mgenay:technique:extractcode.php
Ci-dessous, le code d'extractcode.php (fichier copié à la racine du répertoire mediawiki)
extractcode.php
<?php
unset( $DP );
unset( $IP );
$wgCommandLineMode = false;
define( 'MEDIAWIKI', true );
if ( isset( $_REQUEST['GLOBALS'] ) ) {
echo '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>';
die( -1 );
}
require_once( './includes/Defines.php' );
require_once( './LocalSettings.php' );
require_once( './includes/Article.php' );
require_once( './includes/Title.php' );
require_once( './includes/RawPage.php' );
require_once( 'includes/Setup.php' );
$title = $wgRequest->getVal( 'title' );
$section = $wgRequest->getVal( 'section' );
$otitle = Title::newFromText($title);
$article = new Article( $otitle );
$rp = new RawPage( $article, $wgRequest );
$text = $rp->getRawText();
if ($section=="")
{
$section=$title;
} else {
$patternReg= array ('/\//','/\./');
$replaceReg= array ('\\\/','\\\.');
$sectReg=preg_replace($patternReg,$replaceReg,$section);
$pattern_sectionstart = '/==[\s]*'.$sectReg.'.*==(.*)$/siU';
$result = preg_match( $pattern_sectionstart , $text, $part );
if ( $result <=0 )
{
$pattern_sectionstart = '/==[\s]*\{\{extractcode\|'.$sectReg.'\}\}.*==(.*)$/siU';
$result = preg_match( $pattern_sectionstart , $text, $part );
}
if ( $result >0 )
{
$section_start=$part[1];
$pattern_sectionend = '/(.*)\n==/siU';
$result = preg_match( $pattern_sectionend , $section_start, $part );
if ( $result >0 )
{
$section_text=$part[1];
} else {
$section_text=$section_start;
}
} else {
$section_text=$text;
}
$text=$section_text;
}
$pattern_code = '/<code(.*)>[\s]*(\S.*)<\/code>(.*)$/siU';
$code ="";
do {
$result = preg_match( $pattern_code, $text, $part );
if ( $result >0 )
{
$codeparam=$part[1];
$code=$code.$part[2];
$text=$code.$part[3];
}
} while ($result >0 );
header( "content-type: text/plain");
header( "Content-Disposition: inline ; filename=$section");
print $code;
?>
mgenay/technique/extractcode.php.txt · Last modified: by 127.0.0.1