Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Portage PHP Browser
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
Riklaunim
Apprentice
Apprentice


Joined: 16 Dec 2004
Posts: 286
Location: Poland

PostPosted: Tue Jan 04, 2005 7:50 pm    Post subject: Portage PHP Browser Reply with quote

I've made a simple PHP script that browses portage - files which usualy can be found in /usr/portage/ :)
- Download: HERE
It can:
- Brows through portage structure

[img:e603eb83d3]http://www.hubi.info/rik/new/browser1.png[/img:e603eb83d3]
- When you roll over a folder in a /portage/subdir/ a tooltip will show up with description and URL from the ebuild file

[img:e603eb83d3]http://www.hubi.info/rik/new/browser2.png[/img:e603eb83d3]
- All files in /portage/subdir/package/ can be displayed via highlight_string

Installation
- Unpack the script and send it to the server. The tooltip version (index.php) isn't PHP5 compatible. If you don't want the tooltip copy index_simple.php as index.php.
- Download a portage snapshot and extract it to the script folder, so you get:
./index.php
./portage/portage files
- Open index.php in the browser

Comments, suggestions? :)
Back to top
View user's profile Send private message
Crisis
l33t
l33t


Joined: 10 Feb 2003
Posts: 613
Location: Portland, OR

PostPosted: Tue Jan 04, 2005 9:06 pm    Post subject: Reply with quote

I assume this is meant to be ran locally, not accessible outside? Because there are a lot of security issues, but maybe it doesn't matter if it is ran locally.

But that begs the question, if you have local access, why do you need this?

I would be weary about putting this code as is on a publically available web server.
Back to top
View user's profile Send private message
Riklaunim
Apprentice
Apprentice


Joined: 16 Dec 2004
Posts: 286
Location: Poland

PostPosted: Wed Jan 05, 2005 7:04 am    Post subject: Reply with quote

Portage files doesnt have any executable www etc. code... + application files are displayed via highlight_string... You can put it on a normal server and nothing will happen.
Back to top
View user's profile Send private message
Crisis
l33t
l33t


Joined: 10 Feb 2003
Posts: 613
Location: Portland, OR

PostPosted: Wed Jan 05, 2005 1:51 pm    Post subject: Reply with quote

What if someone passes in unexpected information to some of those variables?

You aren't even checking the input on some of those paths, what happens if they pass in something like portage/../../etc/passwd ?
Back to top
View user's profile Send private message
Riklaunim
Apprentice
Apprentice


Joined: 16 Dec 2004
Posts: 286
Location: Poland

PostPosted: Wed Jan 05, 2005 4:47 pm    Post subject: Reply with quote

then waths this:
Code:

// portage browser hardened
function kill($x)
   {
   $x = str_replace('../', '', $x);
   $x = str_replace('./', '', $x);
   return $x;
   }
$_GET = array_map("strip_tags", $_GET);
$_GET = array_map("kill", $_GET);
// checking finished

:P
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum