[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: setup config.php,1.72.2.4,1.72.2.5
From: |
Ralf Becker <address@hidden> |
Subject: |
[Phpgroupware-cvs] CVS: setup config.php,1.72.2.4,1.72.2.5 |
Date: |
Wed, 02 Jul 2003 19:41:58 -0400 |
Update of /cvsroot/phpgroupware/setup
In directory subversions:/tmp/cvs-serv26972
Modified Files:
Tag: Version-0_9_14-branch
config.php
Log Message:
test against files-dir within the document-root of the webserver
(this would allow uploads of scripts via vfs, and then execute them via the
webserver)
Index: config.php
===================================================================
RCS file: /cvsroot/phpgroupware/setup/config.php,v
retrieving revision 1.72.2.4
retrieving revision 1.72.2.5
diff -C2 -r1.72.2.4 -r1.72.2.5
*** config.php 23 Nov 2002 23:54:56 -0000 1.72.2.4
--- config.php 2 Jul 2003 23:41:55 -0000 1.72.2.5
***************
*** 31,34 ****
--- 31,42 ----
}
+ // test if $path lies within the webservers document-root
+ function in_docroot($path)
+ {
+ $ret = strstr($path,PHPGW_SERVER_ROOT) ||
strstr($path,$GLOBALS['HTTP_SERVER_VARS']['DOCUMENT_ROOT']);
+ //echo "<p>in_docroot('$path') = '$ret',
PHPGW_SERVER_ROOT='".PHPGW_SERVER_ROOT."',DOCUMENT_ROOT='".$GLOBALS['HTTP_SERVER_VARS']['DOCUMENT_ROOT']."'</p>\n";
+ return $ret;
+ }
+
$tpl_root = $GLOBALS['phpgw_setup']->setup_tpl_dir('setup');
$setup_tpl = CreateObject('phpgwapi.Template',$tpl_root);
***************
*** 49,60 ****
$GLOBALS['current_config']['hostname'] = $HTTP_HOST;
! if (PHP_OS == 'Windows' || PHP_OS == 'WINNT' || PHP_OS == 'OS/2')
! {
! $GLOBALS['current_config']['files_dir'] =
ereg_replace('\\setup','files',dirname($GLOBALS['PATH_TRANSLATED']));
! }
! else
! {
! $GLOBALS['current_config']['files_dir'] =
ereg_replace('/setup','/files',dirname($SCRIPT_FILENAME));
! }
if (@is_dir('/tmp'))
--- 57,62 ----
$GLOBALS['current_config']['hostname'] = $HTTP_HOST;
! // files-dir is not longer allowed in document root, for security
reasons !!!
! $GLOBALS['current_config']['files_dir'] = '/outside/webserver/docroot';
if (@is_dir('/tmp'))
***************
*** 92,96 ****
}
! if (@$GLOBALS['HTTP_POST_VARS']['submit'] &&
@$GLOBALS['HTTP_POST_VARS']['newsettings'])
{
$GLOBALS['phpgw_setup']->db->transaction_begin();
--- 94,100 ----
}
! $files_in_docroot =
in_docroot($GLOBALS['HTTP_POST_VARS']['newsettings']['files_dir']);
!
! if (@$GLOBALS['HTTP_POST_VARS']['submit'] &&
@$GLOBALS['HTTP_POST_VARS']['newsettings'] && !$files_in_docroot)
{
$GLOBALS['phpgw_setup']->db->transaction_begin();
***************
*** 177,184 ****
$GLOBALS['current_config'][$phpgw_setup->db->f('config_name')]
= $GLOBALS['phpgw_setup']->db->f('config_value');
}
!
! if ($GLOBALS['current_config']['files_dir'] ==
'/path/to/dir/phpgroupware/files')
{
! $GLOBALS['current_config']['files_dir'] =
$GLOBALS['phpgw_info']['server']['server_root'] . '/files';
}
--- 181,194 ----
$GLOBALS['current_config'][$phpgw_setup->db->f('config_name')]
= $GLOBALS['phpgw_setup']->db->f('config_value');
}
!
! // are we here because of an error: files-dir in docroot
! if (is_array($GLOBALS['HTTP_POST_VARS']['newsettings']) &&
$files_in_docroot)
{
! echo '<p align="center"><font color="red"><b>'.lang('Path to
user and group files HAS TO BE OUTSIDE of the webservers
document-root!!!')."</b></font></p>\n";
!
! foreach($GLOBALS['HTTP_POST_VARS']['newsettings'] as $key =>
$val)
! {
! $GLOBALS['current_config'][$key] = $val;
! }
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: setup config.php,1.72.2.4,1.72.2.5,
Ralf Becker <address@hidden> <=