2021-12-06 12:07:13 +01:00
< ? php
2023-12-04 13:49:31 +01:00
2021-12-06 12:07:13 +01:00
if ( ! defined ( 'NOREQUIREUSER' )) {
define ( 'NOREQUIREUSER' , '1' );
}
if ( ! defined ( 'NOREQUIREDB' )) {
define ( 'NOREQUIREDB' , '1' );
}
if ( ! defined ( 'NOREQUIRESOC' )) {
define ( 'NOREQUIRESOC' , '1' );
}
if ( ! defined ( 'NOREQUIRETRAN' )) {
define ( 'NOREQUIRETRAN' , '1' );
}
if ( ! defined ( 'NOSTYLECHECK' )) {
define ( 'NOSTYLECHECK' , '1' ); // Do not check style html tag into posted data
}
if ( ! defined ( 'NOREQUIREMENU' )) {
define ( 'NOREQUIREMENU' , '1' ); // If there is no need to load and show top and left menu
}
if ( ! defined ( 'NOREQUIREHTML' )) {
define ( 'NOREQUIREHTML' , '1' ); // If we don't need to load the html.form.class.php
}
if ( ! defined ( 'NOREQUIREAJAX' )) {
define ( 'NOREQUIREAJAX' , '1' ); // Do not load ajax.lib.php library
}
if ( ! defined ( " NOLOGIN " )) {
define ( " NOLOGIN " , '1' ); // If this page is public (can be called outside logged session)
}
// If you don't need session management (can't be logged if no session used). You must also set
// NOCSRFCHECK, NOTOKENRENEWAL, NOLOGIN
// Disable module with GETPOST('disablemodules') won't work. Variable 'dol_...' will not be set.
// $_SESSION are then simple vars if sessions are not active.
// TODO We can close session with session_write_close() as soon as we just need read access everywhere in code.
if ( ! defined ( " NOSESSION " )) {
define ( " NOSESSION " , '1' );
}
2022-09-07 20:08:59 +02:00
// Load Dolibarr environment
2021-12-06 12:07:13 +01:00
require '../../main.inc.php' ;
// Security
if ( $dolibarr_main_prod ) {
2021-12-06 12:12:04 +01:00
accessforbidden ( 'Access forbidden when $dolibarr_main_prod is set to 1' );
2021-12-06 12:07:13 +01:00
}
/*
* View
*/
2022-07-11 20:18:03 +02:00
header ( " Content-type: text/html; charset=UTF8 " );
// Security options
header ( " X-Content-Type-Options: nosniff " ); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
header ( " X-Frame-Options: SAMEORIGIN " ); // Frames allowed only if on same domain (stop some XSS attacks)
2024-08-18 14:33:59 +02:00
print " *** TEST READ OF /tmp/test.txt FILE (Example: if file exists and owned by apache process owner + PrivateTmp is false + apparmor rules allows read of owned files in /tmp/, then you should see the file)<br> \n " ;
2022-07-01 13:15:15 +02:00
2021-12-06 12:07:13 +01:00
$out = '' ;
$ret = 0 ;
$file = '/tmp/test.txt' ;
$f = fopen ( $file , 'r' );
if ( $f ) {
$s = fread ( $f , 4096 );
print $s ;
fclose ( $f );
} else {
print " Failed to open file " . $file . " <br> \n " ;
}
print '<br><br>' . " \n " ;
2022-07-01 13:15:15 +02:00
print " *** TEST READ OF /test.txt FILE AND LS /dev/std*<br> \n " ;
2021-12-06 12:07:13 +01:00
exec ( 'cat /test.txt; ls /dev/std*; sleep 1;' , $out , $ret );
2022-07-01 13:26:32 +02:00
print " ret= " . $ret . " <br> \n " ;
2021-12-06 12:07:13 +01:00
print_r ( $out );
2022-07-01 13:15:15 +02:00
print '<br>' ;
2021-12-06 12:07:13 +01:00
print '<br><br>' . " \n " ;
2022-07-01 13:15:15 +02:00
print " *** TRY TO RUN CLAMDSCAN<br> \n " ;
2021-12-06 12:07:13 +01:00
$ret = 0 ;
$out = null ;
exec ( '/usr/bin/clamdscan --fdpass filethatdoesnotexists.php' , $out , $ret );
2022-07-01 13:26:32 +02:00
print " ret= " . $ret . " <br> \n " ;
2021-12-06 12:07:13 +01:00
print_r ( $out );
