/usr/local/www/exec.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/exec.php @ 1ad6ad27

1	91bf75df	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	2900e518	Scott Ullrich	/*
4			Exec+ v1.02-000 - Copyright 2001-2003, All rights reserved
5			Created by technologEase (http://www.technologEase.com).
6
7			(modified for m0n0wall by Manuel Kasper <mk@neon1.net>)
8	6b07c15a	Matthew Grooms
9			Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11
12			1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14
15			2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18
19			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29	2900e518	Scott Ullrich	*/
30	7ac5a4cb	Scott Ullrich	/*
31			pfSense_MODULE: shell
32			*/
33	2900e518	Scott Ullrich
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-diagnostics-command
36			##\|*NAME=Diagnostics: Command page
37			##\|*DESCR=Allow access to the 'Diagnostics: Command' page.
38			##\|MATCH=exec.php
39			##\|-PRIV
40
41	7c9a30c8	jim-p	$allowautocomplete = true;
42
43	510e86d1	Scott Ullrich	require("guiconfig.inc");
44	458e0e0b	Scott Ullrich
45	5b237745	Scott Ullrich	if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) {
46			session_cache_limiter('public');
47			$fd = fopen($_POST['dlPath'], "rb");
48			header("Content-Type: application/octet-stream");
49			header("Content-Length: " . filesize($_POST['dlPath']));
50	be4b8e72	Scott Ullrich	header("Content-Disposition: attachment; filename=\"" .
51	5b237745	Scott Ullrich	trim(htmlentities(basename($_POST['dlPath']))) . "\"");
52	2d181b70	jim-p	if (isset($_SERVER['HTTPS'])) {
53			header('Pragma: ');
54			header('Cache-Control: ');
55			} else {
56			header("Pragma: private");
57			header("Cache-Control: private, must-revalidate");
58			}
59	be4b8e72	Scott Ullrich
60	5b237745	Scott Ullrich	fpassthru($fd);
61			exit;
62			} else if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) {
63			move_uploaded_file($_FILES['ulfile']['tmp_name'], "/tmp/" . $_FILES['ulfile']['name']);
64			$ulmsg = "Uploaded file to /tmp/" . htmlentities($_FILES['ulfile']['name']);
65			unset($_POST['txtCommand']);
66			}
67	2900e518	Scott Ullrich
68	61a90ed5	Scott Ullrich	if($_POST)
69			conf_mount_rw();
70	74285e13	Scott Ullrich
71	5b237745	Scott Ullrich	// Function: is Blank
72			// Returns true or false depending on blankness of argument.
73
74	4afb7d66	ccesario	function isBlank( $arg ) { return preg_match( "/^\s*$/", $arg ); }
75	5b237745	Scott Ullrich
76
77			// Function: Puts
78			// Put string, Ruby-style.
79
80			function puts( $arg ) { echo "$arg\n"; }
81
82
83			// "Constants".
84
85			$Version = '';
86			$ScriptName = $HTTP_SERVER_VARS['SCRIPT_NAME'];
87
88			// Get year.
89
90			$arrDT = localtime();
91			$intYear = $arrDT[5] + 1900;
92
93	b94075a0	Carlos Eduardo Ramos	$pgtitle = array(gettext("Diagnostics"),gettext("Execute command"));
94	998abf60	Bill Marquette	include("head.inc");
95	5b237745	Scott Ullrich	?>
96	998abf60	Bill Marquette
97	5b237745	Scott Ullrich	<script language="javascript">
98			<!--
99
100			// Create recall buffer array (of encoded strings).
101
102			<?php
103
104			if (isBlank( $_POST['txtRecallBuffer'] )) {
105			puts( " var arrRecallBuffer = new Array;" );
106			} else {
107			puts( " var arrRecallBuffer = new Array(" );
108			$arrBuffer = explode( "&", $_POST['txtRecallBuffer'] );
109	225a2f0b	Scott Ullrich	for ($i=0; $i < (count( $arrBuffer ) - 1); $i++) puts( " '" . htmlspecialchars($arrBuffer[$i]) . "'," );
110			puts( " '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1]) . "'" );
111	5b237745	Scott Ullrich	puts( " );" );
112			}
113
114			?>
115
116			// Set pointer to end of recall buffer.
117			var intRecallPtr = arrRecallBuffer.length-1;
118
119			// Functions to extend String class.
120			function str_encode() { return escape( this ) }
121			function str_decode() { return unescape( this ) }
122	be4b8e72	Scott Ullrich
123	5b237745	Scott Ullrich	// Extend string class to include encode() and decode() functions.
124			String.prototype.encode = str_encode
125			String.prototype.decode = str_decode
126
127			// Function: is Blank
128			// Returns boolean true or false if argument is blank.
129			function isBlank( strArg ) { return strArg.match( /^\s*$/ ) }
130
