath']))) . "\""); - if (isset($_SERVER['HTTPS'])) { - header('Pragma: '); - header('Cache-Control: '); - } else { - header("Pragma: private"); - header("Cache-Control: private, must-revalidate"); - } - - fpassthru($fd); - exit; -} else if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { - move_uploaded_file($_FILES['ulfile']['tmp_name'], "/tmp/" . $_FILES['ulfile']['name']); - $ulmsg = "Uploaded file to /tmp/" . htmlentities($_FILES['ulfile']['name']); - unset($_POST['txtCommand']); -} - -if ($_POST) { - conf_mount_rw(); -} - -// Function: is Blank -// Returns true or false depending on blankness of argument. - -function isBlank($arg) { - return preg_match("/^\s*$/", $arg); -} - -// Function: Puts -// Put string, Ruby-style. - -function puts($arg) { - echo "$arg\n"; -} - -// "Constants". - -$Version = ''; -$ScriptName = $REQUEST['SCRIPT_NAME']; - -// Get year. - -$arrDT = localtime(); -$intYear = $arrDT[5] + 1900; - -$closehead = false; -$pgtitle = array(gettext("Diagnostics"), gettext("Execute command")); -include("head.inc"); -?> - -<script type="text/javascript"> -//<![CDATA[ - - // Create recall buffer array (of encoded strings). - -<?php - -if (isBlank($_POST['txtRecallBuffer'])) { - puts(" var arrRecallBuffer = new Array;"); -} else { - puts(" var arrRecallBuffer = new Array("); - $arrBuffer = explode("&", $_POST['txtRecallBuffer']); - for ($i = 0; $i < (count($arrBuffer) - 1); $i++) { - puts(" '" . htmlspecialchars($arrBuffer[$i], ENT_QUOTES | ENT_HTML401) . "',"); - } - puts(" '" . htmlspecialchars($arrBuffer[count($arrBuffer) - 1], ENT_QUOTES | ENT_HTML401) . "'"); - puts(" );"); -} - -?> - - // Set pointer to end of recall buffer. - var intRecallPtr = arrRecallBuffer.length-1; - - // Functions to extend String class. - function str_encode() { return escape( this ) } - function str_decode() { return unescape( this ) } - - // Extend string class to include encode() and decode() functions. - String.prototype.encode = str_encode - String.prototype.decode = str_decode - - // Function: is Blank - // Returns boolean true or false if argument is blank. - function isBlank( strArg ) { return strArg.match( /^\s*$/ ) } - - // Function: frmExecPlus onSubmit (event handler) - // Builds the recall buffer from the command string on submit. - function frmExecPlus_onSubmit( form ) { - - if (!isBlank(form.txtCommand.value)) { - // If this command is repeat of last command, then do not store command. - if (form.txtCommand.value.encode() == arrRecallBuffer[arrRecallBuffer.length-1]) { return true } - - // Stuff encoded command string into the recall buffer. - if (isBlank(form.txtRecallBuffer.value)) { - form.txtRecallBuffer.value = form.txtCommand.value.encode(); - } else { - form.txtRecallBuffer.value += '&' + form.txtCommand.value.encode(); - } - } - - return true; - } - - // Function: btnRecall onClick (event handler) - // Recalls command buffer going either up or down. - function btnRecall_onClick( form, n ) { - - // If nothing in recall buffer, then error. - if (!arrRecallBuffer.length) { - alert('<?=gettext("Nothing to recall"); ?>!'); - form.txtCommand.focus(); - return; - } - - // Increment recall buffer pointer in positive or negative direction - // according to <n>. - intRecallPtr += n; - - // Make sure the buffer stays circular. - if (intRecallPtr < 0) { intRecallPtr = arrRecallBuffer.length - 1 } - if (intRecallPtr > (arrRecallBuffer.length - 1)) { intRecallPtr = 0 } - - // Recall the command. - form.txtCommand.value = arrRecallBuffer[intRecallPtr].decode(); - } - - // Function: Reset onClick (event handler) - // Resets form on reset button click event. - function Reset_onClick( form ) { - - // Reset recall buffer pointer. - intRecallPtr = arrRecallBuffer.length; - - // Clear form (could have spaces in it) and return focus ready for cmd. - form.txtCommand.value = ''; - form.txtCommand.focus(); - - return true; - } -//]]> -</script> -<style type="text/css"> -/*<![CDATA[*/ - -input { - font-family: courier new, courier; - font-weight: normal; - font-size: 9pt; -} - -pre { - border: 2px solid #435370; - background: #F0F0F0; - padding: 1em; - font-family: courier new, courier; - white-space: pre; - line-height: 10pt; - font-size: 10pt; -} - -.label { - font-family: tahoma, verdana, arial, helvetica; - font-size: 11px; - font-weight: bold; -} - -.button { - font-family: tahoma, verdana, arial, helvetica; - font-weight: bold; - font-size: 11px; -} - -/*]]>*/ -</style> -</head> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<?php if (isBlank($_POST['txtCommand'])): ?