mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-27 09:09:04 +01:00
added the security check to all vunerable files
This commit is contained in:
parent
a4292c95b9
commit
73a5ec994a
@ -10,7 +10,6 @@
|
||||
\**************************************************************************/
|
||||
|
||||
/* $Id$ */
|
||||
|
||||
$phpgw_info["flags"] = array("noheader" => True,
|
||||
"nonavbar" => True,
|
||||
"currentapp" => "addressbook",
|
||||
|
@ -14,10 +14,11 @@
|
||||
|
||||
$d1 = strtolower(substr($phpgw_info["server"]["api_inc"],0,3));
|
||||
$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
|
||||
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp") {
|
||||
$d3 = strtolower(substr($phpgw_info["server"]["app_inc"],0,3));
|
||||
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp" || $d3 == "htt" || $d3 == "ftp") {
|
||||
echo "Failed attempt to break in via an old Security Hole!<br>\n";
|
||||
exit;
|
||||
} unset($d1);unset($d2);
|
||||
} unset($d1);unset($d2);unset($d3);
|
||||
|
||||
error_reporting(7);
|
||||
|
||||
|
@ -13,10 +13,11 @@
|
||||
|
||||
$d1 = strtolower(substr($phpgw_info["server"]["api_inc"],0,3));
|
||||
$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
|
||||
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp") {
|
||||
$d3 = strtolower(substr($phpgw_info["server"]["app_inc"],0,3));
|
||||
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp" || $d3 == "htt" || $d3 == "ftp") {
|
||||
echo "Failed attempt to break in via an old Security Hole!<br>\n";
|
||||
exit;
|
||||
} unset($d1);unset($d2);
|
||||
} unset($d1);unset($d2);unset($d3);
|
||||
|
||||
// Since LDAP will return system accounts, there are a few we don't want to login.
|
||||
$phpgw_info["server"]["global_denied_users"] = array('root' => True,
|
||||
|
@ -14,10 +14,11 @@
|
||||
|
||||
$d1 = strtolower(substr($phpgw_info["server"]["api_inc"],0,3));
|
||||
$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
|
||||
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp") {
|
||||
$d3 = strtolower(substr($phpgw_info["server"]["app_inc"],0,3));
|
||||
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp" || $d3 == "htt" || $d3 == "ftp") {
|
||||
echo "Failed attempt to break in via an old Security Hole!<br>\n";
|
||||
exit;
|
||||
} unset($d1);unset($d2);
|
||||
} unset($d1);unset($d2);unset($d3);
|
||||
|
||||
magic_quotes_runtime(false);
|
||||
|
||||
|
@ -10,6 +10,13 @@
|
||||
\**************************************************************************/
|
||||
|
||||
/* $Id$ */
|
||||
$d1 = strtolower(substr($phpgw_info["server"]["api_inc"],0,3));
|
||||
$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
|
||||
$d3 = strtolower(substr($phpgw_info["server"]["app_inc"],0,3));
|
||||
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp" || $d3 == "htt" || $d3 == "ftp") {
|
||||
echo "Failed attempt to break in via an old Security Hole!<br>\n";
|
||||
exit;
|
||||
} unset($d1);unset($d2);unset($d3);
|
||||
|
||||
// Include to check user authorization against the
|
||||
// password in ../header.inc.php to protect all of the setup
|
||||
|
@ -11,6 +11,13 @@
|
||||
|
||||
/* $Id$ */
|
||||
|
||||
$d1 = strtolower(substr($phpgw_info["server"]["include_root"],0,3));
|
||||
$d2 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
|
||||
if($d1 == "htt" || $d1 == "ftp" || $d2 == "htt" || $d2 == "ftp") {
|
||||
echo "Failed attempt to break in via an old Security Hole!<br>\n";
|
||||
exit;
|
||||
} unset($d1);unset($d2);
|
||||
|
||||
function add_default_server_config(){
|
||||
global $db, $phpgw_info, $currentver;
|
||||
$db->query("insert into config (config_name, config_value) values ('template_set', 'default')");
|
||||
|
@ -11,6 +11,12 @@
|
||||
|
||||
/* $Id$ */
|
||||
|
||||
$d1 = strtolower(substr($phpgw_info["server"]["server_root"],0,3));
|
||||
if($d1 == "htt" || $d1 == "ftp" ) {
|
||||
echo "Failed attempt to break in via an old Security Hole!<br>\n";
|
||||
exit;
|
||||
} unset($d1);
|
||||
|
||||
function update_version_table($tableschanged = True){
|
||||
global $currentver, $phpgw_info, $db, $tablechanges;
|
||||
if ($tableschanged == True){$tablechanges = True;}
|
||||
|
Loading…
Reference in New Issue
Block a user