forked from php/web-php
-
Notifications
You must be signed in to change notification settings - Fork 1
/
cached.php
51 lines (42 loc) · 1.38 KB
/
cached.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php
/*
Yes, we know this can be used to view the source for any file
in the docroot directory. This is intentional and not an LFI
vulnerability. The source code for everything in the docroot
is publicly available at
https://github.com/php/web-php
so there is no vulnerability here. You can't use this to view
anything that is private.
*/
$_SERVER['BASE_PAGE'] = 'cached.php';
include_once 'include/prepend.inc';
if (!isset($_GET["f"])) {
header("Location: https://www.php.net/");
exit;
}
$pwd = realpath($_SERVER["DOCUMENT_ROOT"]);
$abs = $pwd . "/" . (string)$_GET["f"];
$abs = realpath($abs);
if (strncmp($abs, $pwd, strlen($pwd)) != 0) {
header("Location: https://www.php.net/" . strtr($_GET["f"],["\r" => "", "\n" => ""]));
exit;
}
if (isset($_GET["t"])) {
$time = (int)$_GET["t"];
} else {
$time = filemtime($abs);
}
$tsstring = gmdate("D, d M Y H:i:s ", $time) . "GMT";
if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) &&
($_SERVER["HTTP_IF_MODIFIED_SINCE"] == $tsstring)) {
header("HTTP/1.1 304 Not Modified");
exit;
}
header("Last-Modified: " . $tsstring);
header("Cache-Control: no-transform,public,max-age=2678400,s-maxage=2678400");
if (substr($abs, -3) == ".js" || substr($abs, -5) == ".json") {
header("Content-Type: application/javascript");
} elseif (substr($abs, -4) == ".css") {
header("Content-Type: text/css");
}
readfile($abs);