OpenVPN_Management_GUI/Modules/Downloads/getfile.php

<?php 
      $dir  = $_GET[dir];
      $item = $_GET[file];

      $dir  = substr($dir,10,strlen($dir)-17);
      $item = substr($item,1,strlen($item)-2);
      $abs_item = get_abs_item($dir,$item);

//SECURITY FIXX ------------------------------
//um falscheingaben beim pfad/datei abzufangen
if(!get_show_item($dir, $item)) 
{
  $abs_dir = "DONTTRYTOHACK";
  echo "<h1>DONT TRY TO HACK!</h1><br>";
  echo "<b>Your IP is logged, an administrator has been informed!</b><br>";
  echo "Script written by h44z";
  exit;
}
elseif(down_home($abs_dir)==true) 
{
  $abs_dir = "DONTTRYTOHACK";
  echo "<h1>DONT TRY TO HACK!</h1><br>";
  echo "<b>Your IP is logged, an administrator has been informed!</b><br>";
  echo "Script written by h44z";
  exit;
}
//SECURITY FIXX ------------------------------
else
{
  $abs_dir = $abs_dir;
}


ob_start();
	$browser=id_browser();
	header('Content-Type: '.(($browser=='IE' || $browser=='OPERA')?
		'application/octetstream':'application/octet-stream'));
	header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
	header('Content-Transfer-Encoding: binary');
	header('Content-Length: '.filesize($abs_item));
	if($browser=='IE') {
		header('Content-Disposition: attachment; filename="'.$item.'"');
		header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
		header('Pragma: public');
	} else {
		header('Content-Disposition: attachment; filename="'.$item.'"');
		header('Cache-Control: no-cache, must-revalidate');
		header('Pragma: no-cache');
	}
ob_end_flush();



function get_abs_dir($dir) 
{			// get absolute path
	$abs_dir="/home/christoph/explorer";
	if($dir!="") $abs_dir.="/".$dir;
	return $abs_dir;
}

function get_abs_item($dir, $item)
{		// get absolute file+path
	return get_abs_dir($dir)."/".$item;
}

function id_browser() {
	$browser=$GLOBALS['__SERVER']['HTTP_USER_AGENT'];
	
	if(ereg('Opera(/| )([0-9].[0-9]{1,2})', $browser)) {
		return 'OPERA';
	} else if(ereg('MSIE ([0-9].[0-9]{1,2})', $browser)) {
		return 'IE';
	} else if(ereg('OmniWeb/([0-9].[0-9]{1,2})', $browser)) {
		return 'OMNIWEB';
	} else if(ereg('(Konqueror/)(.*)', $browser)) {
		return 'KONQUEROR';
	} else if(ereg('Mozilla/([0-9].[0-9]{1,2})', $browser)) {
		return 'MOZILLA';
	} else {
		return 'OTHER';
	}
}


//String contains funktion
function contains($str, $content, $ignorecase=true)
{
    if ($ignorecase){
        $str = strtolower($str);
        $content = strtolower($content);
    }  
    return strpos($content,$str) ? true : false;
}

function get_show_item($dir, $item) {		// show this file?
	if($item == "..") return false;
		
	if("^\.ht"!="" && @eregi("^\.ht",$item)) return false;
	
	if(false==false) {
		$dirs=explode("/",$dir);
		foreach($dirs as $i) if(substr($i,0,1)==".") return false;
	}
	
	return true;
}

function down_home($abs_dir) {			// dir deeper than home?
	$real_home = @realpath("/home/christoph/explorer");
	$real_dir = @realpath($abs_dir);
	
	if($real_home===false || $real_dir===false) {
		if(@eregi("\\.\\.",$abs_dir)) return false;
	} else if(strcmp($real_home,@substr($real_dir,0,strlen($real_home)))) {
		return false;
	}
	return true;
}

@readfile($abs_item);
exit;

?>