barryserver-git
Barry Fixed RCE bug b00582b (3 years, 11 months ago)<?php /* * Copyright (C) 2020 BarryServer * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <https://www.gnu.org/licenses/>. */ /* TITLE: Title of the site */ $TITLE = "BarryServer : Git"; /* ROOT: The location of this script in your document root * e.g. "example.com/abc/git.php" = "/abc", * "example.com/git.php" = "" */ $ROOT = ""; /* SCRIPT: Name of the script after alias by server * e.g. "example.com/git" -> "example.com/git.php" = "/git" */ $SCRIPT = ""; /* ORIGINAL: The location of all the git repositories */ $ORIGINAL = "/home/git"; /* BRANCH: The default branch to use */ $BRANCH = "master"; /* DESCRIPTION: Description of the site */ $DESCRIPTION = "A BarryServer Git Browser"; /* FOOTER: Text displayed at the bottom of each page */ $FOOTER = "BarryServer Git Browser"; ob_start(); ?> <!DOCTYPE html> <html> <head> <title><?php echo $TITLE; ?></title> <style> /* Main Page */ body { width: 90%; max-width: 1180px; min-width: 480px; margin-left: auto; margin-right: auto; margin-top: 24px; background-color: #0D0D0D; color: white; font-size: 1.1em; } /* Headings */ h1,h2,h3,h4,h5,h6 { color: orange; text-shadow: 2px 2px black; display: block; text-align: center; } /* Selected Links */ a:active, a:focus { outline: none; color: red; } /* Links */ a, a:visited { color: blue; } /* Folders, Files, Repositories and Branches*/ .folder, .file, .repo, .branch { background-color: #2D2D2D; color: white; padding: 8px; border: 1px solid orange; width: calc(100% - 18px); width: -webkit-fill-available; display: inline-block; margin-bottom: 4px; text-decoration: none; } /* Selected and Hovered Over Folders, Files, Repositories and Branches */ .folder:focus, .file:focus, .repo:focus, .branch:focus, .folder:hover, .file:hover, .repo:hover, .branch:hover { background-color: #3D3D3D; } /* Selected Folders, Files, Repositories and Branches */ .folder:focus, .file:focus, .repo:focus, .branch:focus { border: 1px solid blue; color: white; } /* Visited Folders, Files, Repositories and Branches */ .folder:active, .file:active, .repo:active, .branch:active, .folder:visited, .file:visited, .repo:visited, .branch:visited { color: white; } /* Icons */ .folder::before { content: '🗁 '; } .file::before { content: '🖹 '; } .repo::before { content: '🕮 '; } .branch::before { content: '⑃ '; } /* File Path */ .path { font-weight: bold; color: orange; } .path a:focus, .path a:active { color: red; } /* Description Text */ .description { display: block; text-align: center; } /* Footer Text */ .footer { display: block; text-align: center; } /* 404 */ .error { display: block; text-align: center; } /* Clone Text */ .clone { font-style: italic; color: lightgray; display: inline-block; } /* Raw Link */ .raw-link { font-weight: bold; float: right; display: inline-block; } /* File Content */ pre { border: 2px solid yellow; background-color: black; padding: 4px; -moz-tab-size: 2; tab-size: 2; white-space: pre-wrap; word-wrap: break-word; } /* Readme Documents */ .readme { text-align: left; } hr.readme { border: 1px solid white; } li.readme { margin-left: 40px; } /* Scrollbar */ ::-webkit-scrollbar {width: 10px; height: 10px;} ::-webkit-scrollbar-track {background: #0D0D0D;} ::-webkit-scrollbar-thumb {background: orange;} ::-webkit-scrollbar-thumb:hover {background: #BB6100;} ::-webkit-scrollbar-corner {background: #0D0D0D;} </style> </head> <body> <h1><?php echo $TITLE; ?></h1> <?php $path = $_SERVER["PATH_INFO"]; $path = str_replace("\"","\\\"",$path); $path = str_replace("'","\'",$path); $path = str_replace("$","\$",$path); $path = str_replace(")","\)",$path); $path = str_replace("(","\(",$path); $path = str_replace("`","\`",$path); $path = str_replace("|","\|",$path); $path = str_replace("&","\&",$path); if (!isset($path) || $path === "") {header("Location: ".$ROOT.$SCRIPT."/");} echo " <span class=\"path\"><a href=\"".$ROOT.$SCRIPT."/\">".$TITLE."</a>"; $full = $ROOT.$SCRIPT; foreach (explode("/", substr($path,1)) as $part) { $full .= "/".htmlspecialchars($part); echo "/<a href=\"".$full."\">".htmlspecialchars($part)."</a>"; } echo "</span><br><br>\n"; if ($path === "/") { echo " <span class=\"clone\">git clone git://".$_SERVER["SERVER_NAME"]."/<repo>.git</span><br><br>\n"; $repos = preg_grep("/(.git)$/", scandir($ORIGINAL)); foreach ($repos as $repo) { $desc = file_get_contents($ORIGINAL."/".$repo."/description"); echo "<a href=\"".$ROOT.$SCRIPT."/".substr($repo,0,-4)."/".$BRANCH."\" class=\"repo\"><b>".substr($repo,0,-4)."</b> :: ".$desc."</a><br>"; } } else { $repo = explode("/", substr($path,1))[0]; if (!is_dir($ORIGINAL."