PHP Malware Analysis
teste.html, teste.php5, unzip.php
md5: 79c6caf55bc40ceeb6c7036083c0a261
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Input
- _POST (Deobfuscated, Original)
Title
- File Unzipper + Zipper (Deobfuscated, HTML, Original)
URLs
- http://at2.php.net/manual/en/class.ziparchive.php#110719 (Deobfuscated, Original)
- http://php.net/manual/en/rar.installation.php (Deobfuscated, Original)
Deobfuscated PHP code
<?php
/**
* The Unzipper extracts .zip or .rar archives and .gz files on webservers.
* It's handy if you do not have shell access. E.g. if you want to upload a lot
* of files (php framework or image collection) as an archive to save time.
* As of version 0.1.0 it also supports creating archives.
*
* @author Andreas Tasch, at[tec], attec.at
* @license GNU GPL v3
* @package attec.toolbox
* @version 0.1.1
*/
define('VERSION', '0.1.1');
$timestart = microtime(TRUE);
$GLOBALS['status'] = array();
$unzipper = new Unzipper();
if (isset($_POST['dounzip'])) {
// Check if an archive was selected for unzipping.
$archive = isset($_POST['zipfile']) ? strip_tags($_POST['zipfile']) : '';
$destination = isset($_POST['extpath']) ? strip_tags($_POST['extpath']) : '';
$unzipper->prepareExtraction($archive, $destination);
}
if (isset($_POST['dozip'])) {
$zippath = !empty($_POST['zippath']) ? strip_tags($_POST['zippath']) : '.';
// Resulting zipfile e.g. zipper--2016-07-23--11-55.zip.
$zipfile = 'zipper-' . date("Y-m-d--H-i") . '.zip';
Zipper::zipDir($zippath, $zipfile);
}
$timeend = microtime(TRUE);
$time = round($timeend - $timestart, 4);
/**
* Class Unzipper
*/
class Unzipper
{
public $localdir = '.';
public $zipfiles = array();
public function __construct()
{
// Read directory and pick .zip, .rar and .gz files.
if ($dh = opendir($this->localdir)) {
while (($file = readdir($dh)) !== FALSE) {
if (pathinfo($file, PATHINFO_EXTENSION) === 'zip' || pathinfo($file, PATHINFO_EXTENSION) === 'gz' || pathinfo($file, PATHINFO_EXTENSION) === 'rar') {
$this->zipfiles[] = $file;
}
}
closedir($dh);
if (!empty($this->zipfiles)) {
$GLOBALS['status'] = array('info' => '.zip or .gz or .rar files found, ready for extraction');
} else {
$GLOBALS['status'] = array('info' => 'No .zip or .gz or rar files found. So only zipping functionality available.');
}
}
}
/**
* Prepare and check zipfile for extraction.
*
* @param string $archive
* The archive name including file extension. E.g. my_archive.zip.
* @param string $destination
* The relative destination path where to extract files.
*/
public function prepareExtraction($archive, $destination = '')
{
// Determine paths.
if (empty($destination)) {
$extpath = $this->localdir;
} else {
$extpath = $this->localdir . '/' . $destination;
// Todo: move this to extraction function.
if (!is_dir($extpath)) {
mkdir($extpath);
}
}
// Only local existing archives are allowed to be extracted.
if (in_array($archive, $this->zipfiles)) {
self::extract($archive, $extpath);
}
}
/**
* Checks file extension and calls suitable extractor functions.
*
* @param string $archive
* The archive name including file extension. E.g. my_archive.zip.
* @param string $destination
* The relative destination path where to extract files.
*/
public static function extract($archive, $destination)
{
$ext = pathinfo($archive, PATHINFO_EXTENSION);
switch ($ext) {
case 'zip':
self::extractZipArchive($archive, $destination);
break;
case 'gz':
self::extractGzipFile($archive, $destination);
break;
case 'rar':
self::extractRarArchive($archive, $destination);
break;
}
}
/**
* Decompress/extract a zip archive using ZipArchive.
*
* @param $archive
* @param $destination
*/
public static function extractZipArchive($archive, $destination)
{
// Check if webserver supports unzipping.
if (!class_exists('ZipArchive')) {
$GLOBALS['status'] = array('error' => 'Error: Your PHP version does not support unzip functionality.');
return;
}
$zip = new ZipArchive();
// Check if archive is readable.
if ($zip->open($archive) === TRUE) {
// Check if destination is writable
if (is_writeable($destination . '/')) {
$zip->extractTo($destination);
$zip->close();
$GLOBALS['status'] = array('success' => 'Files unzipped successfully');
} else {
$GLOBALS['status'] = array('error' => 'Error: Directory not writeable by webserver.');
}
} else {
$GLOBALS['status'] = array('error' => 'Error: Cannot read .zip archive.');
}
}
/**
* Decompress a .gz File.
*
* @param string $archive
* The archive name including file extension. E.g. my_archive.zip.
* @param string $destination
* The relative destination path where to extract files.
*/
public static function extractGzipFile($archive, $destination)
{
// Check if zlib is enabled
if (!function_exists('gzopen')) {
$GLOBALS['status'] = array('error' => 'Error: Your PHP has no zlib support enabled.');
return;
}
$filename = pathinfo($archive, PATHINFO_FILENAME);
$gzipped = gzopen($archive, "rb");
$file = fopen($destination . '/' . $filename, "w");
while ($string = gzread($gzipped, 4096)) {
fwrite($file, $string, strlen($string));
}
gzclose($gzipped);
fclose($file);
// Check if file was extracted.
if (file_exists($destination . '/' . $filename)) {
$GLOBALS['status'] = array('success' => 'File unzipped successfully.');
// If we had a tar.gz file, let's extract that tar file.
if (pathinfo($destination . '/' . $filename, PATHINFO_EXTENSION) == 'tar') {
$phar = new PharData($destination . '/' . $filename);
if ($phar->extractTo($destination)) {
$GLOBALS['status'] = array('success' => 'Extracted tar.gz archive successfully.');
// Delete .tar.
unlink($destination . '/' . $filename);
}
}
} else {
$GLOBALS['status'] = array('error' => 'Error unzipping file.');
}
}
/**
* Decompress/extract a Rar archive using RarArchive.
*
* @param string $archive
* The archive name including file extension. E.g. my_archive.zip.
* @param string $destination
* The relative destination path where to extract files.
*/
public static function extractRarArchive($archive, $destination)
{
// Check if webserver supports unzipping.
if (!class_exists('RarArchive')) {
$GLOBALS['status'] = array('error' => 'Error: Your PHP version does not support .rar archive functionality. <a class="info" href="http://php.net/manual/en/rar.installation.php" target="_blank">How to install RarArchive</a>');
return;
}
// Check if archive is readable.
if ($rar = RarArchive::open($archive)) {
// Check if destination is writable
if (is_writeable($destination . '/')) {
$entries = $rar->getEntries();
foreach ($entries as $entry) {
$entry->extract($destination);
}
$rar->close();
$GLOBALS['status'] = array('success' => 'Files extracted successfully.');
} else {
$GLOBALS['status'] = array('error' => 'Error: Directory not writeable by webserver.');
}
} else {
$GLOBALS['status'] = array('error' => 'Error: Cannot read .rar archive.');
}
}
}
/**
* Class Zipper
*
* Copied and slightly modified from http://at2.php.net/manual/en/class.ziparchive.php#110719
* @author umbalaconmeogia
*/
class Zipper
{
/**
* Add files and sub-directories in a folder to zip file.
*
* @param string $folder
* Path to folder that should be zipped.
*
* @param ZipArchive $zipFile
* Zipfile where files end up.
*
* @param int $exclusiveLength
* Number of text to be exclusived from the file path.
*/
private static function folderToZip($folder, &$zipFile, $exclusiveLength)
{
$handle = opendir($folder);
while (FALSE !== ($f = readdir($handle))) {
// Check for local/parent path or zipping file itself and skip.
if ($f != '.' && $f != '..' && $f != basename("/var/www/html/teste.php5.971d708981bbe1745cecbce58b6802d4.bin")) {
$filePath = "{$folder}/{$f}";
// Remove prefix from file path before add to zip.
$localPath = substr($filePath, $exclusiveLength);
if (is_file($filePath)) {
$zipFile->addFile($filePath, $localPath);
} elseif (is_dir($filePath)) {
// Add sub-directory.
$zipFile->addEmptyDir($localPath);
self::folderToZip($filePath, $zipFile, $exclusiveLength);
}
}
}
closedir($handle);
}
/**
* Zip a folder (including itself).
*
* Usage:
* Zipper::zipDir('path/to/sourceDir', 'path/to/out.zip');
*
* @param string $sourcePath
* Relative path of directory to be zipped.
*
* @param string $outZipPath
* Relative path of the resulting output zip file.
*/
public static function zipDir($sourcePath, $outZipPath)
{
$pathInfo = pathinfo($sourcePath);
$parentPath = $pathInfo['dirname'];
$dirName = $pathInfo['basename'];
$z = new ZipArchive();
$z->open($outZipPath, ZipArchive::CREATE);
$z->addEmptyDir($dirName);
if ($sourcePath == $dirName) {
self::folderToZip($sourcePath, $z, 0);
} else {
self::folderToZip($sourcePath, $z, strlen("{$parentPath}/"));
}
$z->close();
$GLOBALS['status'] = array('success' => 'Successfully created archive ' . $outZipPath);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>File Unzipper + Zipper</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
<!--
body {
font-family: Arial, sans-serif;
line-height: 150%;
}
label {
display: block;
margin-top: 20px;
}
fieldset {
border: 0;
background-color: #EEE;
margin: 10px 0 10px 0;
}
.select {
padding: 5px;
font-size: 110%;
}
.status {
margin: 0;
margin-bottom: 20px;
padding: 10px;
font-size: 80%;
background: #EEE;
border: 1px dotted #DDD;
}
.status--ERROR {
background-color: red;
color: white;
font-size: 120%;
}
.status--SUCCESS {
background-color: green;
font-weight: bold;
color: white;
font-size: 120%
}
.small {
font-size: 0.7rem;
font-weight: normal;
}
.version {
font-size: 80%;
}
.form-field {
border: 1px solid #AAA;
padding: 8px;
width: 280px;
}
.info {
margin-top: 0;
font-size: 80%;
color: #777;
}
.submit {
background-color: #378de5;
border: 0;
color: #ffffff;
font-size: 15px;
padding: 10px 24px;
margin: 20px 0 20px 0;
text-decoration: none;
}
.submit:hover {
background-color: #2c6db2;
cursor: pointer;
}
-->
</style>
</head>
<body>
<p class="status status--<?php
echo strtoupper(key($GLOBALS['status']));
?>">
Status: <?php
echo reset($GLOBALS['status']);
?><br/>
<span class="small">Processing Time: <?php
echo $time;
?> seconds</span>
</p>
<form action="" method="POST">
<fieldset>
<h1>Archive Unzipper</h1>
<label for="zipfile">Select .zip or .rar archive or .gz file you want to extract:</label>
<select name="zipfile" size="1" class="select">
<?php
foreach ($unzipper->zipfiles as $zip) {
echo "<option>{$zip}</option>";
}
?>
</select>
<label for="extpath">Extraction path (optional):</label>
<input type="text" name="extpath" class="form-field" />
<p class="info">Enter extraction path without leading or trailing slashes (e.g. "mypath"). If left empty current directory will be used.</p>
<input type="submit" name="dounzip" class="submit" value="Unzip Archive"/>
</fieldset>
<fieldset>
<h1>Archive Zipper</h1>
<label for="zippath">Path that should be zipped (optional):</label>
<input type="text" name="zippath" class="form-field" />
<p class="info">Enter path to be zipped without leading or trailing slashes (e.g. "zippath"). If left empty current directory will be used.</p>
<input type="submit" name="dozip" class="submit" value="Zip Archive"/>
</fieldset>
</form>
<p class="version">Unzipper version: <?php
echo "0.1.1";
?></p>
</body>
</html>Execution traces
data/traces/79c6caf55bc40ceeb6c7036083c0a261_trace-1676240465.3605.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:21:31.258286]
1 0 1 0.000144 393528
1 3 0 0.000444 455528 {main} 1 /var/www/html/uploads/teste.php5 0 0
2 4 0 0.000461 455528 define 0 /var/www/html/uploads/teste.php5 13 2 'VERSION' '0.1.1'
2 4 1 0.000479 455632
2 4 R TRUE
2 5 0 0.000492 455560 microtime 0 /var/www/html/uploads/teste.php5 15 1 TRUE
2 5 1 0.000504 455600
2 5 R 1676240465.3609
1 A /var/www/html/uploads/teste.php5 15 $timestart = 1676240465.3609
1 A /var/www/html/uploads/teste.php5 16 GLOBALS['status'] = []
2 6 0 0.000550 455640 Unzipper->__construct 1 /var/www/html/uploads/teste.php5 18 0
3 7 0 0.000564 455640 opendir 0 /var/www/html/uploads/teste.php5 45 1 '.'
3 7 1 0.000583 456032
3 7 R resource(4) of type (stream)
2 A /var/www/html/uploads/teste.php5 45 $dh = resource(4) of type (stream)
3 8 0 0.000610 456000 readdir 0 /var/www/html/uploads/teste.php5 46 1 resource(4) of type (stream)
3 8 1 0.000631 456080
3 8 R 'teste.php5'
2 A /var/www/html/uploads/teste.php5 46 $file = 'teste.php5'
3 9 0 0.000656 456040 pathinfo 0 /var/www/html/uploads/teste.php5 47 2 'teste.php5' 4
3 9 1 0.000671 456136
3 9 R 'php5'
3 10 0 0.000684 456040 pathinfo 0 /var/www/html/uploads/teste.php5 48 2 'teste.php5' 4
3 10 1 0.000697 456136
3 10 R 'php5'
3 11 0 0.000711 456040 pathinfo 0 /var/www/html/uploads/teste.php5 49 2 'teste.php5' 4
3 11 1 0.000724 456136
3 11 R 'php5'
3 12 0 0.000737 456040 readdir 0 /var/www/html/uploads/teste.php5 46 1 resource(4) of type (stream)
3 12 1 0.000750 456112
3 12 R '..'
2 A /var/www/html/uploads/teste.php5 46 $file = '..'
3 13 0 0.000773 456032 pathinfo 0 /var/www/html/uploads/teste.php5 47 2 '..' 4
3 13 1 0.000785 456128
3 13 R ''
3 14 0 0.000797 456032 pathinfo 0 /var/www/html/uploads/teste.php5 48 2 '..' 4
3 14 1 0.000810 456128
3 14 R ''
3 15 0 0.000822 456032 pathinfo 0 /var/www/html/uploads/teste.php5 49 2 '..' 4
3 15 1 0.000835 456128
3 15 R ''
3 16 0 0.000846 456032 readdir 0 /var/www/html/uploads/teste.php5 46 1 resource(4) of type (stream)
3 16 1 0.000860 456104
3 16 R '.'
2 A /var/www/html/uploads/teste.php5 46 $file = '.'
3 17 0 0.000882 456032 pathinfo 0 /var/www/html/uploads/teste.php5 47 2 '.' 4
3 17 1 0.000894 456128
3 17 R ''
3 18 0 0.000906 456032 pathinfo 0 /var/www/html/uploads/teste.php5 48 2 '.' 4
3 18 1 0.000918 456128
3 18 R ''
3 19 0 0.000930 456032 pathinfo 0 /var/www/html/uploads/teste.php5 49 2 '.' 4
3 19 1 0.000942 456128
3 19 R ''
3 20 0 0.000954 456032 readdir 0 /var/www/html/uploads/teste.php5 46 1 resource(4) of type (stream)
3 20 1 0.000967 456112
3 20 R 'prepend.php'
2 A /var/www/html/uploads/teste.php5 46 $file = 'prepend.php'
3 21 0 0.000991 456040 pathinfo 0 /var/www/html/uploads/teste.php5 47 2 'prepend.php' 4
3 21 1 0.001005 456136
3 21 R 'php'
3 22 0 0.001017 456040 pathinfo 0 /var/www/html/uploads/teste.php5 48 2 'prepend.php' 4
3 22 1 0.001030 456136
3 22 R 'php'
3 23 0 0.001043 456040 pathinfo 0 /var/www/html/uploads/teste.php5 49 2 'prepend.php' 4
3 23 1 0.001056 456136
3 23 R 'php'
3 24 0 0.001068 456040 readdir 0 /var/www/html/uploads/teste.php5 46 1 resource(4) of type (stream)
3 24 1 0.001081 456112
3 24 R 'data'
2 A /var/www/html/uploads/teste.php5 46 $file = 'data'
3 25 0 0.001103 456032 pathinfo 0 /var/www/html/uploads/teste.php5 47 2 'data' 4
3 25 1 0.001116 456096
3 25 R ''
3 26 0 0.001128 456032 pathinfo 0 /var/www/html/uploads/teste.php5 48 2 'data' 4
3 26 1 0.001140 456096
3 26 R ''
3 27 0 0.001151 456032 pathinfo 0 /var/www/html/uploads/teste.php5 49 2 'data' 4
3 27 1 0.001164 456096
3 27 R ''
3 28 0 0.001176 456032 readdir 0 /var/www/html/uploads/teste.php5 46 1 resource(4) of type (stream)
3 28 1 0.001188 456112
3 28 R '.htaccess'
2 A /var/www/html/uploads/teste.php5 46 $file = '.htaccess'
3 29 0 0.001216 456040 pathinfo 0 /var/www/html/uploads/teste.php5 47 2 '.htaccess' 4
3 29 1 0.001230 456144
3 29 R 'htaccess'
3 30 0 0.001243 456040 pathinfo 0 /var/www/html/uploads/teste.php5 48 2 '.htaccess' 4
3 30 1 0.001256 456144
3 30 R 'htaccess'
3 31 0 0.001269 456040 pathinfo 0 /var/www/html/uploads/teste.php5 49 2 '.htaccess' 4
3 31 1 0.001281 456144
3 31 R 'htaccess'
3 32 0 0.001294 456040 readdir 0 /var/www/html/uploads/teste.php5 46 1 resource(4) of type (stream)
3 32 1 0.001307 456080
3 32 R FALSE
2 A /var/www/html/uploads/teste.php5 46 $file = FALSE
3 33 0 0.001330 456000 closedir 0 /var/www/html/uploads/teste.php5 54 1 resource(4) of type (stream)
3 33 1 0.001345 455816
3 33 R NULL
2 A /var/www/html/uploads/teste.php5 60 GLOBALS['status'] = ['info' => 'No .zip or .gz or rar files found. So only zipping functionality available.']
2 6 1 0.001376 455752
1 A /var/www/html/uploads/teste.php5 18 $unzipper = class Unzipper { public $localdir = '.'; public $zipfiles = [] }
2 34 0 0.001399 456128 microtime 0 /var/www/html/uploads/teste.php5 33 1 TRUE
2 34 1 0.001412 456168
2 34 R 1676240465.3618
1 A /var/www/html/uploads/teste.php5 33 $timeend = 1676240465.3618
2 35 0 0.001436 456128 round 0 /var/www/html/uploads/teste.php5 34 2 0.00090789794921875 4
2 35 1 0.001450 456200
2 35 R 0.0009
1 A /var/www/html/uploads/teste.php5 34 $time = 0.0009
2 36 0 0.001475 456104 key 0 /var/www/html/uploads/teste.php5 392 1 ['info' => 'No .zip or .gz or rar files found. So only zipping functionality available.']
2 36 1 0.001491 456136
2 36 R 'info'
2 37 0 0.001504 456104 strtoupper 0 /var/www/html/uploads/teste.php5 392 1 'info'
2 37 1 0.001516 456168
2 37 R 'INFO'
2 38 0 0.001530 456128 reset 0 /var/www/html/uploads/teste.php5 393 1 ['info' => 'No .zip or .gz or rar files found. So only zipping functionality available.']
2 38 1 0.001547 456536
2 38 R 'No .zip or .gz or rar files found. So only zipping functionality available.'
1 3 1 0.001575 456504
0.001626 361584
TRACE END [2023-02-12 20:21:31.259795]
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:27:34.144196]
1 0 1 0.000159 393512
1 3 0 0.000467 455504 {main} 1 /var/www/html/uploads/unzip.php 0 0
2 4 0 0.000485 455504 define 0 /var/www/html/uploads/unzip.php 13 2 'VERSION' '0.1.1'
2 4 1 0.000501 455608
2 4 R TRUE
2 5 0 0.000515 455536 microtime 0 /var/www/html/uploads/unzip.php 15 1 TRUE
2 5 1 0.000527 455576
2 5 R 1676258828.2468
1 A /var/www/html/uploads/unzip.php 15 $timestart = 1676258828.2468
1 A /var/www/html/uploads/unzip.php 16 GLOBALS['status'] = []
2 6 0 0.000569 455616 Unzipper->__construct 1 /var/www/html/uploads/unzip.php 18 0
3 7 0 0.000584 455616 opendir 0 /var/www/html/uploads/unzip.php 45 1 '.'
