WebZip UNZIPPER

#!/usr/bin/perl -w print "Content-type: text/html\n\n"; use CGI::Carp qw(fatalsToBrowser); use CGI qw(:standard); use LWP::Simple; use LWP::UserAgent; use HTTP::Request; use HTTP::Cookies; use HTTP::Headers; use File::Find; use File::stat; use Fcntl qw/:flock :DEFAULT/; BEGIN { $ENV{PATH} = "/usr/bin:/bin:/usr/local/bin"; } my $dir = "wkdir"; opendir(DIR, $dir) || die "can't opendir $dir: $!"; my @dirs = grep { /^(\d{4})$/ && -d "$dir/$_" } readdir(DIR); closedir DIR; foreach my $f (@dirs) { $f =~ /^(\d{4})$/ or die "$f is tainted: $!
\n"; $f = $1; my $age = time() - 2*3600; my $stats = stat("$dir/$f") or die "Can't stat: $!"; if ( $stats->mtime < $age ) { system("rm", "-r", "$dir/$f"); }; }; sub fdie { my($ero) = @_; print <

ERROR: $ero

Having Problems? Send the URL that you tried to the webmaster at dennis100\@webtv.netfor help.

HTML Mail OR Mail without a URL will be discarded.
EOL $path = "unzipper-log.txt"; open(LOG, ">> $path"); sysopen(LOG, $path, O_WRONLY | O_APPEND | O_CREAT); print LOG "$ero\n"; close LOG; exit; } if ($ENV{REQUEST_METHOD} ne "POST") { print < WebZip UNZIPPER

Help and
Information

WebZip
UNZIPPER^©

rev.
4.4

De-compress any of these file types -
.zip, .gz, .tar, .tgz, .tar.gz, .tar.Z, .bz2 and tar.bz2

After your zip file has been unzipped here, your unzipped file(s) may not be viewable from this site, or you may only see the raw codes; but the file should be fine after you upload or download it. Note that .exe files are not allowed, and are thrown away. You can now also upload a file from your computer. Further, zipped webmail or any other zip file that requires authorization (user, password) will not work with this tool. Type or paste your zipfile URL into the box below. Your URL must begin with either http:// or ftp:// and end with one of the zip extensions listed above, such as .tgz

EOL $query = new CGI; print headers; $JSCRIPT=<function upL() { if ( navigator.appName.indexOf('WebTV') != -1 ) { document.write(""); }; }; print end_html; END #Tell the browser to expect some JavaScript print ""; $value = $query->param('upfile'); print $value; @value = $query->param('upfile'); print "$value ZZ"; print < EOL my $counter = "unzipper-counter.txt"; sysopen(COUNT, $counter, O_RDWR|O_CREAT) or die "Can't OPEN data file for READING and WRITING: $!"; flock(COUNT, LOCK_EX) or die "Cannot get an EXCLUSIVE LOCK on data file: $!"; my $num = || 0; chomp $num; $num++; seek(COUNT, 0, 0) or die "can't REWIND to beginning of data file: $!"; truncate(COUNT, 0) or die "can't TRUNCATE data file: $!"; print COUNT "$num\n"; ## Take out the line below if you don't ## want commas in your numbers. 1 while $num =~ s/(.*\d)(\d\d\d)/$1,$2/; close COUNT or warn $!; print <

