[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: setup config.php,1.78.2.1,1.78.2.2
From: |
Ralf Becker <address@hidden> |
Subject: |
[Phpgroupware-cvs] CVS: setup config.php,1.78.2.1,1.78.2.2 |
Date: |
Wed, 02 Jul 2003 19:57:53 -0400 |
Update of /cvsroot/phpgroupware/setup
In directory subversions:/tmp/cvs-serv28240
Modified Files:
Tag: Version-0_9_16-branch
config.php
Log Message:
test against files-dir within the document-root of the webserver
(this would allow uploads of scripts via vfs, and then execute them via the
webserver)
Index: config.php
===================================================================
RCS file: /cvsroot/phpgroupware/setup/config.php,v
retrieving revision 1.78.2.1
retrieving revision 1.78.2.2
diff -C2 -r1.78.2.1 -r1.78.2.2
*** config.php 28 May 2003 02:20:04 -0000 1.78.2.1
--- config.php 2 Jul 2003 23:57:51 -0000 1.78.2.2
***************
*** 33,36 ****
--- 33,45 ----
$tpl_root = $GLOBALS['phpgw_setup']->html->setup_tpl_dir('setup');
$setup_tpl = CreateObject('setup.Template',$tpl_root);
+
+ // test if $path lies within the webservers document-root
+ function in_docroot($path)
+ {
+ $ret = strstr($path,PHPGW_SERVER_ROOT) ||
strstr($path,$GLOBALS['HTTP_SERVER_VARS']['DOCUMENT_ROOT']);
+ //echo "<p>in_docroot('$path') = '$ret',
PHPGW_SERVER_ROOT='".PHPGW_SERVER_ROOT."',DOCUMENT_ROOT='".$GLOBALS['HTTP_SERVER_VARS']['DOCUMENT_ROOT']."'</p>\n";
+ return $ret;
+ }
+
$setup_tpl->set_file(array(
'T_head' => 'head.tpl',
***************
*** 48,52 ****
/* Guessing default values. */
$GLOBALS['current_config']['hostname'] = $_SERVER['HTTP_HOST'];
! $GLOBALS['current_config']['files_dir'] =
ereg_replace('/setup','/files',dirname($SCRIPT_FILENAME));
if(@is_dir('/tmp'))
{
--- 57,63 ----
/* Guessing default values. */
$GLOBALS['current_config']['hostname'] = $_SERVER['HTTP_HOST'];
! // files-dir is not longer allowed in document root, for security
reasons !!!
! $GLOBALS['current_config']['files_dir'] = '/outside/webserver/docroot';
!
if(@is_dir('/tmp'))
{
***************
*** 76,80 ****
$newsettings = get_var('newsettings',Array('POST'));
! if(@get_var('submit',Array('POST')) && @$newsettings)
{
$datetime = CreateObject('phpgwapi.datetime');
--- 87,93 ----
$newsettings = get_var('newsettings',Array('POST'));
! $files_in_docroot =
in_docroot($GLOBALS['HTTP_POST_VARS']['newsettings']['files_dir']);
!
! if(@get_var('submit',Array('POST')) && @$newsettings &&
!$files_in_docroot)
{
$datetime = CreateObject('phpgwapi.datetime');
***************
*** 152,159 ****
$GLOBALS['current_config'][$GLOBALS['phpgw_setup']->db->f('config_name')] =
$GLOBALS['phpgw_setup']->db->f('config_value');
}
!
! if($GLOBALS['current_config']['files_dir'] ==
'/path/to/dir/phpgroupware/files')
{
! $GLOBALS['current_config']['files_dir'] =
$GLOBALS['phpgw_info']['server']['server_root'] . '/files';
}
--- 165,178 ----
$GLOBALS['current_config'][$GLOBALS['phpgw_setup']->db->f('config_name')] =
$GLOBALS['phpgw_setup']->db->f('config_value');
}
!
! // are we here because of an error: files-dir in docroot
! if (is_array($GLOBALS['HTTP_POST_VARS']['newsettings']) &&
$files_in_docroot)
{
! echo '<p align="center"><font color="red"><b>'.lang('Path to
user and group files HAS TO BE OUTSIDE of the webservers
document-root!!!')."</b></font></p>\n";
!
! foreach($GLOBALS['HTTP_POST_VARS']['newsettings'] as $key =>
$val)
! {
! $GLOBALS['current_config'][$key] = $val;
! }
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: setup config.php,1.78.2.1,1.78.2.2,
Ralf Becker <address@hidden> <=