Skip to content

Commit

Permalink
Create core.phar and public key (#3)
Browse files Browse the repository at this point in the history
  • Loading branch information
@danijelgalic
danijelgalic committed Nov 11, 2024
1 parent 4e19e0b commit 30fd3de
Show file tree
Hide file tree
Showing 2 changed files with 335 additions and 0 deletions.
321 changes: 321 additions & 0 deletions phar/core.phar
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,321 @@
<?php

$web = '/public/index.php';

if (\in_array('phar', stream_get_wrappers()) && class_exists(\Phar::class, 0)) {
\Phar::interceptFileFuncs();
set_include_path('phar://'.__FILE__.\PATH_SEPARATOR.get_include_path());
\Phar::webPhar(null, $web);

include 'phar://'.__FILE__.'/'.\Extract_Phar::START;

return;
}

if ((isset($_SERVER['REQUEST_URI'], $_SERVER['REQUEST_METHOD']) && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'POST'))) {
\Extract_Phar::go(true);
$mimes = [
'phps' => 2,
'c' => 'text/plain',
'cc' => 'text/plain',
'cpp' => 'text/plain',
'c++' => 'text/plain',
'dtd' => 'text/plain',
'h' => 'text/plain',
'log' => 'text/plain',
'rng' => 'text/plain',
'txt' => 'text/plain',
'xsd' => 'text/plain',
'php' => 1,
'inc' => 1,
'avi' => 'video/avi',
'bmp' => 'image/bmp',
'css' => 'text/css',
'gif' => 'image/gif',
'htm' => 'text/html',
'html' => 'text/html',
'htmls' => 'text/html',
'ico' => 'image/x-ico',
'jpe' => 'image/jpeg',
'jpg' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'js' => 'application/x-javascript',
'midi' => 'audio/midi',
'mid' => 'audio/midi',
'mod' => 'audio/mod',
'mov' => 'movie/quicktime',
'mp3' => 'audio/mp3',
'mpg' => 'video/mpeg',
'mpeg' => 'video/mpeg',
'pdf' => 'application/pdf',
'png' => 'image/png',
'swf' => 'application/shockwave-flash',
'tif' => 'image/tiff',
'tiff' => 'image/tiff',
'wav' => 'audio/wav',
'xbm' => 'image/xbm',
'xml' => 'text/xml',
];

header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');

$basename = basename(__FILE__);

if (!strpos($_SERVER['REQUEST_URI'], $basename)) {
chdir(\Extract_Phar::$temp);

include $web;

return;
}
$pt = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], $basename) + \strlen($basename));

if (!$pt || $pt == '/') {
$pt = $web;
header('HTTP/1.1 301 Moved Permanently');
header('Location: '.$_SERVER['REQUEST_URI'].'/'.$pt);

exit;
}
$a = realpath(\Extract_Phar::$temp.\DIRECTORY_SEPARATOR.$pt);

if (!$a || \strlen(\dirname($a)) < \strlen(\Extract_Phar::$temp)) {
header('HTTP/1.0 404 Not Found');
echo "<html>\n <head>\n <title>File Not Found<title>\n </head>\n <body>\n <h1>404 - File Not Found</h1>\n </body>\n</html>";

exit;
}
$b = pathinfo($a);

if (!isset($b['extension'])) {
header('Content-Type: text/plain');
header('Content-Length: '.filesize($a));
readfile($a);

exit;
}

if (isset($mimes[$b['extension']])) {
if ($mimes[$b['extension']] === 1) {
include $a;

exit;
}

if ($mimes[$b['extension']] === 2) {
highlight_file($a);

exit;
}
header('Content-Type: '.$mimes[$b['extension']]);
header('Content-Length: '.filesize($a));
readfile($a);

exit;
}
}

final class Extract_Phar {
public const GZ = 0x10_00;
public const BZ2 = 0x20_00;
public const MASK = 0x30_00;
public const START = '/public/console.php';
public const LEN = 6_661;
public static $temp;
public static $origdir;

public static function go($return = false): void {
$fp = fopen(__FILE__, 'rb');
fseek($fp, self::LEN);
$L = unpack('V', $a = fread($fp, 4));
$m = '';

do {
$read = 8_192;

if ($L[1] - \strlen($m) < 8_192) {
$read = $L[1] - \strlen($m);
}
$last = fread($fp, $read);
$m .= $last;
} while (\strlen($last) && \strlen($m) < $L[1]);

if (\strlen($m) < $L[1]) {
exit('ERROR: manifest length read was "'
.\strlen($m).'" should be "'
.$L[1].'"');
}

