1<?php 2/* 3 Yes, we know this can be used to view the source for any file 4 in the docroot directory. This is intentional and not an LFI 5 vulnerability. The source code for everything in the docroot 6 is publicly available at 7 8 https://github.com/php/web-php 9 10 so there is no vulnerability here. You can't use this to view 11 anything that is private. 12*/ 13$_SERVER['BASE_PAGE'] = 'cached.php'; 14include_once 'include/prepend.inc'; 15 16if (!isset($_GET["f"])) { 17 header("Location: https://www.php.net/"); 18 exit; 19} 20$pwd = realpath($_SERVER["DOCUMENT_ROOT"]); 21$abs = $pwd . "/" . (string)$_GET["f"]; 22$abs = realpath($abs); 23 24if (strncmp($abs, $pwd, strlen($pwd)) != 0) { 25 header("Location: https://www.php.net/" . strtr($_GET["f"],["\r" => "", "\n" => ""])); 26 exit; 27} 28 29if (isset($_GET["t"])) { 30 $time = (int)$_GET["t"]; 31} else { 32 $time = filemtime($abs); 33} 34 35$tsstring = gmdate("D, d M Y H:i:s ", $time) . "GMT"; 36if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) && 37 ($_SERVER["HTTP_IF_MODIFIED_SINCE"] == $tsstring)) { 38 header("HTTP/1.1 304 Not Modified"); 39 exit; 40} 41 42header("Last-Modified: " . $tsstring); 43header("Cache-Control: no-transform,public,max-age=2678400,s-maxage=2678400"); 44 45if (substr($abs, -3) == ".js" || substr($abs, -5) == ".json") { 46 header("Content-Type: application/javascript"); 47} elseif (substr($abs, -4) == ".css") { 48 header("Content-Type: text/css"); 49} 50 51readfile($abs); 52
