PHPIndex

This page lists files in the current directory. You can view content, get download/execute commands for Wget, Curl, or PowerShell, or filter the list using wildcards (e.g., `*.sh`).

api
i
scripts
themes
.htaccess 
wget 'https://sme10.lists2.roe3.org/FreshRSS/p/.htaccess'
View Content 
<IfModule mod_dir.c>
	DirectoryIndex	index.php index.html
</IfModule>

FileETag	None
AddDefaultCharset	UTF-8

<IfModule mod_mime.c>
	AddType application/javascript .js
	AddType application/json .map

	AddCharset	UTF-8	.html
	AddCharset	UTF-8	.js
</IfModule>

<IfModule mod_deflate.c>
	AddOutputFilterByType DEFLATE application/javascript application/json application/xhtml+xml image/svg+xml text/css text/html
</IfModule>

<IfModule mod_expires.c>
	ExpiresActive	on
	ExpiresDefault	"access plus 1 month"
	ExpiresByType	application/javascript	"access plus 1 month"
	ExpiresByType	application/xhtml+xml	"access plus 1 month"
	ExpiresByType	image/x-icon	"access plus 1 month"
	ExpiresByType	text/html	"access plus 1 month"
	<FilesMatch "\.php$">
		ExpiresActive	Off
	</FilesMatch>
</IfModule>

<IfModule mod_headers.c>
	<FilesMatch "\.(css|gif|html|ico|js|png|svg|woff|woff2)$">
		Header	merge Cache-Control "public"
	</FilesMatch>
	Header edit Set-Cookie ^(.*)$ "$1; SameSite=Lax"
</IfModule>

# Provide the true IP address of the connection (e.g. last proxy), even when using mod_remoteip
<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteRule .* - [E=CONN_REMOTE_ADDR:%{CONN_REMOTE_ADDR}]
</IfModule>
<IfModule !mod_rewrite.c>
	<IfModule mod_setenvif.c>
		# If you run an old Apache 2.2-, disable mod_setenvif and enable mod_rewrite, or comment out next line
		SetEnvIfExpr "%{CONN_REMOTE_ADDR} =~ /(.*)/" CONN_REMOTE_ADDR=$1
	</IfModule>
</IfModule>
Web.config 
wget 'https://sme10.lists2.roe3.org/FreshRSS/p/Web.config'
View Content 
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
	<system.web>
		<httpRuntime executionTimeout="300" maxRequestLength="8192"/>
	</system.web>
	<system.webServer>
		<defaultDocument>
			<files>
				<clear />
				<add value="index.php" />
				<add value="index.html" />
			</files>
		</defaultDocument>
		<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
		<staticContent>
			<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="31.00:00:00" />
		</staticContent>
		<caching>
			<profiles>
				<add extension=".css" policy="CacheForTimePeriod" duration="31.00:00:00" location="Any" kernelCachePolicy="DontCache" />
				<add extension=".gif" policy="CacheForTimePeriod" duration="31.00:00:00" location="Any" kernelCachePolicy="DontCache" />
				<add extension=".html" policy="CacheForTimePeriod" duration="31.00:00:00" location="Any" kernelCachePolicy="DontCache" />
				<add extension=".jpg" policy="CacheForTimePeriod" duration="31.00:00:00" location="Any" kernelCachePolicy="DontCache" />
				<add extension=".js" policy="CacheForTimePeriod" duration="31.00:00:00" location="Any" kernelCachePolicy="DontCache" />
				<add extension=".png" policy="CacheForTimePeriod" duration="31.00:00:00" location="Any" kernelCachePolicy="DontCache" />
				<add extension=".svg" policy="CacheForTimePeriod" duration="31.00:00:00" location="Any" kernelCachePolicy="DontCache" />
				<add extension=".woff" policy="CacheForTimePeriod" duration="31.00:00:00" location="Any" kernelCachePolicy="DontCache" />
			</profiles>
		</caching>
		<!--<httpProtocol>
			<customHeaders>
				<add name="Cache-Control" value="public" />
			</customHeaders>
		</httpProtocol>-->
	</system.webServer>
</configuration>
ext.php 
wget 'https://sme10.lists2.roe3.org/FreshRSS/p/ext.php'
View Content 
<?php
declare(strict_types=1);
require(__DIR__ . '/../constants.php');

// Supported types with their associated content type
const SUPPORTED_TYPES = [
	'css' => 'text/css; charset=UTF-8',
	'js' => 'application/javascript; charset=UTF-8',
	'png' => 'image/png',
	'jpeg' => 'image/jpeg',
	'jpg' => 'image/jpeg',
	'gif' => 'image/gif',
	'svg' => 'image/svg+xml',
];

function get_absolute_filename(string $file_name): string {
	$core_extension = realpath(CORE_EXTENSIONS_PATH . '/' . $file_name);
	if (false !== $core_extension) {
		return $core_extension;
	}

	$extension = realpath(EXTENSIONS_PATH . '/' . $file_name);
	if (false !== $extension) {
		return $extension;
	}

	$third_party_extension = realpath(THIRDPARTY_EXTENSIONS_PATH . '/' . $file_name);
	if (false !== $third_party_extension) {
		return $third_party_extension;
	}

	$user = realpath(USERS_PATH . '/' . $file_name);
	if (false !== $user) {
		return $user;
	}

	return '';
}

function is_valid_path_extension(string $path, string $extensionPath, bool $isStatic = true): bool {
	// It must be under the extension path.
	$real_ext_path = realpath($extensionPath);
	if ($real_ext_path == false) {
		return false;
	}

	//Windows compatibility
	$real_ext_path = str_replace('\\', '/', $real_ext_path);
	$path = str_replace('\\', '/', $path);