3 7 1 0.000605 456008
3 7 R resource(4) of type (stream)
2 A /var/www/html/uploads/unzip.php 45 $dh = resource(4) of type (stream)
3 8 0 0.000633 455976 readdir 0 /var/www/html/uploads/unzip.php 46 1 resource(4) of type (stream)
3 8 1 0.000655 456048
3 8 R '..'
2 A /var/www/html/uploads/unzip.php 46 $file = '..'
3 9 0 0.000679 456008 pathinfo 0 /var/www/html/uploads/unzip.php 47 2 '..' 4
3 9 1 0.000695 456104
3 9 R ''
3 10 0 0.000708 456008 pathinfo 0 /var/www/html/uploads/unzip.php 48 2 '..' 4
3 10 1 0.000721 456104
3 10 R ''
3 11 0 0.000735 456008 pathinfo 0 /var/www/html/uploads/unzip.php 49 2 '..' 4
3 11 1 0.000747 456104
3 11 R ''
3 12 0 0.000760 456008 readdir 0 /var/www/html/uploads/unzip.php 46 1 resource(4) of type (stream)
3 12 1 0.000774 456080
3 12 R '.'
2 A /var/www/html/uploads/unzip.php 46 $file = '.'
3 13 0 0.000797 456008 pathinfo 0 /var/www/html/uploads/unzip.php 47 2 '.' 4
3 13 1 0.000810 456104
3 13 R ''
3 14 0 0.000822 456008 pathinfo 0 /var/www/html/uploads/unzip.php 48 2 '.' 4
3 14 1 0.000834 456104
3 14 R ''
3 15 0 0.000847 456008 pathinfo 0 /var/www/html/uploads/unzip.php 49 2 '.' 4
3 15 1 0.000859 456104
3 15 R ''
3 16 0 0.000871 456008 readdir 0 /var/www/html/uploads/unzip.php 46 1 resource(4) of type (stream)
3 16 1 0.000884 456088
3 16 R 'prepend.php'
2 A /var/www/html/uploads/unzip.php 46 $file = 'prepend.php'
3 17 0 0.000909 456016 pathinfo 0 /var/www/html/uploads/unzip.php 47 2 'prepend.php' 4
3 17 1 0.000922 456112
3 17 R 'php'
3 18 0 0.000935 456016 pathinfo 0 /var/www/html/uploads/unzip.php 48 2 'prepend.php' 4
3 18 1 0.000948 456112
3 18 R 'php'
3 19 0 0.000961 456016 pathinfo 0 /var/www/html/uploads/unzip.php 49 2 'prepend.php' 4
3 19 1 0.000973 456112
3 19 R 'php'
3 20 0 0.000985 456016 readdir 0 /var/www/html/uploads/unzip.php 46 1 resource(4) of type (stream)
3 20 1 0.000999 456088
3 20 R 'data'
2 A /var/www/html/uploads/unzip.php 46 $file = 'data'
3 21 0 0.001022 456008 pathinfo 0 /var/www/html/uploads/unzip.php 47 2 'data' 4
3 21 1 0.001035 456072
3 21 R ''
3 22 0 0.001047 456008 pathinfo 0 /var/www/html/uploads/unzip.php 48 2 'data' 4
3 22 1 0.001059 456072
3 22 R ''
3 23 0 0.001071 456008 pathinfo 0 /var/www/html/uploads/unzip.php 49 2 'data' 4
3 23 1 0.001084 456072
3 23 R ''
3 24 0 0.001096 456008 readdir 0 /var/www/html/uploads/unzip.php 46 1 resource(4) of type (stream)
3 24 1 0.001109 456088
3 24 R '.htaccess'
2 A /var/www/html/uploads/unzip.php 46 $file = '.htaccess'
3 25 0 0.001132 456016 pathinfo 0 /var/www/html/uploads/unzip.php 47 2 '.htaccess' 4
3 25 1 0.001145 456120
3 25 R 'htaccess'
3 26 0 0.001159 456016 pathinfo 0 /var/www/html/uploads/unzip.php 48 2 '.htaccess' 4
3 26 1 0.001172 456120
3 26 R 'htaccess'
3 27 0 0.001192 456016 pathinfo 0 /var/www/html/uploads/unzip.php 49 2 '.htaccess' 4
3 27 1 0.001205 456120
3 27 R 'htaccess'
3 28 0 0.001218 456016 readdir 0 /var/www/html/uploads/unzip.php 46 1 resource(4) of type (stream)
3 28 1 0.001232 456096
3 28 R 'unzip.php'
2 A /var/www/html/uploads/unzip.php 46 $file = 'unzip.php'
3 29 0 0.001262 456016 pathinfo 0 /var/www/html/uploads/unzip.php 47 2 'unzip.php' 4
3 29 1 0.001275 456112
3 29 R 'php'
3 30 0 0.001288 456016 pathinfo 0 /var/www/html/uploads/unzip.php 48 2 'unzip.php' 4
3 30 1 0.001302 456112
3 30 R 'php'
3 31 0 0.001314 456016 pathinfo 0 /var/www/html/uploads/unzip.php 49 2 'unzip.php' 4
3 31 1 0.001327 456112
3 31 R 'php'
3 32 0 0.001339 456016 readdir 0 /var/www/html/uploads/unzip.php 46 1 resource(4) of type (stream)
3 32 1 0.001353 456056
3 32 R FALSE
2 A /var/www/html/uploads/unzip.php 46 $file = FALSE
3 33 0 0.001376 455976 closedir 0 /var/www/html/uploads/unzip.php 54 1 resource(4) of type (stream)
3 33 1 0.001392 455792
3 33 R NULL
2 A /var/www/html/uploads/unzip.php 60 GLOBALS['status'] = ['info' => 'No .zip or .gz or rar files found. So only zipping functionality available.']
