#!/usr/local/bin/php
<?
$command=getenv('command');
$action=getenv('action');
print "<pre>";
if ($command == "/CMD_FILE_MANAGER" && $action == "upload")
{
# Debug
var_dump($_SERVER);
foreach($_SERVER as $key => $val)
{
if(strpos($key,"file")===0)
{
$file=substr($val,0,-6);
# Debug
var_dump($file);
exit(1);
if (strpos($file,".exe")!==false){
print "You seem to be uploading a file with forbidden extension <b>".htmlspecialchars($file)."</b>";
exit(1);
}
}
}
}
print "</pre>";
exit(0);
?>
When I executed all_pre.sh script after updating with new script,it gives an error:
#!/bin/bash
if [ $command == "/CMD_FILE_MANAGER" -a $action == "upload" ];
then
/usr/local/directadmin/scripts/custom/all_pre.php
RETVAL=$?;
if [ $RETVAL -ne 0 ]; then
exit $RETVAL;
fi;
fi;
# Other code goes here
#!/usr/local/bin/php
<?
$command=getenv('command');
$action=getenv('action');
if ($command == "/CMD_FILE_MANAGER" && $action == "upload")
{
foreach($_SERVER as $key => $val)
{
if(strpos($key,"file")===0)
{
$file=substr($val,0,-6);
if (strpos($file,".exe")!==false){
print "You seem to be uploading a file with forbidden extension <b>".htmlspecialchars($file)."</b>";
exit(1);
}
}
}
}
exit(0);
?>