I have the below code.
In my base directory where the main CodeIgniter PHP index file is, I have a directory pagemodules with permission 666.
What I want to do is write in it a file in the following filename format: .main.control.function.var.something.mod
To dynamically create files in this folder I use the below code to check if the file exists, if not, create it with a single space in it.
The only problem is, I come up with a fail every time. I have tried moving the dir into every possible directory to see if it's a file path problem, but that didn't help.
The CodeIgniter wiki isn't much help either because it gives no pointers on how to diagnose errors from the file helper. And no error is thrown whatsoever...
How can I get CodeIgniter to throw an error I can do something with?
I could start working with fopen, but I prefer to use CodeIgniter because of ease of use.
error_reporting(E_ALL);
ini_set("display_errors", 1);
$this->load->helper('file');
if($createfile!=null)
{
$filepath = './pagemodules/'.str_replace('/','.',$data['page']->url).'.mod';
$file = read_file($filepath);
if($file === false)
{
$test = write_file($filepath,' ','w+');
if($test)
{
echo "we have written $filepath";
}
else
{
echo 'fail '.$filepath;
}
}
}
well, just for debug purposes:
Replace './pagemodules/ with 'FCPATH.'pagemodules/ in order to get absolute path to pagemodules (if it is located at index.php codeigniter directory).
To avoid an invalid path, you can use...
get_filenames('path/to/pagemodules/')
...to get its files and corroborate if it is correct.This function return and array with file names into it.
Remember that you can use FCPATH constant to get the absolute path to Codeigniter installation.
Related
I am new to lua to trying to understand and put pieces to together and looking out for some help.
I have gone through the existing articles on lua file looping but unable to get the desired output.
Question - I have a folder with files, Folder path - "D:\Test_Files\Outbound\Client\final"
Files in the folder with extension - .txt
Trying to :
Get the count of files in the folder(in this case "final" folder).
Read every file, building a loop something similar to this:
list = {}
for i=0,(#Totalfilecount) do
local fr = io.open('D:\Test_Files\Outbound\Client\final\'..filename.,'rb')
local f = fr.read('*.txt')
Customfunction(f) -- Passing file content to customfunction to apply business logic.
end
Questions :
How to get file count from a directory?
How to read the directory to check if the files with "*.txt" exist?
How to use table list to store each file name and read through the loop?
How to read each file via loop and pass the value to function "Customfunction(f)"?
Code is expected to run on windows. Please share suggestions in pure lua without using external file system functions such as 'lfs' as we do not like to import external functions.
Any Suggestions/help will be greatly appreciated!
You can't (at least shouldn't) do this without extensions to Lua. To accomplish this, you have to download LuaFileSystem library. You can do it using LuaRocks:
$ luarocks install luafilesystem
Use library as such:
require "lfs"
function dirtree(dir)
assert(dir and dir ~= "", "Please pass directory parameter")
if string.sub(dir, -1) == "/" then
dir=string.sub(dir, 1, -2)
end
local function yieldtree(dir)
for entry in lfs.dir(dir) do
if entry ~= "." and entry ~= ".." then
entry=dir.."/"..entry
local attr=lfs.attributes(entry)
coroutine.yield(entry,attr)
if attr.mode == "directory" then
yieldtree(entry)
end
end
end
end
return coroutine.wrap(function() yieldtree(dir) end)
end
An example use of code above:
for filename, attr in dirtree("D:\Test_Files\Outbound\Client\final") do
print(attr.mode, filename)
end
You have to check does extension equal to txt. To read file extension use this snippet:
function GetFileExtension(path)
return path:match("^.+(%..+)$")
end
So, to answer your question(s), you can get amount of files in directory just by counting elements in array returned in dirtree. To answer second question, just use code from the post. Table that you want is returned by dirtree(), but you may want to extract only .txt files from it. To read a file, just check other SO answers. You've got given name (in array), so use it.
EDIT: You can parse result of dir and ls command to get directory listing, but you shouldnt. Althrough this way you wouldn't need to install any libraries, your code is going to be heavily OS-depedent.
Adding libraries to your code isn't so bad. Hacking things is worse.
(Not sure file extension extracting function is going to work. I didn't make dirtree code used in this post, it belongs to David Kastrup)
I am working on this problem:
https://www.hackthissite.org/missions/realistic/3/
The site above has been hacked and it is our job to return it back to its original state. I started by looking at the source code. The hacker left a comment reading:
"Note to the webmasterThis website has been hacked, but not totally destroyed. The old website is still up. I simply copied the old index.html file to oldindex.html and remade this one. Sorry about the inconvenience."
Therefore I went to https://www.hackthissite.org/missions/realistic/3/oldindex.html
I then clicked on submit poetry. In the name field I put ../index.html and in the poem field I put the source code of the page:
www(dot)hackthissite.org(dot)missions/realistic/3/oldindex(dot)html.
I got the right answer; however, I don't quite get how this works.
