extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-26 16:48:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

added the security check to all vunerable files

Browse Source
This commit is contained in:
seek3r 2000-12-23 09:43:04 +00:00
parent a4292c95b9
commit 73a5ec994a
7 changed files with 29 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
addressbook/preferences.php
View File

@ -10,7 +10,6 @@
\**************************************************************************/
/* $Id$ */
$phpgw_info["flags"] = array("noheader" => True,
"nonavbar" => True,
"currentapp" => "addressbook",

5
phpgwapi/inc/phpgw.inc.php
View File

@ -14,10 +14,11 @@
$d1 = strtolower(substr($phpgw_info["server"]["api_inc"],0,3));
$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp") {
$d3 = strtolower(substr($phpgw_info["server"]["app_inc"],0,3));
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp" || $d3 == "htt" || $d3 == "ftp") {
echo "Failed attempt to break in via an old Security Hole!<br>\n";
exit;
} unset($d1);unset($d2);
} unset($d1);unset($d2);unset($d3);
error_reporting(7);

5
phpgwapi/inc/phpgw_common.inc.php
View File

@ -13,10 +13,11 @@
$d1 = strtolower(substr($phpgw_info["server"]["api_inc"],0,3));
$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp") {
$d3 = strtolower(substr($phpgw_info["server"]["app_inc"],0,3));
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp" || $d3 == "htt" || $d3 == "ftp") {
echo "Failed attempt to break in via an old Security Hole!<br>\n";
exit;
} unset($d1);unset($d2);
} unset($d1);unset($d2);unset($d3);
// Since LDAP will return system accounts, there are a few we don't want to login.
$phpgw_info["server"]["global_denied_users"] = array('root' => True,

5
phpgwapi/inc/phpgw_info.inc.php
View File

@ -14,10 +14,11 @@
$d1 = strtolower(substr($phpgw_info["server"]["api_inc"],0,3));
$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp") {
$d3 = strtolower(substr($phpgw_info["server"]["app_inc"],0,3));
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp" || $d3 == "htt" || $d3 == "ftp") {
echo "Failed attempt to break in via an old Security Hole!<br>\n";
exit;
} unset($d1);unset($d2);
} unset($d1);unset($d2);unset($d3);
magic_quotes_runtime(false);

7
setup/inc/functions.inc.php
View File

@ -10,6 +10,13 @@
\**************************************************************************/
/* $Id$ */
$d1 = strtolower(substr($phpgw_info["server"]["api_inc"],0,3));
$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
$d3 = strtolower(substr($phpgw_info["server"]["app_inc"],0,3));
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp" || $d3 == "htt" || $d3 == "ftp") {
echo "Failed attempt to break in via an old Security Hole!<br>\n";
exit;
} unset($d1);unset($d2);unset($d3);
// Include to check user authorization against the
// password in ../header.inc.php to protect all of the setup

7
setup/sql/common_default_records.inc.php
View File

@ -11,6 +11,13 @@
/* $Id$ */
$d1 = strtolower(substr($phpgw_info["server"]["include_root"],0,3));
$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp") {
echo "Failed attempt to break in via an old Security Hole!<br>\n";
exit;
} unset($d1);unset($d2);
function add_default_server_config(){
global $db, $phpgw_info, $currentver;
$db->query("insert into config (config_name, config_value) values ('template_set', 'default')");

6
setup/sql/common_main.inc.php
View File

@ -11,6 +11,12 @@
/* $Id$ */
$d1 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
if($d1 == "htt" || $d1 == "ftp" ) {
echo "Failed attempt to break in via an old Security Hole!<br>\n";
exit;
} unset($d1);
function update_version_table($tableschanged = True){
global $currentver, $phpgw_info, $db, $tablechanges;
if ($tableschanged == True){$tablechanges = True;}