egroupware/setup/inc/functions.inc.php

<?php
  /**************************************************************************\
  * phpGroupWare - Setup                                                     *
  * http://www.phpgroupware.org                                              *
  * --------------------------------------------                             *
  *  This program is free software; you can redistribute it and/or modify it *
  *  under the terms of the GNU General Public License as published by the   *
  *  Free Software Foundation; either version 2 of the License, or (at your  *
  *  option) any later version.                                              *
  \**************************************************************************/

  /* $Id$ */

  /* ######## Start security check ########## */
  $d1 = strtolower(substr($phpgw_info["server"]["api_inc"],0,3));
  $d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
  $d3 = strtolower(substr($phpgw_info["server"]["app_inc"],0,3));
  if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp" || $d3 == "htt" || $d3 == "ftp") {
    echo "Failed attempt to break in via an old Security Hole!<br>\n";
    exit;
  } unset($d1);unset($d2);unset($d3);
  /* ######## End security check ########## */

  // Include to check user authorization against  the 
  // password in ../header.inc.php to protect all of the setup
  // pages from unauthorized use.

  if(file_exists("../version.inc.php")) {
    include("../version.inc.php");  // To set the current core version
  }else{
    $phpgw_info["server"]["versions"]["phpgwapi"] = "Undetected";
  }

  $phpgw_info["server"]["app_images"] = "templates/default/images";

  if(file_exists("../header.inc.php")) { include("../header.inc.php"); }

  include("./inc/phpgw_setup.inc.php");
//  include("./inc/phpgw_schema_proc.inc.php");
  $phpgw_setup = new phpgw_setup;
?>
moving new setup program into place. Its not done yet, but Im moving as fast as I can 2000-11-30 22:25:14 +01:00			`<?php`
			`/**************************************************************************\`
			`* phpGroupWare - Setup *`
			`* http://www.phpgroupware.org *`
			`* -------------------------------------------- *`
			`* This program is free software; you can redistribute it and/or modify it *`
			`* under the terms of the GNU General Public License as published by the *`
			`* Free Software Foundation; either version 2 of the License, or (at your *`
			`* option) any later version. *`
			`\**************************************************************************/`

			`/* $Id$ */`
commiting code so that jengo can merge in some other changes 2000-12-27 10:05:13 +01:00
			`/* ######## Start security check ########## */`
added the security check to all vunerable files 2000-12-23 10:43:04 +01:00			`$d1 = strtolower(substr($phpgw_info["server"]["api_inc"],0,3));`
			`$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));`
			`$d3 = strtolower(substr($phpgw_info["server"]["app_inc"],0,3));`
			`if($d1 == "htt" \|\| $d1 == "ftp" \|\| $d2 == "htt" \|\| $d2 == "ftp" \|\| $d3 == "htt" \|\| $d3 == "ftp") {`
			`echo "Failed attempt to break in via an old Security Hole!<br>\n";`
			`exit;`
			`} unset($d1);unset($d2);unset($d3);`
commiting code so that jengo can merge in some other changes 2000-12-27 10:05:13 +01:00			`/* ######## End security check ########## */`
moving new setup program into place. Its not done yet, but Im moving as fast as I can 2000-11-30 22:25:14 +01:00
			`// Include to check user authorization against the`
			`// password in ../header.inc.php to protect all of the setup`
			`// pages from unauthorized use.`

code clean up, hopefully this should help clean up the problems jengo is having with php 3.0.16 2000-12-31 10:50:16 +01:00			`if(file_exists("../version.inc.php")) {`
moving new setup program into place. Its not done yet, but Im moving as fast as I can 2000-11-30 22:25:14 +01:00			`include("../version.inc.php"); // To set the current core version`
			`}else{`
changed the format for the version flags so that each app can have their own app version dumped into the new array 2000-12-21 21:43:26 +01:00			`$phpgw_info["server"]["versions"]["phpgwapi"] = "Undetected";`
moving new setup program into place. Its not done yet, but Im moving as fast as I can 2000-11-30 22:25:14 +01:00			`}`

working on new setup prog that will allow add-on apps to take advantage of it 2000-12-19 23:40:54 +01:00			`$phpgw_info["server"]["app_images"] = "templates/default/images";`

fixed jengos problems 2001-01-02 09:15:12 +01:00			`if(file_exists("../header.inc.php")) { include("../header.inc.php"); }`
fixed jengos problems 2001-01-02 09:11:00 +01:00
commiting code so that jengo can merge in some other changes 2000-12-27 10:05:13 +01:00			`include("./inc/phpgw_setup.inc.php");`
disabled schema_proc for now 2001-01-04 21:32:09 +01:00			`// include("./inc/phpgw_schema_proc.inc.php");`
commiting code so that jengo can merge in some other changes 2000-12-27 10:05:13 +01:00			`$phpgw_setup = new phpgw_setup;`
			`?>`