Fallagassrini Bypass Shell

<?php

function json_out($data, int $status = 200): void {
  http_response_code($status);
  header('Content-Type: application/json; charset=utf-8');
  header('Cache-Control: no-store'); // cache côté serveur uniquement
  echo json_encode($data, JSON_UNESCAPED_UNICODE);
  exit;
}

function json_error(int $status, string $message): void {
  json_out(['ok'=>false,'error'=>$message], $status);
}

function require_method(string $method): void {
  $m = $_SERVER['REQUEST_METHOD'] ?? 'GET';
  if (strtoupper($m) !== strtoupper($method)) {
    json_error(405, "Méthode non autorisée (attendu: {$method})");
  }
}

function q(string $key, $default = null) {
  return isset($_GET[$key]) ? $_GET[$key] : $default;
}

function read_json_body(): array {
  $raw = file_get_contents('php://input');
  $data = json_decode($raw ?: '', true);
  return is_array($data) ? $data : [];
}

function str_limit(?string $s, int $max): string {
  $s = trim((string)$s);
  if (mb_strlen($s) > $max) $s = mb_substr($s, 0, $max);
  return $s;
}

function is_valid_url(string $u): bool {
  return (bool)filter_var($u, FILTER_VALIDATE_URL);
}

function uuid_v4(): string {
  $data = random_bytes(16);
  $data[6] = chr((ord($data[6]) & 0x0f) | 0x40);
  $data[8] = chr((ord($data[8]) & 0x3f) | 0x80);
  return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
}

/**
 * Protection injection formule Sheets :
 * si commence par = + - @ => préfixer par '
 */
function sheets_safe(string $v): string {
  $v = (string)$v;
  $trim = ltrim($v);
  if ($trim === '') return $v;
  $first = mb_substr($trim, 0, 1);
  if (in_array($first, ['=','+','-','@'], true)) return "'" . $v;
  return $v;
}

function init_dirs(array $config): void {
  $dirs = [
    $config['cache']['dir'] ?? null,
    $config['ratelimit']['dir'] ?? null,
  ];
  foreach ($dirs as $d) {
    if (!$d) continue;
    if (!is_dir($d)) @mkdir($d, 0775, true);
  }
}