> -<p class="red"><strong><?=gettext("Note: this function is unsupported. Use it " . -"on your own risk"); ?>!</strong></p> -<?php endif; ?> -<?php if ($ulmsg) echo "<p><strong>" . $ulmsg . "</strong></p>\n"; ?> -<?php - -if (!isBlank($_POST['txtCommand'])) { - puts("<pre>"); - puts("\$ " . htmlspecialchars($_POST['txtCommand'])); - putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); - putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " ")); /* PHP scripts */ - $ph = popen($_POST['txtCommand'] . ' 2>&1', "r"); - while ($line = fgets($ph)) { - echo htmlspecialchars($line); - } - pclose($ph); - puts(" </pre>"); -} - - -if (!isBlank($_POST['txtPHPCommand'])) { - puts("<pre>"); - require_once("config.inc"); - require_once("functions.inc"); - echo eval($_POST['txtPHPCommand']); - puts(" </pre>"); -} - -?> -<div id="niftyOutter"> -<form action="exec.php" method="post" enctype="multipart/form-data" name="frmExecPlus" onsubmit="return frmExecPlus_onSubmit(this);"> - <table summary="exec"> - <tr> - <td colspan="2" valign="top" class="vnsepcell"><?=gettext("Execute Shell command"); ?></td> - </tr> - <tr> - <td class="label" align="right"><?=gettext("Command"); ?>:</td> - <td class="type"><input id="txtCommand" name="txtCommand" type="text" class="formfld unknown" size="80" value="<?=htmlspecialchars($_POST['txtCommand']);?>" /></td> - </tr> - <tr> - <td valign="top"> </td> - <td valign="top" class="label"> - <input type="hidden" name="txtRecallBuffer" value="<?=htmlspecialchars($_POST['txtRecallBuffer']) ?>" /> - <input type="button" class="button" name="btnRecallPrev" value="<" onclick="btnRecall_onClick(this.form, -1);" /> - <input type="submit" class="button" value="<?=gettext("Execute"); ?>" /> - <input type="button" class="button" name="btnRecallNext" value=">" onclick="btnRecall_onClick(this.form, 1);" /> - <input type="button" class="button" value="<?=gettext("Clear"); ?>" onclick="return Reset_onClick(this.form);" /> - </td> - </tr> - <tr> - <td colspan="2" valign="top" height="16"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="vnsepcell"><?=gettext("Download"); ?></td> - </tr> - <tr> - <td align="right"><?=gettext("File to download"); ?>:</td> - <td> - <input name="dlPath" type="text" class="formfld file" id="dlPath" size="50" value="<?php echo htmlspecialchars($_GET['dlPath']) ?>" /> - </td> - </tr> - <tr> - <td valign="top"> </td> - <td valign="top" class="label"> - <input name="submit" type="submit" class="button" id="download" value="<?=gettext("Download"); ?>" /> - </td> - </tr> - <tr> - <td colspan="2" valign="top" height="16"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="vnsepcell"><?=gettext("Upload"); ?></td> - </tr> - <tr> - <td align="right"><?=gettext("File to upload"); ?>:</td> - <td valign="top" class="label"> - <input name="ulfile" type="file" class="formfld file" id="ulfile" /> - </td> - </tr> - <tr> - <td valign="top"> </td> - <td valign="top" class="label"> - <input name="submit" type="submit" class="button" id="upload" value="<?=gettext("Upload"); ?>" /></td> - </tr> - <tr> - <td colspan="2" valign="top" height="16"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="vnsepcell"><?=gettext("PHP Execute"); ?></td> - </tr> - <tr> - <td align="right"><?=gettext("Command"); ?>:</td> - <td class="type"><textarea id="txtPHPCommand" name="txtPHPCommand" rows="9" cols="80"><?=htmlspecialchars($_POST['txtPHPCommand']);?></textarea></td> - </tr> - <tr> - <td valign="top"> </td> - <td valign="top" class="label"> - <input type="submit" class="button" value="<?=gettext("Execute"); ?>" /> - <p> - <strong><?=gettext("Example"); ?>:</strong> interfaces_sync_setup(); - </p> - </td> - </tr> - - </table> -</form> -</div> -<?php include("fend.inc"); ?> -<script type="text/javascript"> -//<![CDATA[ -document.forms[0].txtCommand.focus(); -//]]> -</script> -</body> -</html> - -<?php - -if ($_POST) { - conf_mount_ro(); -} - -?> |