[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: phpgwapi/inc class.vfs_sql.inc.php,1.15.2.6.2.1
From: |
Ralf Becker <address@hidden> |
Subject: |
[Phpgroupware-cvs] CVS: phpgwapi/inc class.vfs_sql.inc.php,1.15.2.6.2.1,1.15.2.6.2.2 |
Date: |
Wed, 02 Jul 2003 20:33:01 -0400 |
Update of /cvsroot/phpgroupware/phpgwapi/inc
In directory subversions:/tmp/cvs-serv9441
Modified Files:
Tag: Version-0_9_16-branch
class.vfs_sql.inc.php
Log Message:
test against files-dir within the document-root of the webserver
(this would allow uploads of scripts via vfs, and then execute them via the
webserver)
Index: class.vfs_sql.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgwapi/inc/class.vfs_sql.inc.php,v
retrieving revision 1.15.2.6.2.1
retrieving revision 1.15.2.6.2.2
diff -C2 -r1.15.2.6.2.1 -r1.15.2.6.2.2
*** class.vfs_sql.inc.php 27 Mar 2003 00:07:08 -0000 1.15.2.6.2.1
--- class.vfs_sql.inc.php 3 Jul 2003 00:32:58 -0000 1.15.2.6.2.2
***************
*** 82,85 ****
--- 82,97 ----
}
+ // test if the files-dir is inside the document-root,
and refuse working if so
+ //
+ if ($this->file_actions &&
(strstr($this->basedir,PHPGW_SERVER_ROOT) ||
strstr($this->basedir,$GLOBALS['HTTP_SERVER_VARS']['DOCUMENT_ROOT'])))
+ {
+ $GLOBALS['phpgw']->common->phpgw_header();
+ if
($GLOBALS['phpgw_info']['flags']['noheader'])
+ {
+ echo parse_navbar();
+ }
+ echo '<p align="center"><font
color="red"><b>'.lang('Path to user and group files HAS TO BE OUTSIDE of the
webservers document-root!!!')."</b></font></p>\n";
+ $GLOBALS['phpgw']->common->phpgw_exit();
+ }
/*
These are stored in the MIME-type field and should
normally be ignored.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: phpgwapi/inc class.vfs_sql.inc.php,1.15.2.6.2.1,1.15.2.6.2.2,
Ralf Becker <address@hidden> <=
- Prev by Date:
[Phpgroupware-cvs] CVS: infolog/inc class.vfs.inc.php,1.7,1.8
- Next by Date:
[Phpgroupware-cvs] CVS: phpgwapi/setup setup.inc.php,1.37.2.7,1.37.2.8 tables_update.inc.php,1.53.2.10,1.53.2.11
- Previous by thread:
[Phpgroupware-cvs] CVS: infolog/inc class.vfs.inc.php,1.7,1.8
- Next by thread:
[Phpgroupware-cvs] CVS: phpgwapi/setup setup.inc.php,1.37.2.7,1.37.2.8 tables_update.inc.php,1.53.2.10,1.53.2.11
- Index(es):