	$in_ext_path = (substr($path, 0, strlen($real_ext_path)) === $real_ext_path);
	if (!$in_ext_path) {
		return false;
	}

	// User files do not need further validations
	if (!$isStatic) {
		return true;
	}

	// Static files to serve must be under a `ext_dir/static/` directory.
	$path_relative_to_ext = substr($path, strlen($real_ext_path) + 1);
	[, $static, $file] = sscanf($path_relative_to_ext, '%[^/]/%[^/]/%s') ?? [null, null, null];
	if (null === $file || 'static' !== $static) {
		return false;
	}

	return true;
}

/**
 * Check if a file can be served by ext.php. A valid file is under a
 * CORE_EXTENSIONS_PATH/extension_name/static/ or THIRDPARTY_EXTENSIONS_PATH/extension_name/static/ directory.
 *
 * You should sanitize path by using the realpath() function.
 *
 * @param string $path the path to the file we want to serve.
 * @return bool true if it can be served, false otherwise.
 *
 */
function is_valid_path(string $path): bool {
	return is_valid_path_extension($path, CORE_EXTENSIONS_PATH) || is_valid_path_extension($path, THIRDPARTY_EXTENSIONS_PATH)
		|| is_valid_path_extension($path, USERS_PATH, false);
}

/** @return never */
function sendBadRequestResponse(string $message = null) {
	header('HTTP/1.1 400 Bad Request');
	die($message);
}

/** @return never */
function sendNotFoundResponse() {
	header('HTTP/1.1 404 Not Found');
	die();
}

if (!isset($_GET['f']) || !is_string($_GET['f']) ||
	!isset($_GET['t']) || !is_string($_GET['t'])) {
	sendBadRequestResponse('Query string is incomplete.');
}

$file_name = urldecode($_GET['f']);
$file_type = $_GET['t'];
if (empty(SUPPORTED_TYPES[$file_type]) ||
	empty(SUPPORTED_TYPES[pathinfo($file_name, PATHINFO_EXTENSION)])) {
	sendBadRequestResponse('File type is not supported.');
}

$absolute_filename = get_absolute_filename($file_name);
if (!is_valid_path($absolute_filename)) {
	sendBadRequestResponse('File is not supported.');
}

$content_type = SUPPORTED_TYPES[$file_type];
header("Content-Type: {$content_type}");
header("Content-Disposition: inline; filename='{$file_name}'");

$mtime = @filemtime($absolute_filename);
if ($mtime === false) {
	sendNotFoundResponse();
}

require(LIB_PATH . '/http-conditional.php');

if (!httpConditional($mtime, 604800, 2)) {
	readfile($absolute_filename);
}
f.php 
wget 'https://sme10.lists2.roe3.org/FreshRSS/p/f.php'
View Content 
<?php
declare(strict_types=1);
require(__DIR__ . '/../constants.php');
require(LIB_PATH . '/lib_rss.php');	//Includes class autoloader
require(LIB_PATH . '/favicons.php');
require(LIB_PATH . '/http-conditional.php');

function show_default_favicon(int $cacheSeconds = 3600): void {
	$default_mtime = @filemtime(DEFAULT_FAVICON) ?: 0;
	if (!httpConditional($default_mtime, $cacheSeconds, 2)) {
		header('Content-Type: image/x-icon');
		header('Content-Disposition: inline; filename="default_favicon.ico"');
		readfile(DEFAULT_FAVICON);
	}
}

$id = $_SERVER['QUERY_STRING'] ?? '0';
if (!ctype_xdigit($id)) {
	$id = '0';
}

$txt = FAVICONS_DIR . $id . '.txt';
$ico = FAVICONS_DIR . $id . '.ico';

$ico_mtime = @filemtime($ico) ?: 0;
$txt_mtime = @filemtime($txt) ?: 0;

if ($ico_mtime == false || $ico_mtime < $txt_mtime || ($ico_mtime < time() - (mt_rand(15, 20) * 86400))) {
	if ($txt_mtime == false) {
		show_default_favicon(1800);
		exit();
	}

	// no ico file or we should download a new one.
	$url = file_get_contents($txt);
	if ($url === false) {
		show_default_favicon(1800);
		exit();
	}
	if (!download_favicon($url, $ico)) {
		// Download failed
		if ($ico_mtime == false) {
			show_default_favicon(86400);
			exit();
		} else {
			touch($ico);
		}
	}
}

if (!httpConditional($ico_mtime, mt_rand(14, 21) * 86400, 2)) {
	$ico_content_type = contentType($ico);
	header('Content-Type: ' . $ico_content_type);
	header('Content-Disposition: inline; filename="' . $id . '.ico"');
	readfile($ico);
}
favicon.ico 
wget 'https://sme10.lists2.roe3.org/FreshRSS/p/favicon.ico'
View Content
index.html 
wget 'https://sme10.lists2.roe3.org/FreshRSS/p/index.html'
View Content 
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="initial-scale=1.0" />
<meta http-equiv="Refresh" content="0; url=i/" />
<title>FreshRSS</title>
<link rel="stylesheet" href="themes/p.css" />
<link rel="shortcut icon" type="image/x-icon" sizes="16x16 64x64" href="favicon.ico" />
<link rel="icon msapplication-TileImage apple-touch-icon" type="image/png" sizes="256x256" href="themes/icons/favicon-256.png" />
<meta name="msapplication-TileColor" content="#FFF" />
<meta name="robots" content="noindex" />
</head>

<body>
<h1><a href="i/">FreshRSS</a></h1>
<p><a href="i/"><img class="logo" width="25%" src="themes/icons/icon.svg" alt="⊚" loading="lazy" /></a></p>
</body>
</html>
robots.txt 
wget 'https://sme10.lists2.roe3.org/FreshRSS/p/robots.txt'
View Content 
User-agent: *
Disallow: /