From 07c61cd55c6c3cc20acad18e424773d328cb0910 Mon Sep 17 00:00:00 2001 From: Diederik de Groot Date: Tue, 13 Mar 2018 15:36:58 +0100 Subject: [PATCH] Small refactoring --- tftpboot/index.php | 178 +++++++++++++++++++++++++-------------------- 1 file changed, 101 insertions(+), 77 deletions(-) diff --git a/tftpboot/index.php b/tftpboot/index.php index 11636de..edc9ed1 100644 --- a/tftpboot/index.php +++ b/tftpboot/index.php @@ -13,17 +13,110 @@ $req_file = !empty($request['id']) ? $request['id'] : ''; // -- TFTPD - structure $path['firmware'] = $path['tftp']. '/firmware'; +$fw_suffix = array('bin', 'loads', 'sbn', 'sb2', 'sbin', 'zz', 'zup'); + $path['settings'] = $path['tftp']. '/settings'; +//$settings_suffix = array('cnf.xml'); + $path['wallpapers'] = $path['tftp']. '/wallpapers'; + $path['ringtones'] = $path['tftp']. '/ringtones'; +$ringtones_list = array('distinctive.xml', 'distinctive.sgn', 'ringlist.xml', 'ringlist.sgn'); + +$path['locales'] = $path['tftp']. '/locales'; $path['countries'] = $path['tftp']. '/locales/countries'; $path['languages'] = $path['tftp']. '/locales/languages'; - -$fw_suffix = ".bin;.bin;.loads;.LOADS;.sbn;.SBN;.sb2;.sbin;.zz;.zup;.sgn;.SGN"; -$ringtones_list = array('distinctive.xml', 'distinctive.sgn', 'ringlist.xml', 'ringlist.sgn'); $locale_list = array('-dictionary.', 'dictionary-ext.', '-dictionary.utf-8.', '-kate.xml', '-font.xml', '-tones.xml', 'be-sccp.jar', 'tc-sccp.jar', 'td-sccp.jar', 'ipc-sccp.jar', 'mk-sccp.jar', '_locale.loads', 'i-button-help.xml'); + +$req_file_full_path = '' ; + +if (!empty($req_file)) { + $signed = FALSE; + $req_data_ar = explode('/', $req_file); + $orig_req_file_name = end($req_data_ar); + $req_file_name = $orig_req_file_name; + $req_data_len = count($req_data_ar) - 1; + + if (file_exists($path['tftp'].$req_file_name)) // prevent "/../...//" browsing - (eliminate back door) + { + $req_file_full_path = $path['tftp'].$req_file_name; + } + else + { + $tmp_file = explode('.', $req_file_name); + $tmp = end($tmp_file); + if (strpos(".sgn;", '.'.strtolower($tmp).';') !== FALSE) { // handle signed files + $signed = TRUE; + $req_file_name = basename($req_file_name, ".sgn"); // strip signed part + } + + if (strpos_array($fw_suffix, $req_file_name, 'any') !== FALSE) { // Firmware file was requested + $firmware_list = find_all_files($path['firmware']); + $pos2 = strpos_array($firmware_list, $req_file_name, 'any'); // case unsensitive + if ($pos2 !== FALSE) { // Request Firmware + $req_file_full_path = $firmware_list[$pos2]; + } + print_r('
Requested Firmware:'. $req_file_full_path. '
'); + } + else + { + $tmp_file = ''; + + //if (strpos_array($settings_suffix, $req_file_name, 'any') !== FALSE) { // Request Settings + if (strpos(strtolower($req_file_name), '.cnf.xml') !== FALSE) { // Request Settings + $tmp_file = $path['settings'].'/'.$req_file_name; + } + else if (strpos(strtolower($req_file), '/desktops/') !== FALSE) { // Request Wallpapers + $tmp_file = $path['wallpapers'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; + } + else if (strpos_array($ringtones_list, $req_file_name, 'any') !== FALSE) { // Request RingTones + $tmp_file = $path['ringtones'].'/ringlist.xml'; + } + +/* + else if (strpos(strtolower($req_file), '-tones.xml') !== FALSE) { // Request Countries + $tmp_file = $path['countries'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; + } + + else if (strpos(strtolower($req_file), '-dictionary.') !== FALSE) { // Request Countries + $tmp_file = $path['languages'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; + } + + else if (strpos_array($req_file, $locale_list, 'any') !== FALSE) { // Request Languages + $tmp_file = $path['languages'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; + } + + else if (strpos(strtolower($req_file), '-dictionary.jar') !== FALSE) { // Request Countries + $tmp_file = $path['languages'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; + } +*/ + else if (strpos_array($req_file, $locale_list, 'any') !== FALSE) { // Request Languages + $tmp_file = $path['languages'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; + } + + if (empty($tmp_file)) { + die('ERROR: no match found.'); + } + $req_file_full_path = $tmp_file; + } + } + if (!empty($req_file_full_path)) { + if ($signed) { + $req_file_full_path = $req_file_full_path . '.sgn'; + } + if (!file_exists($req_file_full_path)) { + die('Could not find:'. $req_file_full_path); + } + print_r('