First of all how do you know when something is susceptible to
directory traversal. I did it because I looked at the forums, but
how would I know that directory traversal is an option?
If you click on read poem --> 'poem name' you get a url like this:
www(dot)hackthissite(dot)org/missions/realistic/3/readpoem(dot)php?name=The%20Idiot
In that case wouldn't the final url using ../index.html be:
www(dot)hackthissite(dot)org/missions/realistic/3/?name=index(dot)html
not www(dot)hackthissite(dot)org/missions/realistic/3/index(dot)html
Sory for the (dot). I need more reputation to post more links.
During a directory traversal attack, the attacker will submit a filename contaning characters that will allow them to access files outside of the intended directory. For example a single dot (.) refferes to the current directory and two dots (..) the parent directory. During an attack the aim will be to access and read restricted files using PHP's elevated privileges.
This is an example of directory transversal vulnerable php code:
$page = $_GET['page'];
$filename = "/pages/$page";
$file_handler = fopen($filename, "r");
$contents = fread($file_handler, filesize($file));
fclose($file_handler);
echo $contents;
In your challenge the file: "readpoem.php" is vulnerable in his $_GET['name'] variable and its happening something similar.
In a blackbox pentesting you can detect it by following errors produced when fuzzing a value and analyzing your request/respond traffic.
en.wikipedia.org/wiki/Fuzz_testing
One type of solution to prevent this is checking for "forbidden" occurrences as someone put an example here:
Preventing Directory Traversal in PHP but allowing paths
So i'm trying to make a configuration for my app, although it doesn't seem to load or save anything from/in it.
Here's the code upon creation:
ini_open(working_directory + "\properties.ini");
global.width = ini_read_real('screen','width',640);
global.height = ini_read_real('screen','height',480);
ini_close();
Here's the ini file:
[screen]
width = 1280
height = 1024
when i return global.width and global.height values they're still 640;480 but not as stated in the ini file, which means it doesn't even load values from the file. I was wondering, maybe I need to compile the executable and then run it as administrator, but I doubt that there could be a problem with permissions. I also added properties.ini file to "Included Files" folder so it would come with compiled exe.
This seems weird, but now it works. Actually the *.ini file isn't saved the same place where exe is. I just found out that it saves everything in %localappdata%// . Also it looks to be working better without dir shortcut "working_directory". So thanks, anyway
I'm trying to check if a file exists or not in Tcl, but I can't seem to get a true result. Even though I know it is present.
while {true} {
if { [file exists $file_name] == 1} {
exp_send "copy file.txt destination \r"
puts " File copied!"
}
puts "File Not copied"
}
I always execute the File not copied line. I did a put for [file exists $file_name] and I always end up with 0. But I know for a fact that the file exists in the current directory. Any suggestions?
EDIT:
An alternative method that I'm trying to pursue, is that when I do a dir using the tcl script. I will get an output of all the files in the directory. I just need to match my file with the list outputted and satisfy the if when a match was found ...
I'm executing the script from Location A, but using the script to telnet to Location B. When I do a file exists, it checks Location A itself. This is my problem ... since I need to be searching in Location B ...
The file exists command always works with local filesystems. If you want to check whether a remote system has a file, you'll have to exp_send it some instructions to do the check for you. Unfortunately, I can't quite tell what you're talking to from your description, so I can't actually advise how to do it.
And you want a break after that puts "File copied" line otherwise it will all go round the loop again. You probably don't want that!
Donal reasonably mentioned exp_send as a vehicle to access a remote filesystem. If this is an FTP context, though, I prefer a (pure-Tcl-without-Expect) solution based on Tcl's FTP library; I find this more portable, understandable, and concise.
I am trying to access a resource file from a servlet but getting HTTP Error 500 - access denied:
File file = new File("//warChildFolder//myFile.txt");
InputStream is = new FileInputStream(file); // <--error on this line
I am on google-app-engine.
Any help appreciated!
Google App Engine docs talk about "white listing" a file. Is that in play here?
I also wonder about this:
File file = new File("//warChildFolder//myFile.txt");
Doesn't the leading slash make this an absolute path?
I'd try it like this:
File file = new File("WEB-INF/warChildFolder/myFile.txt");
Make the path relative to the WAR root and be explicit about WEB-INF.
I'm not sure about Google App Engine but in my experience the only solution that works across containers and platforms is to use ServletContext.getRealPath().
new File(servletContext.getRealPath("/WEB-INF/warChildFolder/myFile.txt"));
The spec says: use forward slashes and a leading slash. This gives you platform independence and you're not relying on the process' current directory.
Does it work if you use single path separators?
(updated to use relative paths):
File file = new File("warChildFolder/myFile.txt");
You need to escape the "\" character in Strings, so use "\", but a single "/" is all that is needed.
Update: It may be that the path being processed is not the same as you expect, you can try logging the absolute path of the file (with file.getAbsolutePath()) to check this.
Another thing to check is that the process has read permissions on the folder/file. If you're not on Windows this can be a problem.