2 6 1 0.001423 455728
1 A /var/www/html/uploads/unzip.php 18 $unzipper = class Unzipper { public $localdir = '.'; public $zipfiles = [] }
2 34 0 0.001446 456104 microtime 0 /var/www/html/uploads/unzip.php 33 1 TRUE
2 34 1 0.001458 456144
2 34 R 1676258828.2477
1 A /var/www/html/uploads/unzip.php 33 $timeend = 1676258828.2477
2 35 0 0.001483 456104 round 0 /var/www/html/uploads/unzip.php 34 2 0.0009310245513916 4
2 35 1 0.001497 456176
2 35 R 0.0009
1 A /var/www/html/uploads/unzip.php 34 $time = 0.0009
2 36 0 0.001522 456080 key 0 /var/www/html/uploads/unzip.php 392 1 ['info' => 'No .zip or .gz or rar files found. So only zipping functionality available.']
2 36 1 0.001539 456112
2 36 R 'info'
2 37 0 0.001551 456080 strtoupper 0 /var/www/html/uploads/unzip.php 392 1 'info'
2 37 1 0.001564 456144
2 37 R 'INFO'
2 38 0 0.001578 456104 reset 0 /var/www/html/uploads/unzip.php 393 1 ['info' => 'No .zip or .gz or rar files found. So only zipping functionality available.']
2 38 1 0.001595 456512
2 38 R 'No .zip or .gz or rar files found. So only zipping functionality available.'
1 3 1 0.001616 456480
0.001643 361568
TRACE END [2023-02-13 01:27:34.145712]
Generated HTML code
<html><head>
<title>File Unzipper + Zipper</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
<!--
body {
font-family: Arial, sans-serif;
line-height: 150%;
}
label {
display: block;
margin-top: 20px;
}
fieldset {
border: 0;
background-color: #EEE;
margin: 10px 0 10px 0;
}
.select {
padding: 5px;
font-size: 110%;
}
.status {
margin: 0;
margin-bottom: 20px;
padding: 10px;
font-size: 80%;
background: #EEE;
border: 1px dotted #DDD;
}
.status--ERROR {
background-color: red;
color: white;
font-size: 120%;
}
.status--SUCCESS {
background-color: green;
font-weight: bold;
color: white;
font-size: 120%
}
.small {
font-size: 0.7rem;
font-weight: normal;
}
.version {
font-size: 80%;
}
.form-field {
border: 1px solid #AAA;
padding: 8px;
width: 280px;
}
.info {
margin-top: 0;
font-size: 80%;
color: #777;
}
.submit {
background-color: #378de5;
border: 0;
color: #ffffff;
font-size: 15px;
padding: 10px 24px;
margin: 20px 0 20px 0;
text-decoration: none;
}
.submit:hover {
background-color: #2c6db2;
cursor: pointer;
}
-->
</style>
</head>
<body>
<p class="status status--INFO">
Status: No .zip or .gz or rar files found. So only zipping functionality available.<br>
<span class="small">Processing Time: 0.0001 seconds</span>
</p>
<form action="" method="POST">
<fieldset>
<h1>Archive Unzipper</h1>
<label for="zipfile">Select .zip or .rar archive or .gz file you want to extract:</label>
<select name="zipfile" size="1" class="select">
</select>
<label for="extpath">Extraction path (optional):</label>
<input type="text" name="extpath" class="form-field">
<p class="info">Enter extraction path without leading or trailing slashes (e.g. "mypath"). If left empty current directory will be used.</p>
<input type="submit" name="dounzip" class="submit" value="Unzip Archive">
</fieldset>
<fieldset>
<h1>Archive Zipper</h1>
<label for="zippath">Path that should be zipped (optional):</label>
<input type="text" name="zippath" class="form-field">
<p class="info">Enter path to be zipped without leading or trailing slashes (e.g. "zippath"). If left empty current directory will be used.</p>
<input type="submit" name="dozip" class="submit" value="Zip Archive">
</fieldset>
</form>
<p class="version">Unzipper version: 0.1.1</p>
</body></html>Original PHP code
<?php
/**
* The Unzipper extracts .zip or .rar archives and .gz files on webservers.
* It's handy if you do not have shell access. E.g. if you want to upload a lot
* of files (php framework or image collection) as an archive to save time.
* As of version 0.1.0 it also supports creating archives.
*
* @author Andreas Tasch, at[tec], attec.at
* @license GNU GPL v3
* @package attec.toolbox
* @version 0.1.1
*/
define('VERSION', '0.1.1');
$timestart = microtime(TRUE);
$GLOBALS['status'] = array();
$unzipper = new Unzipper;
if (isset($_POST['dounzip'])) {
// Check if an archive was selected for unzipping.
