代码如下:
PHP
function base64url_encode($data) {
return rtrim(strtr(base64_encode($data),'+/','-_'),'=');
}
function base64url_decode($data) {
return base64_decode(str_pad(strtr($data,'-_','+/'),strlen($data) % 4,'=',STR_PAD_RIGHT));
}
function array_verify($var)
{
return isset($var)&&is_array($var) && count($var)>0;
}
function format_file_size($var)
{
if($var<1024) return $var.' B';
if($var<1048576) return ($var/1024.0).' K';
if($var<1073741824) return ($var/1048576.0).' M';
return ($var/1073741824.0).' G';
}
';
echo "警告 index.PHP?path=".$_GET["path"]." 非法url
";
exit;
}
$path=preg_replace("#[/\/]{2,}#","/",$path);
}
';
echo "目录 ".$path."
";$dir_res=opendir($dir.$path);
while($filen=readdir($dir_res))
{
if($filen!='.'&&$filen!='..')
{
if(is_file($dir.$path.'/'.$filen))
{
echo ''.$filen.' ('.format_file_size(filesize($dir.$path.'/'.$filen)).")
\n";
}else
{
echo ''.$filen."
\n";
} }else if($filen=='..')
{
preg_match("#([^/]+/{1})*[^/]+(?=/)#",$parent);
if(array_verify($parent))
{
echo ''.$filen."
\n";
}else
{
echo ''.$filen."
\n";
}
}
}
echo '
';
}
else if(is_file($dir.$path))
{
$file_size = filesize($dir.$path);
header("Content-type: application/octet-stream");
header("Accept-Ranges: bytes");
header("Accept-Length: ".$file_size);
Header("Content-Disposition: attachment; filename=".basename($dir.$path));
readfile($dir.$path);//大文件请选择其他方式
}else
echo "警告:非法访问!";?>
function base64url_encode($data) {
return rtrim(strtr(base64_encode($data),'+/','-_'),'=');
}
function base64url_decode($data) {
return base64_decode(str_pad(strtr($data,'-_','+/'),strlen($data) % 4,'=',STR_PAD_RIGHT));
}
function array_verify($var)
{
return isset($var)&&is_array($var) && count($var)>0;
}
function format_file_size($var)
{
if($var<1024) return $var.' B';
if($var<1048576) return ($var/1024.0).' K';
if($var<1073741824) return ($var/1048576.0).' M';
return ($var/1073741824.0).' G';
}
$dir="F:";//不以/结尾
$path="";
if(array_verify($_GET)&&isset($_GET["path"]))
{
$path=base64url_decode($_GET["path"]);
preg_match("#^[^/].*$|^.*\.$|^\..*$|\./\.|/\.|\./#",$path,$temp);
if(array_verify($temp))
{
echo
'
';
echo "警告 index.PHP?path=".$_GET["path"]." 非法url
";
exit;
}
$path=preg_replace("#[/\/]{2,}#","/",$path);
}
if(is_dir($dir.$path))
{
echo '
';
echo "目录 ".$path."
";$dir_res=opendir($dir.$path);
while($filen=readdir($dir_res))
{
if($filen!='.'&&$filen!='..')
{
if(is_file($dir.$path.'/'.$filen))
{
echo ''.$filen.' ('.format_file_size(filesize($dir.$path.'/'.$filen)).")
\n";
}else
{
echo ''.$filen."
\n";
} }else if($filen=='..')
{
preg_match("#([^/]+/{1})*[^/]+(?=/)#",$parent);
if(array_verify($parent))
{
echo ''.$filen."
\n";
}else
{
echo ''.$filen."
\n";
}
}
}
echo '
';
}
else if(is_file($dir.$path))
{
$file_size = filesize($dir.$path);
header("Content-type: application/octet-stream");
header("Accept-Ranges: bytes");
header("Accept-Length: ".$file_size);
Header("Content-Disposition: attachment; filename=".basename($dir.$path));
readfile($dir.$path);//大文件请选择其他方式
}else
echo "警告:非法访问!";?>