-
Notifications
You must be signed in to change notification settings - Fork 16
/
extract.cgi
41 lines (32 loc) · 1016 Bytes
/
extract.cgi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/perl
require './filemin-lib.pl';
use lib './lib';
use File::MimeInfo;
&ReadParse();
get_paths();
if(!$in{'file'}) {
print encode_json({'error' => $text{'provide_correct_parameters'}});
exit;
}
# Remove exploiting "../"
$file = $in{'file'};
$file =~ s/\.\.//g;
$file = &simplify_path($file);
if( !defined($file) ){
print_ajax_header();
print status('error', "$archive_type $text{'error_archive_type_not_supported'}");
exit;
}
print_ajax_header();
$archive_type = mimetype($cwd.'/'.$file);
if ($archive_type eq 'application/zip') {
&backquote_logged("unzip -o ".quotemeta("$cwd/$file").
" -d ".quotemeta($cwd));
print status('success', 1);
} elsif (index($archive_type, "tar") != -1 || index($archive_type, "gzip") != -1) {
&backquote_logged("tar xf ".quotemeta("$cwd/$file").
" -C ".quotemeta($cwd));
print status('success', 1);
} else {
print status('error', "$archive_type $text{'error_archive_type_not_supported'}");
}