$archive = isset($_POST['zipfile']) ? strip_tags($_POST['zipfile']) : '';
$destination = isset($_POST['extpath']) ? strip_tags($_POST['extpath']) : '';
$unzipper->prepareExtraction($archive, $destination);
}
if (isset($_POST['dozip'])) {
$zippath = !empty($_POST['zippath']) ? strip_tags($_POST['zippath']) : '.';
// Resulting zipfile e.g. zipper--2016-07-23--11-55.zip.
$zipfile = 'zipper-' . date("Y-m-d--H-i") . '.zip';
Zipper::zipDir($zippath, $zipfile);
}
$timeend = microtime(TRUE);
$time = round($timeend - $timestart, 4);
/**
* Class Unzipper
*/
class Unzipper {
public $localdir = '.';
public $zipfiles = array();
public function __construct() {
// Read directory and pick .zip, .rar and .gz files.
if ($dh = opendir($this->localdir)) {
while (($file = readdir($dh)) !== FALSE) {
if (pathinfo($file, PATHINFO_EXTENSION) === 'zip'
|| pathinfo($file, PATHINFO_EXTENSION) === 'gz'
|| pathinfo($file, PATHINFO_EXTENSION) === 'rar'
) {
$this->zipfiles[] = $file;
}
}
closedir($dh);
if (!empty($this->zipfiles)) {
$GLOBALS['status'] = array('info' => '.zip or .gz or .rar files found, ready for extraction');
}
else {
$GLOBALS['status'] = array('info' => 'No .zip or .gz or rar files found. So only zipping functionality available.');
}
}
}
/**
* Prepare and check zipfile for extraction.
*
* @param string $archive
* The archive name including file extension. E.g. my_archive.zip.
* @param string $destination
* The relative destination path where to extract files.
*/
public function prepareExtraction($archive, $destination = '') {
// Determine paths.
if (empty($destination)) {
$extpath = $this->localdir;
}
else {
$extpath = $this->localdir . '/' . $destination;
// Todo: move this to extraction function.
if (!is_dir($extpath)) {
mkdir($extpath);
}
}
// Only local existing archives are allowed to be extracted.
if (in_array($archive, $this->zipfiles)) {
self::extract($archive, $extpath);
}
}
/**
* Checks file extension and calls suitable extractor functions.
*
* @param string $archive
* The archive name including file extension. E.g. my_archive.zip.
* @param string $destination
* The relative destination path where to extract files.
*/
public static function extract($archive, $destination) {
$ext = pathinfo($archive, PATHINFO_EXTENSION);
switch ($ext) {
case 'zip':
self::extractZipArchive($archive, $destination);
break;
case 'gz':
self::extractGzipFile($archive, $destination);
break;
case 'rar':
self::extractRarArchive($archive, $destination);
break;
}
}
/**
* Decompress/extract a zip archive using ZipArchive.
*
* @param $archive
* @param $destination
*/
public static function extractZipArchive($archive, $destination) {
// Check if webserver supports unzipping.
if (!class_exists('ZipArchive')) {
$GLOBALS['status'] = array('error' => 'Error: Your PHP version does not support unzip functionality.');
return;
}
$zip = new ZipArchive;
// Check if archive is readable.
if ($zip->open($archive) === TRUE) {
// Check if destination is writable
if (is_writeable($destination . '/')) {
$zip->extractTo($destination);
$zip->close();
$GLOBALS['status'] = array('success' => 'Files unzipped successfully');
}
else {
$GLOBALS['status'] = array('error' => 'Error: Directory not writeable by webserver.');
}
}
else {
$GLOBALS['status'] = array('error' => 'Error: Cannot read .zip archive.');
}
}
/**
* Decompress a .gz File.
*
* @param string $archive
* The archive name including file extension. E.g. my_archive.zip.
* @param string $destination
* The relative destination path where to extract files.
*/
public static function extractGzipFile($archive, $destination) {
// Check if zlib is enabled
if (!function_exists('gzopen')) {
$GLOBALS['status'] = array('error' => 'Error: Your PHP has no zlib support enabled.');
return;
}
$filename = pathinfo($archive, PATHINFO_FILENAME);
$gzipped = gzopen($archive, "rb");
$file = fopen($destination . '/' . $filename, "w");
while ($string = gzread($gzipped, 4096)) {
fwrite($file, $string, strlen($string));
}
gzclose($gzipped);
fclose($file);
// Check if file was extracted.
if (file_exists($destination . '/' . $filename)) {
$GLOBALS['status'] = array('success' => 'File unzipped successfully.');
// If we had a tar.gz file, let's extract that tar file.
if (pathinfo($destination . '/' . $filename, PATHINFO_EXTENSION) == 'tar') {
$phar = new PharData($destination . '/' . $filename);
if ($phar->extractTo($destination)) {
$GLOBALS['status'] = array('success' => 'Extracted tar.gz archive successfully.');
// Delete .tar.
unlink($destination . '/' . $filename);
}
}
}
else {
$GLOBALS['status'] = array('error' => 'Error unzipping file.');
}
}
/**
* Decompress/extract a Rar archive using RarArchive.
*
* @param string $archive
* The archive name including file extension. E.g. my_archive.zip.
* @param string $destination
* The relative destination path where to extract files.
