phpgroupware-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-cvs] [18478] allow users to disabled phpinfo() for securit

From: Dave Hall
Subject: [Phpgroupware-cvs] [18478] allow users to disabled phpinfo() for security and not get errors
Date: Wed, 06 Feb 2008 03:32:38 +0000 
Revision: 18478
          
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=18478
Author:   skwashd
Date:     2008-02-06 03:32:38 +0000 (Wed, 06 Feb 2008)

Log Message:
-----------
allow users to disabled phpinfo() for security and not get errors

Modified Paths:
--------------
    trunk/admin/inc/class.menu.inc.php
    trunk/admin/phpinfo.php

Modified: trunk/admin/inc/class.menu.inc.php
===================================================================
--- trunk/admin/inc/class.menu.inc.php  2008-02-06 03:32:03 UTC (rev 18477)
+++ trunk/admin/inc/class.menu.inc.php  2008-02-06 03:32:38 UTC (rev 18478)
@@ -180,7 +180,7 @@
                                );
                        }
 
-                       if (! $GLOBALS['phpgw']->acl->check('info_access', 
PHPGW_ACL_READ, 'admin'))
+                       if (! $GLOBALS['phpgw']->acl->check('info_access', 
PHPGW_ACL_READ, 'admin') && function_exists('phpinfo') ) // it is possible to 
disable commands in php.ini
                        {
                                $menus['admin']['phpinfo'] = array
                                (

Modified: trunk/admin/phpinfo.php
===================================================================
--- trunk/admin/phpinfo.php     2008-02-06 03:32:03 UTC (rev 18477)
+++ trunk/admin/phpinfo.php     2008-02-06 03:32:38 UTC (rev 18478)
@@ -18,6 +18,29 @@
                'nonavbar'              => true,
                'currentapp'    => 'admin'
        );
-       include('../header.inc.php');
-       phpinfo();
-?>
+       include_once('../header.inc.php');
+ 
+       if ( phpgw::get_var('noheader', 'bool', 'GET') )
+       {
+               $close = lang('close window');
+ 
+               echo <<<HTML
+                       <div style="text-align: center;">
+                               <a 
href="javascript:window.close();">{$close}</a>
+                       </div>
+ 
+HTML;
+       }
+ 
+       if ( function_exists('phpinfo') )
+       {
+               phpinfo();
+       }
+       else
+       {
+               $error = lang('phpinfo is not available on this system!');
+               echo <<<HTML
+                       <div class="error"><h1>$error</h1><div>
+ 
+HTML;
+       }
reply via email to
[Prev in Thread] Current Thread [Next in Thread]