Update of /cvsroot/phpwiki/phpwiki/admin
In directory usw-pr-cvs1:/tmp/cvs-serv10034/admin
Modified Files:
Tag: release-1_2-branch
dumpserial.php loadserial.php
Log Message:
Added extra paranoid security checks.
Without these checks, if the admin directory is not protected
(e.g. via .htaccess) then loadserial.php and dumpserial.php can
be run directly and used to probe for and create directories
on the http server.
Index: dumpserial.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/admin/Attic/dumpserial.php,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -C2 -r1.1 -r1.1.2.1
*** dumpserial.php 2000年11月08日 15:30:16 1.1
--- dumpserial.php 2001年02月14日 06:32:19 1.1.2.1
***************
*** 6,10 ****
directory as serialized data structures.
*/
!
$directory = $dumpserial;
$pages = GetAllWikiPagenames($dbi);
--- 6,12 ----
directory as serialized data structures.
*/
! if (!defined('WIKI_ADMIN'))
! die("You must be logged in as the administrator to dump serialized pages.");
!
$directory = $dumpserial;
$pages = GetAllWikiPagenames($dbi);
Index: loadserial.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/admin/Attic/loadserial.php,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -C2 -r1.1 -r1.1.2.1
*** loadserial.php 2000年11月08日 15:30:16 1.1
--- loadserial.php 2001年02月14日 06:32:19 1.1.2.1
***************
*** 5,8 ****
--- 5,10 ----
wiki_dumpserial.php.
*/
+ if (!defined('WIKI_ADMIN'))
+ die("You must be logged in as the administrator to load serialized pages.");
$directory = $loadserial;