/".$repo.".git")) { echo " <span class=\"error\">\n <b>404! Repository not found!</b><br>\n"; echo " [<a href=\"".$ROOT.$SCRIPT."/\">RETURN</a>]\n </span>\n"; } else { $branch = explode("/", substr($path,1))[1]; echo " <span class=\"clone\">git clone "; if ($branch !== $BRANCH && $branch !== "") {echo "-b ".$branch." ";} echo "<a href=\"git://".$_SERVER["SERVER_NAME"]."/".$repo.".git\">git://".$_SERVER["SERVER_NAME"]."/".$repo.".git</a></span>\n"; $rest = implode("/",array_slice(explode("/", substr($path,1)),2)); chdir($ORIGINAL."/".$repo.".git"); if (!isset($branch)) {header("Location: ".$ROOT.$SCRIPT."/".$repo."/");} if (substr($path,-1) !== "/" && $rest === "" && $branch !== "" && isset($branch)) {header("Location: ".$ROOT.$SCRIPT."/".$repo."/".$branch."/");} if ($branch === "") { echo "<br><br>\n"; $branches = shell_exec("git show-branch"); foreach (explode("\n",$branches) as $cbranch) { echo preg_replace("/\[(.+)\] (.+)/","<a href=\"".$ROOT.$SCRIPT."/".$repo."/$1\" class=\"branch\">$1</a>",$cbranch)."<br>"; } } else { $files = shell_exec("git ls-tree --full-name ".$branch." ".$rest); if (substr($rest,-1) !== "/" && $rest !== "") { if (explode(" ",explode("\n",$files)[0])[1] === "tree") {header("Location: ".$ROOT.$SCRIPT."/".$repo."/".$branch."/".$rest."/");} } if (substr($rest,-1) === "/" && $rest !== "") { if (explode(" ",explode("\n",shell_exec("git ls-tree --full-name ".$branch." ".substr($rest,0,-1)))[0])[1] === "blob") {header("Location: ".$ROOT.$SCRIPT."/".$repo."/".$branch."/".substr($rest,0,-1));} } if ($rest === "") {$ctype = "tree";} else { if (substr($rest,-1) === "/") { $ctype = "tree"; } else { $ctyle = "blob"; } } if ($ctype === "tree") { $folderstxt = ""; if ($rest !== "") {$folderstxt .= " <a href=\"../\" class=\"folder\">../</a><br>\n";} $filestxt = ""; foreach (explode("\n",$files) as $file) { $name = explode(" ",$file); if ($name[1] == "tree") { $folderstxt .= " <a href=\"".$ROOT.$SCRIPT."/".$repo."/".$branch."/".explode("\t",$name[2])[1]."/\" class=\"folder\">".end(explode("/",explode("\t",$name[2])[1]))."/</a><br>\n"; } if ($name[1] == "blob") { $filestxt .= " <a href=\"".$ROOT.$SCRIPT."/".$repo."/".$branch."/".explode("\t",$name[2])[1]."\" class=\"file\">".end(explode("/",explode("\t",$name[2])[1]))."</a><br>\n"; } } echo "<br><br>\n"; echo $folderstxt; echo $filestxt; if ($readmefile = shell_exec("git ls-tree --full-name ".$branch." ".$rest."README")) { $readme = shell_exec("git cat-file -p ".explode("\t",explode(" ",explode("\n",$readmefile)[0])[2])[0]); $readme = preg_replace("/>/",">",$readme); $readme = preg_replace("/</","<",$readme); $readme = preg_replace("/(^|\n)# (.+)/","<h1 class=\"readme\">$2</h1>",$readme); $readme = preg_replace("/(^|\n)## (.+)/","<h2 class=\"readme\">$2</h2>",$readme); $readme = preg_replace("/(^|\n)### (.+)/","<h3 class=\"readme\">$2</h3>",$readme); $readme = preg_replace("/(^|\n)#### (.+)/","<h4 class=\"readme\">$2</h4>",$readme); $readme = preg_replace("/(^|\n)##### (.+)/","<h5 class=\"readme\">$2</h5>",$readme); $readme = preg_replace("/(^|\n)###### (.+)/","<h6 class=\"readme\">$2</h6>",$readme); $readme = preg_replace("/```([^`]+)```/","<pre style=\"color:magenta;font-style:italic\">$1</pre>",$readme); $readme = preg_replace("/`([^`]+)`/","<span style=\"color:magenta;font-style:italic\">$1</span>",$readme); $readme = preg_replace("/(^|\n)---($|\n)/","<br><hr class=\"readme\">",$readme); $readme = preg_replace("/(^|\n) - (.*)/","<li class=\"readme\">$2</li>",$readme); $readme = preg_replace("/\n\n/","<br>",$readme); $readme = preg_replace("/\[img src=\"([^\"]+)\"\]/","<img src=\"$1\" class=\"readme\" style=\"max-width:100%\" />",$readme); $readme = preg_replace("/\[link src=\"([^\"]+)\"\]/","<a href=\"$1\" class=\"readme\">$1</a>",$readme); echo " <br>\n ".$readme; } } else { if (shell_exec("git ls-tree --full-name ".$branch." ".$rest)) { $content = shell_exec("git cat-file -p ".explode("\t",explode(" ",explode("\n",$files)[0])[2])[0]); if (isset($_GET["raw"])) { ob_clean(); header("Content-type: text/plain"); echo $content; die(); } echo "<a class=\"raw-link\" href=\"?raw\">Raw View</a>"; echo "<pre>\n".htmlspecialchars($content)."</pre>\n"; } else { echo " <span class=\"error\">\n <b>404! File not found!</b><br>\n"; echo " [<a href=\"".$ROOT.$SCRIPT."/".$repo."/".$branch."\">RETURN</a>]\n </span>\n"; } } } } } if ($DESCRIPTION !== "" && $path === "/") { echo " <br><br>\n"; echo " <span class=\"description\">".$DESCRIPTION."</span>\n"; } if ($FOOTER !== "") { echo " <br><br>\n"; echo " <small class=\"footer\">".$FOOTER."</small>\n"; } ?> </body> </html>