extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-22 07:53:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

test against files-dir within the document-root of the webserver

Browse Source 
(this would allow uploads of scripts via vfs, and then execute them via the webserver)
This commit is contained in:
Ralf Becker 2003-07-03 00:33:26 +00:00
parent 79a4414e97
commit 62a6e8fd34
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
infolog/inc/class.vfs.inc.php
View File

@ -99,6 +99,19 @@
function vfs ()
{
$this->basedir = $GLOBALS['phpgw_info']['server']['files_dir'];
// test if the files-dir is inside the document-root, and refuse working if so
//
if (strstr($this->basedir,PHPGW_SERVER_ROOT) || strstr($this->basedir,$GLOBALS['HTTP_SERVER_VARS']['DOCUMENT_ROOT']))
{
$GLOBALS['phpgw']->common->phpgw_header();
if ($GLOBALS['phpgw_info']['flags']['noheader'])
{
echo parse_navbar();
}
echo '<p align="center"><font color="red"><b>'.lang('Path to user and group files HAS TO BE OUTSIDE of the webservers document-root!!!')."</b></font></p>\n";
$GLOBALS['phpgw']->common->phpgw_exit();
}
$this->fakebase = "/home";
$this->working_id = $GLOBALS['phpgw_info']['user']['account_id'];
$this->working_lid = $GLOBALS['phpgw']->accounts->id2name($this->working_id);