I guess I just wrote a PHP blogging engine that serves up articles written in markdown.
I really didn't mean to, it just kind of happened.
If only there was some public code repository website I could upload this great code to, in order to share it with the world, something linked to a version control system, 'good code hub', 'great hub' 'git your code here lab' or something like that.
Oh well, since after hours of research it seems that doesn't exist, I'll just copy and paste here.
Here's the code, so feel free to poke around and find lots of juicy security holes. Bonus points for using the holes to gain root access to this server, then using that access to both fix the holes and update this blog to indicate the holes have been fixed.
<?php
function has_extension($filename, $extension) {
return pathinfo($filename, PATHINFO_EXTENSION) === $extension;
}
function remove_file_extension($filename) {
$last_dot_position = strrpos($filename, '.');
if ($last_dot_position !== false) {
return substr($filename, 0, $last_dot_position);
} else {
return $filename;
}
}
function get_date_updated($filePath) {
$fileCreationTime = filectime($filePath);
return date('Y-m-d H:i:s', $fileCreationTime);
}
function safe_path($path, $allowedSubdirectory) { /* <--- added by a kindly hacker */
$path = trim($path, '/');
if (strpos($path, '../') !== false || strpos($path, './') !== false || strpos($path, '..\\') !== false || strpos($path, '.\\') !== false) {
return false;
}
if (strpos($path, $allowedSubdirectory) !== 0) {
return false;
}
if (!is_file($path)) {
return false;
}
return true;
}
?>credits go to Google Gemini for concocting the above helper functions I was too lazy to write myself
<?php
require_once('lib.php');
?>
<html>
<head>
<link rel="stylesheet" href="style.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap">
</head>
<body>
<h1># HackAnd.Click</h1>
<i>*Bringing Software Engineering into disrepute one line of code at a time*</i>
<ul>
<?php
$files = [];
$dir = 'articles';
if ($d = opendir($dir)) {
while (($file = readdir($d)) !== false) {
if ($file != '.' && $file != '..' && has_extension($file, 'md')) {
if (is_file("$dir/$file")) {
$files[] = $file;
}
}
}
closedir($d);
}
usort($files, function($a, $b) use ($dir) {
return filemtime("$dir/$a") - filemtime("$dir/$b");
});
foreach ($files as $file) {
$desc = remove_file_extension($file);
$desc = ucwords($desc);
echo "<li><a href='parse.php?filename=".urlencode("$dir/$file")."'>$desc</a></li>\n";
}
?>
</ul>
<small><i>copyright whatever my name is, I can't quite remember and whatever year it is now, I lose count<br>you can freely copy or distribute this material, so long as you pick up one item of litter from the street each time you do so</i></small>
</body>
</html><?php
require_once('lib.php');
require_once('Parsedown.php');
?>
<html>
<head>
<link rel="stylesheet" href="style.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/default.min.css">
<link rel="stylesheet" href="dracula.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
</head>
<body>
<a style="font-size:2em" href="/">👈</a><br>
<?php
$filename = $_GET['filename'];
if (safe_path($filename, 'articles')) { /* <--- added by a kindly hacker */
$when = get_date_updated($filename);
$text = file_get_contents($filename);
$file = basename($filename);
$title = remove_file_extension($file);
$title = ucwords($title);
echo "<h1>$title</h1>";
$Parsedown = new Parsedown();
$html = $Parsedown->text($text);
echo $html;
echo "<p><i>This file was updated at $when</i></p>";
}
?>
<script>hljs.highlightAll();</script>
</body>
</html>To save me having to do any actual hard work, thankfully I came across a neat little PHP library that parses markdown.
And syntax highlighting is provided by highlight.js with the theme dracula.
This file was updated at 2025-03-01 19:15:47