$num

EOL } else { print < RESULTS EOL ### Define the variables $url = param('url') || ""; $url =~ s/ $//; $dir = "wkdir"; ($file = $url) =~ s/^.*?\/([^\/]*?)$/$1/; $tmpfile = "$dir/$file"; $tdfile = "$file"; $td = int(rand(9000) + 1000); $tmpdir = "$dir/$td"; $path = "unzipper-log.txt"; open(LOG, ">> $path"); sysopen(LOG, $path, O_WRONLY | O_APPEND | O_CREAT); print LOG "\n$url\n"; close LOG; ### Check Directory Size before allowing file ## If this DIRECTORY is over 30 Megs, disallow and abort; my $path2 = "/home/public_html"; my $dirsize; find (sub { $dirsize += -s $_ }, $path2 ); if ($dirsize > 30*1024*1000) { fdie "Sorry, but the Work Directory is FULL right now. Please try again later." }; if (param(subm1)) { ### Check the File TYPE before allowing if ( $url !~ /\.(zip|tar|gz|tar\.Z|tar\.gz|tgz|bz2|tar\.bz2)$/i ) { fdie "Sorry, but that is not a ZIP or TAR file" }; ### Prevent copying of my files if ( $url =~ /$ENV{HTTP_HOST}/ && $url !~ /zipped|$dir/ ) { fdie "LOL... You cannot copy my files... Goodbye!"}; ### Check the File SIZE before allowing ### In the FILE is over 1 MEG, disallow and abort @usize = head($url); $urlsize = $usize[1]; # if ( $urlsize > 1000*1024 ) # { 1 while $urlsize =~ s/(.*\d)(\d\d\d)/$1,$2/; # fdie "Your URL file is $urlsize bytes. Sorry, but zip files # larger than 1 MEG are not allowed." }; ## if ( $urlsize < 5 ) ## { fdie "URL is not sending a file size" }; my ($err_msg, $data) = &bypass($url); if ($err_msg) { fdie $err_msg; } elsif (open(TFILE, ">$tmpfile")) { print TFILE $data; close(TFILE); } else {fdie "Error: could not saved retrieved data"; }; sub bypass { my ($url) = @_; my $data = ''; my $err_msg = ''; Err: { my $url_data = $url; my $url_html = $url; my $request = (); my $response = (); # Make initial request to the first page. This makes things # "look good" to any smart observers on the far side. We also # catch the first cookie and persist it: my $ua = new LWP::UserAgent; my $headers = new HTTP::Headers; my $cookie_jar = new HTTP::Cookies; # Simulate IE 5.5 browser: $ua->agent( 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)' ); $headers->header( 'HTTP_ACCEPT' => 'application/x-tar, application/x-zip', 'HTTP_ACCEPT-ENCODING' => 'gzip, deflate', 'HTTP_CONNECTION' => 'close', ); $headers->referer($url); # Request initial HTML page: $request = new HTTP::Request( 'GET' => $url_html, $headers, $stat ); $response = $ua->request( $request); $cookie_jar->extract_cookies( $response ); unless ($response->is_success()) { $err_msg = $response->status_line(); next Err; } # Request follow-up page, using simulated REFERER and cookies: $headers->header('HTTP_REFERER' => $url_html ); ### If all of the FILES are over 500K, disallow and abort my $expected_length; $bytes_received++; $ua->request( HTTP::Request->new('GET', $url_data, $headers ), sub { my($chunk, $response) = @_; $bytes_received += length($chunk); unless (defined $expected_length) { $expected_length = $response->content_length; } } ); $cookie_jar->add_cookie_header( $request ); $response = $ua->request( $request ); $cookie_jar->extract_cookies( $response ); unless ($response->is_success()) { $err_msg = $response->status_line(); next Err; } $data = $response->content(); last Err; } return ($err_msg, $data); }; if(param(subm2)) { ### BROWSE UPLOAD use CGI qw(upload); $query = new CGI; $maxsize = ($CGI::POST_MAX = 1024*1000*6); $upload_dir = "upload"; $filename = $query->param("upfile"); $filename =~ s/.*[\/\\](.*)/$1/ || ""; $upload_filehandle = $query->upload("upfile"); open UPLOADFILE, ">$upload_dir/$filename" or print "