Returning:'. $req_file_full_path. '
'); + file_force_download($req_file_full_path); + } +} + +/* + * Helper functiosn + */ function file_force_download($file) { if (file_exists($file)) { @@ -60,8 +153,8 @@ function strpos_array($haystack, $needles, $mode='any') { } } else { if (is_array($haystack) && ($mode == 'any')) { - foreach ($haystack as $key => $subtr) { - $pos = strpos(strtolower($subtr), strtolower($needles)); + foreach ($haystack as $key => $substr) { + $pos = strpos(strtolower($substr), strtolower($needles)); if ($pos !== FALSE) { return $key; } @@ -85,14 +178,14 @@ function find_all_files($dir, $file_mask=null, $mode='full'){ foreach($root as $value) { if($value === '.' || $value === '..') {continue;} if(is_file("$dir/$value")) { - $filter = false; + $filter = FALSE; if (!empty($file_mask)) { if (is_array($file_mask)) { foreach ($file_mask as $k){ - if (strpos(strtolower($value), strtolower($k)) !== false) {$filter = true;} + if (strpos(strtolower($value), strtolower($k)) !== FALSE) {$filter = true;} } } else { - if (strpos(strtolower($value), strtolower($file_mask)) !== false) {$filter = true;} + if (strpos(strtolower($value), strtolower($file_mask)) !== FALSE) {$filter = true;} } } else {$filter = true;} if ($filter) { @@ -115,72 +208,3 @@ function find_all_files($dir, $file_mask=null, $mode='full'){ } return $result; } - -$req_file_full_path = '' ; - -if (!empty($req_file)) { - $req_data_ar = explode('/', $req_file); - $req_file_name = end($req_data_ar); - $req_data_len = count($req_data_ar) - 1; - if (file_exists($path['tftp'].$req_file_name)) { // file exist $req_file_name need remove "/../...//" -back door - $req_file_full_path = $path['tftp'].$req_file_name; - } else { - $tmp_file = explode('.', $req_file_name); - $tmp = end($tmp_file); - $pos = strpos($fw_suffix, '.'.$tmp.';'); - if ($pos !== false) { // Firmware file was request - $firmware_list = find_all_files($path['firmware']); - $pos2 = strpos_array($firmware_list, $req_file_name, 'any'); // case unsensitive - if ($pos2 !== false) { // Request Firmware - $req_file_full_path = $firmware_list[$pos2]; - } - print_r('
Firmware : '. $req_file_full_path. 'END Firmware
'); - } - if (empty($req_file_full_path)) { - $tmp_file = ''; - - if (strpos_array($ringtones_list, $req_file_name, 'any') !== FALSE) { - $tmp_file = $path['ringtones'].'/ringlist.xml'; // hard link - } - -/* - else if (strpos(strtolower($req_file), '-tones.xml') !== FALSE) { // Request Countries - $tmp_file = $path['countries'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; - } - - else if (strpos(strtolower($req_file), '-dictionary.') !== FALSE) { // Request Countries - $tmp_file = $path['languages'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; - } - - else if (strpos_array($req_file, $locale_list, 'any') !== FALSE) { // Request Languages - $tmp_file = $path['languages'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; - } - - else if (strpos(strtolower($req_file), '-dictionary.jar') !== FALSE) { // Request Countries - $tmp_file = $path['languages'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; - } - * - */ - else if (strpos_array($req_file, $locale_list, 'any') !== FALSE) { // Request Languages - $tmp_file = $path['languages'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; - } - else if (strpos(strtolower($req_file), '/desktops/') !== FALSE) { // Request Wallpapers - $tmp_file = $path['wallpapers'].'/'. $req_data_ar[$req_data_len-1].'/'. $req_data_ar[$req_data_len]; - } - else if (strpos(strtolower($req_file_name), '.cnf.xml') !== FALSE) { // Request Settings - $tmp_file = $path['settings'].'/'.$req_file_name; - } - - if (!empty($tmp_file)) { - if (file_exists($tmp_file)) { - $req_file_full_path = $tmp_file; - } - } - - } - } - if (!empty($req_file_full_path)) { - print_r('
Send: '. $req_file_full_path. ' file.
'); - file_force_download($req_file_full_path); - } -}