[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] [18478] allow users to disabled phpinfo() for securit
From: |
Dave Hall |
Subject: |
[Phpgroupware-cvs] [18478] allow users to disabled phpinfo() for security and not get errors |
Date: |
Wed, 06 Feb 2008 03:32:38 +0000 |
Revision: 18478
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=18478
Author: skwashd
Date: 2008-02-06 03:32:38 +0000 (Wed, 06 Feb 2008)
Log Message:
-----------
allow users to disabled phpinfo() for security and not get errors
Modified Paths:
--------------
trunk/admin/inc/class.menu.inc.php
trunk/admin/phpinfo.php
Modified: trunk/admin/inc/class.menu.inc.php
===================================================================
--- trunk/admin/inc/class.menu.inc.php 2008-02-06 03:32:03 UTC (rev 18477)
+++ trunk/admin/inc/class.menu.inc.php 2008-02-06 03:32:38 UTC (rev 18478)
@@ -180,7 +180,7 @@
);
}
- if (! $GLOBALS['phpgw']->acl->check('info_access',
PHPGW_ACL_READ, 'admin'))
+ if (! $GLOBALS['phpgw']->acl->check('info_access',
PHPGW_ACL_READ, 'admin') && function_exists('phpinfo') ) // it is possible to
disable commands in php.ini
{
$menus['admin']['phpinfo'] = array
(
Modified: trunk/admin/phpinfo.php
===================================================================
--- trunk/admin/phpinfo.php 2008-02-06 03:32:03 UTC (rev 18477)
+++ trunk/admin/phpinfo.php 2008-02-06 03:32:38 UTC (rev 18478)
@@ -18,6 +18,29 @@
'nonavbar' => true,
'currentapp' => 'admin'
);
- include('../header.inc.php');
- phpinfo();
-?>
+ include_once('../header.inc.php');
+
+ if ( phpgw::get_var('noheader', 'bool', 'GET') )
+ {
+ $close = lang('close window');
+
+ echo <<<HTML
+ <div style="text-align: center;">
+ <a
href="javascript:window.close();">{$close}</a>
+ </div>
+
+HTML;
+ }
+
+ if ( function_exists('phpinfo') )
+ {
+ phpinfo();
+ }
+ else
+ {
+ $error = lang('phpinfo is not available on this system!');
+ echo <<<HTML
+ <div class="error"><h1>$error</h1><div>
+
+HTML;
+ }
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] [18478] allow users to disabled phpinfo() for security and not get errors,
Dave Hall <=