cf/index.php.sample at main · cresenity/cf · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php

//@codingStandardsIgnoreStart
if (!defined('CURL_SSLVERSION_TLSv1_2')) {
    define('CURL_SSLVERSION_TLSv1_2', 6);
}
//@codingStandardsIgnoreEnd

//auto redirect non www
$pageURL = (@$_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://';
if (isset($_SERVER['SERVER_NAME'])) {
    if (substr($_SERVER['SERVER_NAME'], 0, 4) === 'www.') {
        if ($_SERVER['SERVER_PORT'] != '80') {
            $pageURL .= substr($_SERVER['SERVER_NAME'], 4) . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
        } else {
            $pageURL .= substr($_SERVER['SERVER_NAME'], 4) . $_SERVER['REQUEST_URI'];
        }
        header('Location: ' . $pageURL);
        exit;
    }
}

/**
 * Test to make sure that CF is running on PHP 7.4 or newer. Once you are
 * sure that your environment is compatible with CF, you can comment this
 * line out. When running an application on a new server, uncomment this line
 * to check the PHP version quickly.
 */
version_compare(PHP_VERSION, '7.4', '<') and exit('CF requires PHP 7.4 or newer.');

/**
 * Set the error reporting level. Unless you have a special need, E_ALL is a
 * good level for error reporting.
 */
error_reporting(E_ALL & ~E_STRICT ^ E_DEPRECATED);

/**
 * Turning off display_errors will effectively disable CF error display
 * and logging. You can turn off CF errors in application/config/config.php
 */
ini_set('display_errors', true);

//
// DO NOT EDIT BELOW THIS LINE, UNLESS YOU FULLY UNDERSTAND THE IMPLICATIONS.
//
if (isset($_FILES) && is_array($_FILES)) {
    foreach ($_FILES as $k => $v) {
        if (isset($v['name'])) {
            $t = $v['name'];

            if (!is_array($t)) {
                $t = [$t];
            }
            foreach ($t as $g) {
                if (!is_array($g)) {
                    $ext = pathinfo($g, PATHINFO_EXTENSION);
                    if (strlen($ext) > 3) {
                        $ext = substr($ext, 0, 3);
                    }
                    if (in_array($ext, ['php', 'sh', 'htm'])) {
                        die('Not Allowed X_X');
                    }
                } else {
                    foreach ($g as $h) {
                        if (!is_array($h)) {
                            $ext = pathinfo($h, PATHINFO_EXTENSION);
                            if (strlen($ext) > 3) {
                                $ext = substr($ext, 0, 3);
                            }
                            if (in_array($ext, ['php', 'sh', 'htm'])) {
                                die('Not Allowed X_X');
                            }
                        }
                    }
                }
            }
        }
    }
}

require __DIR__ . '/system/core/Bootstrap.php';