$info = self::_unpack($m);
$f = $info['c'];

if ($f & self::GZ) {
if (!\function_exists('gzinflate')) {
exit('Error: zlib extension is not enabled -'
.' gzinflate() function needed for zlib-compressed .phars');
}
}

if ($f & self::BZ2) {
if (!\function_exists('bzdecompress')) {
exit('Error: bzip2 extension is not enabled -'
.' bzdecompress() function needed for bz2-compressed .phars');
}
}

$temp = self::tmpdir();

if (!$temp || !is_writable($temp)) {
$sessionpath = session_save_path();

if (str_contains($sessionpath, ';'))
$sessionpath = substr($sessionpath, strpos($sessionpath, ';') + 1);

if (!file_exists($sessionpath) || !is_dir($sessionpath)) {
exit('Could not locate temporary directory to extract phar');
}
$temp = $sessionpath;
}

$temp .= '/pharextract/'.basename(__FILE__, '.phar');
self::$temp = $temp;
self::$origdir = getcwd();
mkdir($temp, 0o777, true);
$temp = realpath($temp);

if (!file_exists($temp.\DIRECTORY_SEPARATOR.md5_file(__FILE__))) {
self::_removeTmpFiles($temp, getcwd());
mkdir($temp, 0o777, true);
file_put_contents($temp.'/'.md5_file(__FILE__), '');

foreach ($info['m'] as $path => $file) {
$a = !file_exists(\dirname($temp.'/'.$path));
mkdir(\dirname($temp.'/'.$path), 0o777, true);
clearstatcache();

if ($path[\strlen($path) - 1] == '/') {
mkdir($temp.'/'.$path, 0o777);
} else {
file_put_contents($temp.'/'.$path, self::extractFile($path, $file, $fp));
chmod($temp.'/'.$path, 0o666);
}
}
}

chdir($temp);

if (!$return) {
include self::START;
}
}

public static function tmpdir() {
if (str_contains(\PHP_OS, 'WIN')) {
if ($var = getenv('TMP') ?: getenv('TEMP')) {
return $var;
}

if (is_dir('/temp') || mkdir('/temp')) {
return realpath('/temp');
}

return false;
}

if ($var = getenv('TMPDIR')) {
return $var;
}

return realpath('/tmp');
}

public static function _unpack($m) {
$info = unpack('V', substr($m, 0, 4));
$l = unpack('V', substr($m, 10, 4));
$m = substr($m, 14 + $l[1]);
$s = unpack('V', substr($m, 0, 4));
$o = 0;
$start = 4 + $s[1];
$ret['c'] = 0;

for ($i = 0; $i < $info[1]; $i++) {
$len = unpack('V', substr($m, $start, 4));
$start += 4;
$savepath = substr($m, $start, $len[1]);
$start += $len[1];
$ret['m'][$savepath] = array_values(unpack('Va/Vb/Vc/Vd/Ve/Vf', substr($m, $start, 24)));
$ret['m'][$savepath][3] = \sprintf('%u', $ret['m'][$savepath][3]
& 0xFF_FF_FF_FF);
$ret['m'][$savepath][7] = $o;
$o += $ret['m'][$savepath][2];
$start += 24 + $ret['m'][$savepath][5];
$ret['c'] |= $ret['m'][$savepath][4] & self::MASK;
}

return $ret;
}

public static function extractFile($path, $entry, $fp) {
$data = '';
$c = $entry[2];

