File not found. Listing directory instead.

'; $requestPath = $scriptPath; } //! Otherwise, check if they're trying to do something naughty... elseif ( strlen($requestPath) < strlen($scriptPath) || !(substr($requestPath, 0, strlen($scriptPath)) === $scriptPath) ) { //! return HTTP 403 page header($_SERVER["SERVER_PROTOCOL"] . " 403 Suck my stump"); $title = '403: Not allowed'; $contents = '

You\'re not allowed to do that!

'; $requestPath = $scriptPath; } else { $title = 'Listing directory ' . $_GET['path']; } //! Now, is this a file that we need to return, or a folder? if (is_file($requestFile)) { //! get the MIME type, use file -bi in case finfo etc aren't available //! prevent shell injection paths, ie "lol.txt' | nastycommand '" $shellCommand = str_replace('\'', '\\\'', $requestFile); $mimeType = exec("file -bi '$shellCommand'"); //! set the Content-Type header header("Content-Type: $mimeType"); //! disable multi-byte mb_http_output("pass"); //! Open the file in binary mode for reading $fp = fopen($requestFile, 'rb'); //! (todo: handle HTTP_RANGE) /** resume = isset($_SERVER['HTTP_RANGE']) */ // ... //! seek to start of the file fseek($fp, 0); //! Read file while we're not at the end while(!feof($fp)) { //! Reset time limit for big files set_time_limit(0); //! Send 8K of the file to the client print(fread($fp, 1024*8)); //! Flush buffers flush(); ob_flush(); } //! Close the file handle fclose($fp); return; } elseif (is_dir($requestPath)) { //! ensure trailing slash if ($requestPath[strlen($requestPath)-1] != '/') $requestPath .= '/'; //! build file list $contents .= "\n"; $dirs = ''; $files = ''; $dirContent = scandir($requestPath); foreach($dirContent as $key => $content) { $path = $requestPath . $content; // row: icon filename , [filesize] if ( ($content == '..' && $requestPath == $scriptPath) || ($content[0] == '.') || !is_readable($path) ) { // ignore } elseif (is_file($path)) { $ext = end(explode(".",$content)); $size = filesize($path); $sizeIndex = 0; while($size > 1024) { ++$sizeIndex; $size /= 1024; } $size = round($size,2) . ' ' . $sizeNames[$sizeIndex]; $date = filectime($path); $files .= "\n"; } elseif (is_dir($path)) { $dirs .= "\n"; } } $contents .= $dirs . $files . "

$content	$size
$content

\n"; } //! read the template file... $output = file_get_contents($resourcePath . "template.html"); $output = str_replace(array("%title%", "%contents%"), array($title, $contents), $output); echo $output; ?>