Turn sensitive files into scripts that exit immediately
darcs-hash:20050512204225-45605-bee22b4df3d23374bc4922ede8f48106ea217209.gz
This commit is contained in:
parent
7009a5a9c3
commit
8c4f28e821
|
@ -1,3 +1,7 @@
|
|||
# acl.auth.php
|
||||
# <?php exit()?>
|
||||
# Don't modify the lines above
|
||||
#
|
||||
# Access Control
|
||||
#
|
||||
# none 0
|
|
@ -1,3 +1,7 @@
|
|||
# users.auth.php
|
||||
# <?php exit()?>
|
||||
# Don't modify the lines above
|
||||
#
|
||||
# Userfile
|
||||
#
|
||||
# Format:
|
|
@ -43,7 +43,7 @@ function admin_acl_handler(){
|
|||
}
|
||||
|
||||
// reload ACL config
|
||||
$AUTH_ACL = file('conf/acl.auth');
|
||||
$AUTH_ACL = file('conf/acl.auth.php');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -112,12 +112,12 @@ function get_acl_config($id){
|
|||
|
||||
|
||||
/**
|
||||
* adds new acl-entry to conf/acl.auth
|
||||
* adds new acl-entry to conf/acl.auth.php
|
||||
*
|
||||
* @author Frank Schubert <frank@schokilade.de>
|
||||
*/
|
||||
function admin_acl_add($acl_scope, $acl_user, $acl_level){
|
||||
$acl_config = join("",file('conf/acl.auth'));
|
||||
$acl_config = join("",file('conf/acl.auth.php'));
|
||||
|
||||
// max level for pagenames is edit
|
||||
if(strpos("*", $acl_scope) === false) {
|
||||
|
@ -128,23 +128,23 @@ function admin_acl_add($acl_scope, $acl_user, $acl_level){
|
|||
|
||||
$new_config = $acl_config.$new_acl;
|
||||
|
||||
return io_saveFile("conf/acl.auth", $new_config);
|
||||
return io_saveFile("conf/acl.auth.php", $new_config);
|
||||
}
|
||||
|
||||
/**
|
||||
* remove acl-entry from conf/acl.auth
|
||||
* remove acl-entry from conf/acl.auth.php
|
||||
*
|
||||
* @author Frank Schubert <frank@schokilade.de>
|
||||
*/
|
||||
function admin_acl_del($acl_scope, $acl_user){
|
||||
$acl_config = file('conf/acl.auth');
|
||||
$acl_config = file('conf/acl.auth.php');
|
||||
|
||||
$acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$';
|
||||
|
||||
// save all non!-matching #FIXME invert is available from 4.2.0 only!
|
||||
$new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT);
|
||||
|
||||
return io_saveFile("conf/acl.auth", join("",$new_config));
|
||||
return io_saveFile("conf/acl.auth.php", join("",$new_config));
|
||||
}
|
||||
|
||||
// --- HTML OUTPUT FUNCTIONS BELOW --- //
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
if($conf['useacl']){
|
||||
auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
|
||||
//load ACL into a global array
|
||||
$AUTH_ACL = file('conf/acl.auth');
|
||||
$AUTH_ACL = file('conf/acl.auth.php');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -76,13 +76,13 @@ function auth_createUser($user,$pass,$name,$mail){
|
|||
$mail,
|
||||
$conf['defaultgroup']));
|
||||
$userline .= "\n";
|
||||
$fh = fopen('conf/users.auth','a');
|
||||
$fh = fopen('conf/users.auth.php','a');
|
||||
if($fh){
|
||||
fwrite($fh,$userline);
|
||||
fclose($fh);
|
||||
return $pass;
|
||||
}
|
||||
msg('The users.auth file is not writable. Please inform the Wiki-Admin',-1);
|
||||
msg('The users.auth.php file is not writable. Please inform the Wiki-Admin',-1);
|
||||
return null;
|
||||
}
|
||||
|
||||
|
@ -96,7 +96,7 @@ function auth_createUser($user,$pass,$name,$mail){
|
|||
*/
|
||||
function auth_plain_loadUserData(){
|
||||
$data = array();
|
||||
$lines = file('conf/users.auth');
|
||||
$lines = file('conf/users.auth.php');
|
||||
foreach($lines as $line){
|
||||
$line = preg_replace('/#.*$/','',$line); //ignore comments
|
||||
$line = trim($line);
|
||||
|
|
|
@ -791,10 +791,10 @@ function check(){
|
|||
msg('Mediadir is not writable',-1);
|
||||
}
|
||||
|
||||
if(is_writable('conf/users.auth')){
|
||||
msg('conf/users.auth is writable',1);
|
||||
if(is_writable('conf/users.auth.php')){
|
||||
msg('conf/users.auth.php is writable',1);
|
||||
}else{
|
||||
msg('conf/users.auth is not writable',0);
|
||||
msg('conf/users.auth.php is not writable',0);
|
||||
}
|
||||
|
||||
if(function_exists('mb_strpos')){
|
||||
|
|
30
inc/init.php
30
inc/init.php
|
@ -70,6 +70,10 @@
|
|||
$conf['mediadir'] = realpath($conf['mediadir']);
|
||||
if(!$conf['mediadir']) msg('Wrong mediadir! Check config!',-1);
|
||||
|
||||
// automatic upgrade to script versions of certain files
|
||||
scriptify('conf/users.auth');
|
||||
scriptify('conf/acl.auth');
|
||||
|
||||
/**
|
||||
* remove magic quotes recursivly
|
||||
*
|
||||
|
@ -135,6 +139,32 @@ function getBaseURL($abs=false){
|
|||
return $proto.$host.$port.$dir;
|
||||
}
|
||||
|
||||
function scriptify($file) {
|
||||
// checks
|
||||
if (!is_readable($file)) {
|
||||
return;
|
||||
}
|
||||
$fn = $file.'.php';
|
||||
if (@file_exists($fn)) {
|
||||
return;
|
||||
}
|
||||
$fh = fopen($fn, 'w');
|
||||
if (!$fh) {
|
||||
die($fn.' is not writable!');
|
||||
}
|
||||
// write php exit hack first
|
||||
fwrite($fh, "# $fn\n");
|
||||
fwrite($fh, '# <?php exit()?>'."\n");
|
||||
fwrite($fh, "# Don't modify the lines above\n");
|
||||
fwrite($fh, "#\n");
|
||||
// copy existing lines
|
||||
$lines = file($file);
|
||||
foreach ($lines as $line){
|
||||
fwrite($fh, $line);
|
||||
}
|
||||
$fclose($fh);
|
||||
}
|
||||
|
||||
|
||||
|
||||
//Setup VIM: ex: et ts=2 enc=utf-8 :
|
||||
|
|
Loading…
Reference in New Issue