Portions created by the Initial Developer are Copyright (C) 2008-2025 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane James Rose */ //includes files require_once dirname(__DIR__, 2) . "/resources/require.php"; require_once "resources/check_auth.php"; //permissions if (permission_exists('command_view')) { //access granted } else { echo "access denied"; exit; } //add multi-lingual support $language = new text; $text = $language->get(); //load editor preferences/defaults $setting_size = $settings->get('editor','font_size','12px'); $setting_theme = $settings->get('editor','theme','cobalt'); $setting_invisibles = $settings->get('editor','invisibles',false); $setting_indenting = $settings->get('editor','indent_guides',false); $setting_numbering = $settings->get('editor','line_numbers',true); //get the html values and set them as variables $handler = trim($_REQUEST["handler"] ?? ''); $code = trim($_REQUEST["code"] ?? ''); $command = trim($_REQUEST["command"] ?? ''); //run the command if the token is valid if (!empty($_POST) && empty($_POST["persistformvar"])) { //validate the token $token = new token; if ($token->validate($_SERVER['PHP_SELF'])) { $command_authorized = true; } else { message::add($text['message-invalid_token'],'negative'); $command_result = 'invalid token'; $command_authorized = false; } //run the command if ($command_authorized) { if (!empty($command)) { $command_result = ''; switch ($handler) { case 'shell': if (permission_exists('command_shell')) { $command_result = shell_exec($command . " 2>&1"); } break; case 'php': if (permission_exists('command_php')) { ob_start(); eval($command); $command_result = ob_get_contents(); ob_end_clean(); } break; case 'switch': if (permission_exists('command_switch')) { $esl = event_socket::create(); if ($esl->is_connected()) { $command_result = event_socket::api(rtrim($command)); } } break; } } } } //set editor moder switch ($handler) { case 'php': $mode = 'php'; break; default: $mode = 'text'; } //create token $object = new token; $token = $object->create($_SERVER['PHP_SELF']); //show the header require_once "resources/header.php"; $document['title'] = $text['title-command']; //scripts and styles ?> \n"; echo ""; echo " "; echo " "; echo " "; echo " "; echo " \n"; echo "

"; echo " ".$text['title-command']."\n"; echo "	"; if (permission_exists('command_switch') \|\| permission_exists('command_php') \|\| permission_exists('command_shell')) { echo " \n"; } echo " "; echo " "; echo "
\n"; echo $text['description-command']."\n"; echo "

"; echo "
"; //html form echo "

\n"; echo " "; echo " \n"; echo " "; echo " "; echo " \n"; echo "

"; echo " "; if (permission_exists('edit_view') && file_exists($_SERVER["PROJECT_ROOT"]."/app/edit/")) { echo " "; echo " "; echo " "; } echo "

"; echo " \n"; echo "

"; echo "

" ?>

"; echo "

\n"; echo "\n"; echo ""; echo "

"; ?> "; echo "".$text['label-response']."\n"; echo "

\n"; echo ($handler == 'switch') ? "\n" : "

".escape($command_result)."

"; echo ""; } //show the footer require_once "resources/footer.php"; ?>