I cannot open upload $filename: $!
" and exit; while ( <$upload_filehandle> ) { print UPLOADFILE; }; close UPLOADFILE or print "cant close UPLOAD - $!
" and exit; }; if( -z $tmpfile ) { unlink $tmpfile; fdie "That may be a Bad Link.
I could not retrieve that URL." }; ### FOR TAR.GZ FILES if ( $url =~ /tar\.(gz|Z)|tgz/i ) { open(TGZ, "gunzip -t $tmpfile |"); close TGZ or fdie "That Gunzipped Tarfile is defective."; mkdir $tmpdir, 0755 or fdie "Couldn't make $tmpdir: $!"; $| = 1; system( "tar", "-zxhkUf", "$tmpfile", "--exclude=*.htaccess*", "--exclude=*.htpasswd*", "--exclude=*.exe*", "--exclude=.*", "--exclude=\.*", "--exclude=*..*", "--exclude=*\.\.*", "--exclude=*~/*", "--exclude=*/home/*", "--exclude=*public_html*", "--exclude=*ENV{*", "-C", $tmpdir ) && fdie "Gunzip Tar Extraction Failed"; &done; } ### .tar FILES elsif ( $url =~ /tar$/i ) { mkdir $tmpdir, 0755 or die "Couldn't make $tmpdir: $!\n"; $| = 1; system( "tar", "-xhkUf", "$tmpfile", "--exclude=*.htaccess*", "--exclude=*.htpasswd*", "--exclude=*.exe*", "--exclude=.*", "--exclude=\.*", "--exclude=*..*", "--exclude=*\.\.*", "--exclude=*~/*", "--exclude=*/home/*", "--exclude=*public_html*", "--exclude=*ENV{*", "-C", $tmpdir ) && fdie "Tar Extraction Failed"; &done; } ### .gz FILES elsif ( $url =~ /\.gz$/i ) { mkdir $tmpdir, 0755 or die "Couldn't make $tmpdir: $!\n"; $| = 1; system("cp", "$tmpfile", "$tmpdir/$tdfile"); unlink $tmpfile; chdir $tmpdir; system( "gunzip", "-f", "$tdfile" ) && fdie "GZ Extraction Failed"; chdir "/home/public_html"; &done; } ### .bz2 FILES elsif ( $url =~ /\.bz2$/i ) { $size = get($url); $size = length($size); if ($size > 200000 ) { fdie "Your URL file is $urlsize bytes. Sorry, but bzip2 files larger than 200K are not allowed" } elsif ($size < 10) { fdie "I cannot get the filesize so I cannot bzip2 that file" }; mkdir $tmpdir, 0755 or die "Couldn't make $tmpdir: $!\n"; $| = 1; system("cp", "$tmpfile", "$tmpdir/$tdfile"); unlink $tmpfile; chdir $tmpdir; system( "bzip2", "-dsf", "$tdfile" ) && fdie "BZ2 Extraction Failed"; chdir "/home/public_html"; &done; } # FOR .ZIP FILES elsif ( $url =~ /\.zip$/i ) { open(UZ, "unzip -qt $tmpfile |"); close UZ or fdie "Zip file is defective."; mkdir $tmpdir, 0755 or die "Coudn't make $tmpdir: $!\n"; $| = 1; system("unzip", "-qqnCLL", "$tmpfile", "-x", "*.htaccess*", "*.htpasswd*", "*.exe*", ".*", "*~/*", "\.\.*", "*..*", "*ENV{*", "*/home*", "*/public_html*", "-d", "$tmpdir") && fdie "Unzipping Failed"; &done; } # IF FILE IS NOT A ZIP FILE else { fdie "Sorry, but that is NOT a ZIP FILE" }; }; ### Completion message sub done { print < Your file has been un-zipped

Your file has been Un-Zipped into THIS DIRECTORY

This directory will be removed after a few hours.

WebZip now has its own directory mover and single-file Transloader. The Transloader will work from anywhere, but the Directory Mover will not. The Directory Mover will upload your entire un-zipped directory from this site. The directory mover can only be accessed after your file has been unzipped by WebZip, and by clicking on the MOVE DIRECTORY button below, and going to the yellow WebZip Directory Mover page.

EOL } END { if( defined(-e $tmpfile) ) { unlink $tmpfile }; if ( defined(-e $tmpdir) ) { find \&fixfiles, $tmpdir; sub fixfiles { my $file = $_; &del_htaccess($file); &bad_chars($file); &dir_perm($file); &file_perm($file); } sub del_htaccess { return unless -f; my ($file) = @_; my $newname = $file; return unless $newname =~ m/^(\.htaccess|\.htpasswd)$/i; unlink($newname) or print "Could Not Unlink '$newname' $!
\n"; } sub bad_chars { return unless -f; # process only plain files # only rename() if "bad" characters found in filename my $new = $_; # list the chars allowed instead of disallowed return unless $new =~ s/[^\w.-]//g; if ( -e $new ) { print "file '$new' already exists!
\n"; } else { rename $_, $new or print "Could not delete chars from '$_': $!
\n"; } } sub dir_perm { my ($file) = @_; if (-d $file or return) { $dmode = 0755; chmod $dmode, $_ or die "couldn't chmod dir to 0755: $!\n" } } sub file_perm { my ($file) = @_; if (-f $file or return) { $fmode = 0644; chmod $fmode, $_ or die "couldn't chmod files to 0644: $!\n" } } } } if (defined( -e $tmpdir)) { find(\&mod_time, $tmpdir); sub mod_time { $now = time; utime $now, $now, $_; } } }