*/
public static function extractRarArchive($archive, $destination) {
// Check if webserver supports unzipping.
if (!class_exists('RarArchive')) {
$GLOBALS['status'] = array('error' => 'Error: Your PHP version does not support .rar archive functionality. <a class="info" href="http://php.net/manual/en/rar.installation.php" target="_blank">How to install RarArchive</a>');
return;
}
// Check if archive is readable.
if ($rar = RarArchive::open($archive)) {
// Check if destination is writable
if (is_writeable($destination . '/')) {
$entries = $rar->getEntries();
foreach ($entries as $entry) {
$entry->extract($destination);
}
$rar->close();
$GLOBALS['status'] = array('success' => 'Files extracted successfully.');
}
else {
$GLOBALS['status'] = array('error' => 'Error: Directory not writeable by webserver.');
}
}
else {
$GLOBALS['status'] = array('error' => 'Error: Cannot read .rar archive.');
}
}
}
/**
* Class Zipper
*
* Copied and slightly modified from http://at2.php.net/manual/en/class.ziparchive.php#110719
* @author umbalaconmeogia
*/
class Zipper {
/**
* Add files and sub-directories in a folder to zip file.
*
* @param string $folder
* Path to folder that should be zipped.
*
* @param ZipArchive $zipFile
* Zipfile where files end up.
*
* @param int $exclusiveLength
* Number of text to be exclusived from the file path.
*/
private static function folderToZip($folder, &$zipFile, $exclusiveLength) {
$handle = opendir($folder);
while (FALSE !== $f = readdir($handle)) {
// Check for local/parent path or zipping file itself and skip.
if ($f != '.' && $f != '..' && $f != basename(__FILE__)) {
$filePath = "$folder/$f";
// Remove prefix from file path before add to zip.
$localPath = substr($filePath, $exclusiveLength);
if (is_file($filePath)) {
$zipFile->addFile($filePath, $localPath);
}
elseif (is_dir($filePath)) {
// Add sub-directory.
$zipFile->addEmptyDir($localPath);
self::folderToZip($filePath, $zipFile, $exclusiveLength);
}
}
}
closedir($handle);
}
/**
* Zip a folder (including itself).
*
* Usage:
* Zipper::zipDir('path/to/sourceDir', 'path/to/out.zip');
*
* @param string $sourcePath
* Relative path of directory to be zipped.
*
* @param string $outZipPath
* Relative path of the resulting output zip file.
*/
public static function zipDir($sourcePath, $outZipPath) {
$pathInfo = pathinfo($sourcePath);
$parentPath = $pathInfo['dirname'];
$dirName = $pathInfo['basename'];
$z = new ZipArchive();
$z->open($outZipPath, ZipArchive::CREATE);
$z->addEmptyDir($dirName);
if ($sourcePath == $dirName) {
self::folderToZip($sourcePath, $z, 0);
}
else {
self::folderToZip($sourcePath, $z, strlen("$parentPath/"));
}
$z->close();
$GLOBALS['status'] = array('success' => 'Successfully created archive ' . $outZipPath);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>File Unzipper + Zipper</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
<!--
body {
font-family: Arial, sans-serif;
line-height: 150%;
}
label {
display: block;
margin-top: 20px;
}
fieldset {
border: 0;
background-color: #EEE;
margin: 10px 0 10px 0;
}
.select {
padding: 5px;
font-size: 110%;
}
.status {
margin: 0;
margin-bottom: 20px;
padding: 10px;
font-size: 80%;
background: #EEE;
border: 1px dotted #DDD;
}
.status--ERROR {
background-color: red;
color: white;
font-size: 120%;
}
.status--SUCCESS {
background-color: green;
font-weight: bold;
color: white;
font-size: 120%
}
.small {
font-size: 0.7rem;
font-weight: normal;
}
.version {
font-size: 80%;
}
.form-field {
border: 1px solid #AAA;
padding: 8px;
width: 280px;
}
.info {
margin-top: 0;
font-size: 80%;
color: #777;
}
.submit {
background-color: #378de5;
border: 0;
color: #ffffff;
font-size: 15px;
padding: 10px 24px;
margin: 20px 0 20px 0;
text-decoration: none;
}
.submit:hover {
background-color: #2c6db2;
cursor: pointer;
}
-->
</style>
</head>
<body>
<p class="status status--<?php echo strtoupper(key($GLOBALS['status'])); ?>">
Status: <?php echo reset($GLOBALS['status']); ?><br/>
<span class="small">Processing Time: <?php echo $time; ?> seconds</span>
</p>
<form action="" method="POST">
<fieldset>
<h1>Archive Unzipper</h1>
<label for="zipfile">Select .zip or .rar archive or .gz file you want to extract:</label>
<select name="zipfile" size="1" class="select">
<?php foreach ($unzipper->zipfiles as $zip) {
echo "<option>$zip</option>";
}
?>
</select>
<label for="extpath">Extraction path (optional):</label>
<input type="text" name="extpath" class="form-field" />
<p class="info">Enter extraction path without leading or trailing slashes (e.g. "mypath"). If left empty current directory will be used.</p>
<input type="submit" name="dounzip" class="submit" value="Unzip Archive"/>
</fieldset>
<fieldset>
<h1>Archive Zipper</h1>
<label for="zippath">Path that should be zipped (optional):</label>
<input type="text" name="zippath" class="form-field" />
<p class="info">Enter path to be zipped without leading or trailing slashes (e.g. "zippath"). If left empty current directory will be used.</p>
<input type="submit" name="dozip" class="submit" value="Zip Archive"/>
</fieldset>
</form>
<p class="version">Unzipper version: <?php echo VERSION; ?></p>
</body>
</html>