33 lines
1.0 KiB
PHP
33 lines
1.0 KiB
PHP
<?php
|
|
/**
|
|
* ambre-dump.php · AMBRE session · standalone file reader
|
|
* Allowed roots only. Returns RAW content (Content-Type: text/plain)
|
|
* Invocation: /api/ambre-dump.php?path=/var/www/html/xxx&offset=0&length=50000
|
|
*/
|
|
$target = $_GET["path"] ?? "";
|
|
$offset = (int)($_GET["offset"] ?? 0);
|
|
$length = min((int)($_GET["length"] ?? 50000), 200000);
|
|
|
|
$real = realpath($target);
|
|
$allowed = ["/var/www/html/", "/opt/wevads/", "/opt/weval-l99/"];
|
|
$ok = false;
|
|
foreach ($allowed as $root) {
|
|
if ($real && strpos($real, $root) === 0) { $ok = true; break; }
|
|
}
|
|
if (!$ok || !file_exists($real)) {
|
|
http_response_code(404);
|
|
header("Content-Type: application/json");
|
|
echo json_encode(["ok"=>false, "error"=>"denied or not found"]);
|
|
exit;
|
|
}
|
|
|
|
header("Content-Type: text/plain; charset=utf-8");
|
|
header("X-Ambre-Source: ambre-dump.php doctrine#4 honest");
|
|
header("X-File-Size: " . filesize($real));
|
|
header("X-File-Mtime: " . gmdate("c", filemtime($real)));
|
|
|
|
$fh = fopen($real, "r");
|
|
fseek($fh, $offset);
|
|
echo fread($fh, $length);
|
|
fclose($fh);
|