From 55a37805a3b535ed1b65cf1fafd07d2716ba886b Mon Sep 17 00:00:00 2001 From: Philipp Mundhenk Date: Sat, 15 Feb 2025 17:11:33 +0100 Subject: [PATCH 1/2] added PHP7 support --- html/download.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/html/download.php b/html/download.php index 45da56a..8b585fb 100644 --- a/html/download.php +++ b/html/download.php @@ -2,7 +2,17 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { if(array_key_exists("file", $_GET)) { $file = $_GET["file"]; - if(str_contains($file, "..") || str_contains($file, "/")) { + $evil = false; + if (!function_exists('str_contains')) { + if(strpos($file, "..") !== false || strpos($file, "/") !== false) { + $evil=true; + } + else { + if(str_contains($file, "..") || str_contains($file, "/")) { + $evil=true; + } + } + if($eval === true) { header($_SERVER["SERVER_PROTOCOL"] . " 400 OK"); die("Error: Dont't be evil!"); } @@ -20,4 +30,4 @@ die("Error: No file provided!"); } } -?> \ No newline at end of file +?> From 64113249fa7b19208f9d16ec46dbecadfb1524c3 Mon Sep 17 00:00:00 2001 From: Philipp Mundhenk Date: Sun, 16 Feb 2025 17:26:10 +0100 Subject: [PATCH 2/2] fixing stupid mistakes --- html/download.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/download.php b/html/download.php index 8b585fb..a250178 100644 --- a/html/download.php +++ b/html/download.php @@ -7,12 +7,12 @@ if(strpos($file, "..") !== false || strpos($file, "/") !== false) { $evil=true; } - else { + } else { if(str_contains($file, "..") || str_contains($file, "/")) { $evil=true; } } - if($eval === true) { + if($evil === true) { header($_SERVER["SERVER_PROTOCOL"] . " 400 OK"); die("Error: Dont't be evil!"); }