xref: /web-php/cached.php (revision 1ebc2c49)
1<?php
2/*
3  Yes, we know this can be used to view the source for any file
4  in the docroot directory. This is intentional and not an LFI
5  vulnerability. The source code for everything in the docroot
6  is publicly available at
7
8    https://github.com/php/web-php
9
10  so there is no vulnerability here. You can't use this to view
11  anything that is private.
12*/
13$_SERVER['BASE_PAGE'] = 'cached.php';
14include_once 'include/prepend.inc';
15
16if (!isset($_GET["f"])) {
17    header("Location: https://www.php.net/");
18    exit;
19}
20$pwd = realpath($_SERVER["DOCUMENT_ROOT"]);
21$abs = $pwd . "/" . (string)$_GET["f"];
22$abs = realpath($abs);
23
24if (strncmp($abs, $pwd, strlen($pwd)) != 0) {
25    header("Location: https://www.php.net/" . strtr($_GET["f"],["\r" => "", "\n" => ""]));
26    exit;
27}
28
29if (isset($_GET["t"])) {
30    $time = (int)$_GET["t"];
31} else {
32    $time = filemtime($abs);
33}
34
35$tsstring = gmdate("D, d M Y H:i:s ", $time) . "GMT";
36if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) &&
37    ($_SERVER["HTTP_IF_MODIFIED_SINCE"] == $tsstring)) {
38    header("HTTP/1.1 304 Not Modified");
39    exit;
40}
41
42header("Last-Modified: " . $tsstring);
43header("Cache-Control: no-transform,public,max-age=2678400,s-maxage=2678400");
44
45if (substr($abs, -3) == ".js" || substr($abs, -5) == ".json") {
46    header("Content-Type: application/javascript");
47} elseif (substr($abs, -4) == ".css") {
48    header("Content-Type: text/css");
49}
50
51readfile($abs);
52