while ($c) {
if ($c < 8_192) {
$data .= fread($fp, $c);
$c = 0;
} else {
$c -= 8_192;
$data .= fread($fp, 8_192);
}
}

if ($entry[4] & self::GZ) {
$data = gzinflate($data);
} elseif ($entry[4] & self::BZ2) {
$data = bzdecompress($data);
}

if (\strlen($data) != $entry[0]) {
exit('Invalid internal .phar file (size error '.\strlen($data).' != '
.$stat[7].')');
}

if ($entry[3] != \sprintf('%u', crc32($data) & 0xFF_FF_FF_FF)) {
exit('Invalid internal .phar file (checksum error)');
}

return $data;
}

public static function _removeTmpFiles($temp, $origdir): void {
chdir($temp);

foreach (glob('*') as $f) {
if (file_exists($f)) {
is_dir($f) ? rmdir($f) : unlink($f);

if (file_exists($f) && is_dir($f)) {
self::_removeTmpFiles($f, getcwd());
}
}
}

rmdir($temp);
clearstatcache();
chdir($origdir);
}
}

\Extract_Phar::go();
__HALT_COMPILER(); ?>
lpublic/console.php:
2g:�v�m�public/index.php6
2g6 n�ֶ<?php declare(strict_types = 1); var_dump('dump console');<?php declare(strict_types = 1); var_dump('dump web');j�;{�U�x*�g�:��HiXbg�fř��1�]P����������*�!�Vk��j�s����qR����Tðfrmg�l� �yŜ�3����_��t˖���1ʊ�uJ� ζޟ
�
���ipn���{vr�E�BMM3��Z��Fǃ4�r�D���o}3|�  �)�S�c�R���(�![�0�@������M� ��[x�T
PI+�&'���2������"�X3a{�O���7��A]��c������ t��
E�(��D����;��}��2#)�*"lR�Y>}^Cv���>��
��uU�*�Ha�p�<���L۸��M�J��{�2�n��y���m,���oJن�{��!ݛ'�bH-��ߢឃ?UL-ԫ,F��U�W6�.ﲴ�\�#ħBB��'B�&�;|�¥aPϩ�"�_xfc�Ez�������>�
��~��N}���-ڨI�a��),w��s3�7�i��
a�����F���v�#GBMB
14 changes: 14 additions & 0 deletions phar/core.phar.pubkey
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAl2Cl9wpddZ6U45qE7GpV
xmrmWKwll34ApLrWiiaMkOFz/swgjX4SlTIDXoeaWDjUZqIScgIC+GU2DFNahLrS
+2uzjXXPwh4cybJH3o/iCz710mk7oNVweJoDsTukGB8mTH91Op4XSxQGfZeHWQF1
zvCZy6UNcQD+6BeHIE0hzJlzD4pvfJbkxABPDBAU92w2a5fWQ/k0eh4djWpUULG0
mBgTdVRDlFyyzjPyLxuB5XtkmMmv4ByVqUHQccPhFikv3kpnR1jqeHLvwMARnFc/
XwureYAX4PwjJrGg1c2P2OPlBeHE0JjHOCpj2o12bM65PTrfLIaGmkmUsjHaQh3B
zTPoxE5mVIxn6LSiAh3k7HwGg4tmpuELyHgVblSP+HyUWDj4HLzUxHyP4BiceusZ
d5HPx3Wc7s3hRlH8gMrSyleGD6Im8ecBvFKFiWDSqIiqIV1pUBlIKHkckfFkWYeZ
W+piWgGwJlYc270Fitl7e2XJ7Vq9bDf26sqeyINA8KbqRn9yeQn6v1cQsd0fIObC
sngASw7/nEHS8GOml0BfJaJmviQO/BItfJDl0sLPmZX7fIiI/51gxFCaJtyqany9
ak8mmSp2zbechnWBUMPEPf7pddz9KH7Rli3OHmcT81PDAl+sumF2f/DcobTz5PM/
YuRzBylkXVSUdrlugFSDv88CAwEAAQ==
-----END PUBLIC KEY-----

0 comments on commit 30fd3de

Please sign in to comment.