131			// Function: frmExecPlus onSubmit (event handler)
132			// Builds the recall buffer from the command string on submit.
133			function frmExecPlus_onSubmit( form ) {
134
135			if (!isBlank(form.txtCommand.value)) {
136			// If this command is repeat of last command, then do not store command.
137			if (form.txtCommand.value.encode() == arrRecallBuffer[arrRecallBuffer.length-1]) { return true }
138	be4b8e72	Scott Ullrich
139	5b237745	Scott Ullrich	// Stuff encoded command string into the recall buffer.
140			if (isBlank(form.txtRecallBuffer.value))
141			form.txtRecallBuffer.value = form.txtCommand.value.encode();
142			else
143			form.txtRecallBuffer.value += '&' + form.txtCommand.value.encode();
144			}
145
146			return true;
147			}
148
149			// Function: btnRecall onClick (event handler)
150			// Recalls command buffer going either up or down.
151			function btnRecall_onClick( form, n ) {
152
153			// If nothing in recall buffer, then error.
154			if (!arrRecallBuffer.length) {
155	b94075a0	Carlos Eduardo Ramos	alert( '<?=gettext("Nothing to recall"); ?>!' );
156	5b237745	Scott Ullrich	form.txtCommand.focus();
157			return;
158			}
159
160			// Increment recall buffer pointer in positive or negative direction
161			// according to <n>.
162			intRecallPtr += n;
163
164			// Make sure the buffer stays circular.
165			if (intRecallPtr < 0) { intRecallPtr = arrRecallBuffer.length - 1 }
166			if (intRecallPtr > (arrRecallBuffer.length - 1)) { intRecallPtr = 0 }
167
168			// Recall the command.
169			form.txtCommand.value = arrRecallBuffer[intRecallPtr].decode();
170			}
171
172			// Function: Reset onClick (event handler)
173			// Resets form on reset button click event.
174			function Reset_onClick( form ) {
175
176			// Reset recall buffer pointer.
177			intRecallPtr = arrRecallBuffer.length;
178
179			// Clear form (could have spaces in it) and return focus ready for cmd.
180			form.txtCommand.value = '';
181			form.txtCommand.focus();
182
183			return true;
184			}
185			//-->
186			</script>
187			<style>
188			<!--
189
190			input {
191			font-family: courier new, courier;
192			font-weight: normal;
193			font-size: 9pt;
194			}
195
196			pre {
197			border: 2px solid #435370;
198			background: #F0F0F0;
199			padding: 1em;
200			font-family: courier new, courier;
201			white-space: pre;
202			line-height: 10pt;
203			font-size: 10pt;
204			}
205
206			.label {
207			font-family: tahoma, verdana, arial, helvetica;
208			font-size: 11px;
209			font-weight: bold;
210			}
211
212			.button {
213			font-family: tahoma, verdana, arial, helvetica;
214			font-weight: bold;
215			font-size: 11px;
216			}
217
218			-->
219			</style>
220			</head>
221	998abf60	Bill Marquette	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
222			<?php include("fbegin.inc"); ?>
223	5b237745	Scott Ullrich	<?php if (isBlank($_POST['txtCommand'])): ?>
224	b94075a0	Carlos Eduardo Ramos	<p class="red"><strong><?=gettext("Note: this function is unsupported. Use it " .
225			"on your own risk"); ?>!</strong></p>
226	5b237745	Scott Ullrich	<?php endif; ?>
227			<?php if ($ulmsg) echo "<p><strong>" . $ulmsg . "</strong></p>\n"; ?>
228			<?php
229
230			if (!isBlank($_POST['txtCommand'])) {
231			puts("<pre>");
232			puts("\$ " . htmlspecialchars($_POST['txtCommand']));
233			putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin");
234			putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " ")); /* PHP scripts */
235	d54353ae	jim-p	$ph = popen($_POST['txtCommand'] . ' 2>&1', "r" );
236	5b237745	Scott Ullrich	while ($line = fgets($ph)) echo htmlspecialchars($line);
237			pclose($ph);
238			puts("</pre>");
239			}
240
241	fbcf0037	Scott Ullrich
242			if (!isBlank($_POST['txtPHPCommand'])) {
243			puts("<pre>");
244			require_once("config.inc");
245			require_once("functions.inc");
246			echo eval($_POST['txtPHPCommand']);
247			puts("</pre>");
248			}
249
250	5b237745	Scott Ullrich	?>
251	ca8e4ed2	Scott Ullrich	<div id="niftyOutter">
252	3ae16b9b	Colin Fleming	<form action="exec.php" method="post" enctype="multipart/form-data" name="frmExecPlus" onSubmit="return frmExecPlus_onSubmit( this );">
253	5b237745	Scott Ullrich	<table>
254	fbcf0037	Scott Ullrich	<tr>
255	b94075a0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="vnsepcell"><?=gettext("Execute Shell command"); ?></td>
