View previous topic :: View next topic |
Author |
Message |
Riklaunim Apprentice
Joined: 16 Dec 2004 Posts: 286 Location: Poland
|
Posted: Tue Jan 04, 2005 7:50 pm Post subject: Portage PHP Browser |
|
|
I've made a simple PHP script that browses portage - files which usualy can be found in /usr/portage/
- Download: HERE
It can:
- Brows through portage structure
[img:e603eb83d3]http://www.hubi.info/rik/new/browser1.png[/img:e603eb83d3]
- When you roll over a folder in a /portage/subdir/ a tooltip will show up with description and URL from the ebuild file
[img:e603eb83d3]http://www.hubi.info/rik/new/browser2.png[/img:e603eb83d3]
- All files in /portage/subdir/package/ can be displayed via highlight_string
Installation
- Unpack the script and send it to the server. The tooltip version (index.php) isn't PHP5 compatible. If you don't want the tooltip copy index_simple.php as index.php.
- Download a portage snapshot and extract it to the script folder, so you get:
./index.php
./portage/portage files
- Open index.php in the browser
Comments, suggestions? |
|
Back to top |
|
|
Crisis l33t
Joined: 10 Feb 2003 Posts: 613 Location: Portland, OR
|
Posted: Tue Jan 04, 2005 9:06 pm Post subject: |
|
|
I assume this is meant to be ran locally, not accessible outside? Because there are a lot of security issues, but maybe it doesn't matter if it is ran locally.
But that begs the question, if you have local access, why do you need this?
I would be weary about putting this code as is on a publically available web server. |
|
Back to top |
|
|
Riklaunim Apprentice
Joined: 16 Dec 2004 Posts: 286 Location: Poland
|
Posted: Wed Jan 05, 2005 7:04 am Post subject: |
|
|
Portage files doesnt have any executable www etc. code... + application files are displayed via highlight_string... You can put it on a normal server and nothing will happen. |
|
Back to top |
|
|
Crisis l33t
Joined: 10 Feb 2003 Posts: 613 Location: Portland, OR
|
Posted: Wed Jan 05, 2005 1:51 pm Post subject: |
|
|
What if someone passes in unexpected information to some of those variables?
You aren't even checking the input on some of those paths, what happens if they pass in something like portage/../../etc/passwd ? |
|
Back to top |
|
|
Riklaunim Apprentice
Joined: 16 Dec 2004 Posts: 286 Location: Poland
|
Posted: Wed Jan 05, 2005 4:47 pm Post subject: |
|
|
then waths this:
Code: |
// portage browser hardened
function kill($x)
{
$x = str_replace('../', '', $x);
$x = str_replace('./', '', $x);
return $x;
}
$_GET = array_map("strip_tags", $_GET);
$_GET = array_map("kill", $_GET);
// checking finished
|
|
|
Back to top |
|
|
|