-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathincludes.php
104 lines (99 loc) · 2.08 KB
/
includes.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
require_once(__DIR__.DIRECTORY_SEPARATOR."src".DIRECTORY_SEPARATOR."XUP".DIRECTORY_SEPARATOR."main.php");
require_once(__DIR__.DIRECTORY_SEPARATOR."src".DIRECTORY_SEPARATOR."XUP".DIRECTORY_SEPARATOR."adapters".DIRECTORY_SEPARATOR."drive.php");
require_once(__DIR__.DIRECTORY_SEPARATOR."src".DIRECTORY_SEPARATOR."XUP".DIRECTORY_SEPARATOR."adapters".DIRECTORY_SEPARATOR."dropbox.php");
require_once(__DIR__.DIRECTORY_SEPARATOR."src".DIRECTORY_SEPARATOR."XUP".DIRECTORY_SEPARATOR."adapters".DIRECTORY_SEPARATOR."amazonwebservices.php");
require_once(DIRECTORY_SEPARATOR."www".DIRECTORY_SEPARATOR."v3".DIRECTORY_SEPARATOR."toprak".DIRECTORY_SEPARATOR."Adapter". DIRECTORY_SEPARATOR . "vendor" . DIRECTORY_SEPARATOR . "autoload.php");
use \Aws\S3\S3Client;
use \XUP\Uploader\Main;
use \XUP\Uploader\Drive;
use \XUP\Uploader\Dropbox;
use \Spatie\Dropbox\Client;
use \League\Flysystem\Filesystem;
use \XUP\Uploader\AmazonWebServices;
use \Aws\Common\Credentials\Credentials;
use \Spatie\FlysystemDropbox\DropboxAdapter;
function injection($str) {
$bad = array(
'<!--', '-->',
"'", '"',
'<', '>',
'&', '$',
'=',
';',
'?',
'/',
'!',
'#',
'%20', //space
'%22', // "
'%3c', // <
'%253c', // <
'%3e', // >
'%0e', // >
'%28', // (
'%29', // )
'%2528', // (
'%26', // &
'%24', // $
'%3f', // ?
'%3b', // ;
'%3d', // =
'%2F', // /
'%2E', // .
// '46', // .
// '47' // /
);
do
{
$old = $str;
$str = str_replace($bad, ' ', $str);
}
while ($old !== $str);
return $str;
}
function type($str){
$neverAllow = array(
'php',
'pl',
'cgi',
'rb',
'asp',
'aspx',
'exe',
'scr',
'dll',
'msi',
'vbs',
'bat',
'com',
'pif',
'cmd',
'vxd',
'cpl'
);
foreach ($neverAllow as $fft){
if(stripos($str,$fft) !== FALSE)
{
return false;
}
}
return true;
}
function mime($str){
$neverAllow = array(
"application/octet-stream",
"application/javascript",
"text/javascript"
);
foreach ($neverAllow as $fmt){
if(stripos($fmt, $str))
{
return false;
}
else
{
return true;
}
}
}