256	fbcf0037	Scott Ullrich	</tr>
257	5b237745	Scott Ullrich	<tr>
258	b94075a0	Carlos Eduardo Ramos	<td class="label" align="right"><?=gettext("Command"); ?>:</td>
259	b5c78501	Seth Mos	<td class="type"><input id="txtCommand" name="txtCommand" type="text" class="formfld unknown" size="80" value="<?=htmlspecialchars($_POST['txtCommand']);?>"></td>
260	5b237745	Scott Ullrich	</tr>
261			<tr>
262			<td valign="top">   </td>
263			<td valign="top" class="label">
264	225a2f0b	Scott Ullrich	<input type="hidden" name="txtRecallBuffer" value="<?=htmlspecialchars($_POST['txtRecallBuffer']) ?>">
265	5b237745	Scott Ullrich	<input type="button" class="button" name="btnRecallPrev" value="<" onClick="btnRecall_onClick( this.form, -1 );">
266	b94075a0	Carlos Eduardo Ramos	<input type="submit" class="button" value="<?=gettext("Execute"); ?>">
267	5b237745	Scott Ullrich	<input type="button" class="button" name="btnRecallNext" value=">" onClick="btnRecall_onClick( this.form, 1 );">
268	b94075a0	Carlos Eduardo Ramos	<input type="button" class="button" value="<?=gettext("Clear"); ?>" onClick="return Reset_onClick( this.form );">
269	5b237745	Scott Ullrich	</td>
270			</tr>
271	fbcf0037	Scott Ullrich	<tr>
272			<td colspan="2" valign="top" height="16"></td>
273			</tr>
274			<tr>
275	b94075a0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="vnsepcell"><?=gettext("Download"); ?></td>
276	fbcf0037	Scott Ullrich	</tr>
277	5b237745	Scott Ullrich	<tr>
278	b94075a0	Carlos Eduardo Ramos	<td align="right"><?=gettext("File to download"); ?>:</td>
279	5b237745	Scott Ullrich	<td>
280	b5c78501	Seth Mos	<input name="dlPath" type="text" class="formfld file" id="dlPath" size="50">
281	fbcf0037	Scott Ullrich	</td></tr>
282			<tr>
283			<td valign="top">   </td>
284			<td valign="top" class="label">
285	b94075a0	Carlos Eduardo Ramos	<input name="submit" type="submit" class="button" id="download" value="<?=gettext("Download"); ?>">
286	5b237745	Scott Ullrich	</td>
287			</tr>
288	fbcf0037	Scott Ullrich	<tr>
289			<td colspan="2" valign="top" height="16"></td>
290			</tr>
291			<tr>
292	b94075a0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="vnsepcell"><?=gettext("Upload"); ?></td>
293	fbcf0037	Scott Ullrich	</tr>
294	5b237745	Scott Ullrich	<tr>
295	b94075a0	Carlos Eduardo Ramos	<td align="right"><?=gettext("File to upload"); ?>:</td>
296	5b237745	Scott Ullrich	<td valign="top" class="label">
297	b5c78501	Seth Mos	<input name="ulfile" type="file" class="formfld file" id="ulfile">
298	fbcf0037	Scott Ullrich	</td></tr>
299			<tr>
300			<td valign="top">   </td>
301			<td valign="top" class="label">
302	b94075a0	Carlos Eduardo Ramos	<input name="submit" type="submit" class="button" id="upload" value="<?=gettext("Upload"); ?>"></td>
303	5b237745	Scott Ullrich	</tr>
304	fbcf0037	Scott Ullrich	<tr>
305			<td colspan="2" valign="top" height="16"></td>
306			</tr>
307			<tr>
308	b94075a0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="vnsepcell"><?=gettext("PHP Execute"); ?></td>
309	fbcf0037	Scott Ullrich	</tr>
310			<tr>
311	b94075a0	Carlos Eduardo Ramos	<td align="right"><?=gettext("Command"); ?>:</td>
312	2dc9ff46	Scott Ullrich	<td class="type"><textarea id="txtPHPCommand" name="txtPHPCommand" type="text" rows="9" cols="80"><?=htmlspecialchars($_POST['txtPHPCommand']);?></textarea></td>
313	fbcf0037	Scott Ullrich	</tr>
314			<tr>
315			<td valign="top">   </td>
316			<td valign="top" class="label">
317	b94075a0	Carlos Eduardo Ramos	<input type="submit" class="button" value="<?=gettext("Execute"); ?>">
318	fbcf0037	Scott Ullrich	<p>
319	b94075a0	Carlos Eduardo Ramos	<strong><?=gettext("Example"); ?>:</strong> interfaces_carp_setup();
320	fbcf0037	Scott Ullrich	</td>
321			</tr>
322
323	5b237745	Scott Ullrich	</table>
324	ca8e4ed2	Scott Ullrich	</div>
325	2900e518	Scott Ullrich	<?php include("fend.inc"); ?>
326	5b237745	Scott Ullrich	</form>
327	be4b8e72	Scott Ullrich	<script language="Javascript">
328			document.forms[0].txtCommand.focus();
329			</script>
330	5b237745	Scott Ullrich	</body>
331			</html>
332	74285e13	Scott Ullrich
333			<?php
334
335	61a90ed5	Scott Ullrich	if($_POST)
336			conf_mount_ro();
337	74285e13	Scott Ullrich
338	0a595d84	Ermal Lu?i	?>

Project

General

Profile

pfSense