diff options
| author | jan <jan@jandecaluwe.com> | 2005-05-12 22:42:25 +0200 |
|---|---|---|
| committer | jan <jan@jandecaluwe.com> | 2005-05-12 22:42:25 +0200 |
| commit | 8c4f28e8218f0ffb4c01bfd99c7420114b839c4e (patch) | |
| tree | 7e555672525e915191303d319ded5dc70b64bfda | |
| parent | 7009a5a9c3eec40fc7ae8aba3932be002d157b98 (diff) | |
| download | rpg-8c4f28e8218f0ffb4c01bfd99c7420114b839c4e.tar.gz rpg-8c4f28e8218f0ffb4c01bfd99c7420114b839c4e.tar.bz2 | |
Turn sensitive files into scripts that exit immediately
darcs-hash:20050512204225-45605-bee22b4df3d23374bc4922ede8f48106ea217209.gz
| -rw-r--r-- | conf/acl.auth.php.dist (renamed from conf/acl.auth.dist) | 4 | ||||
| -rw-r--r-- | conf/users.auth.php.dist (renamed from conf/users.auth.dist) | 4 | ||||
| -rw-r--r-- | inc/admin_acl.php | 14 | ||||
| -rw-r--r-- | inc/auth.php | 2 | ||||
| -rw-r--r-- | inc/auth_plain.php | 6 | ||||
| -rw-r--r-- | inc/common.php | 6 | ||||
| -rw-r--r-- | inc/init.php | 30 |
7 files changed, 52 insertions, 14 deletions
diff --git a/conf/acl.auth.dist b/conf/acl.auth.php.dist index 09dd2da10..3b0745648 100644 --- a/conf/acl.auth.dist +++ b/conf/acl.auth.php.dist @@ -1,3 +1,7 @@ +# acl.auth.php +# <?php exit()?> +# Don't modify the lines above +# # Access Control # # none 0 diff --git a/conf/users.auth.dist b/conf/users.auth.php.dist index f30decd02..6576eeb5f 100644 --- a/conf/users.auth.dist +++ b/conf/users.auth.php.dist @@ -1,3 +1,7 @@ +# users.auth.php +# <?php exit()?> +# Don't modify the lines above +# # Userfile # # Format: diff --git a/inc/admin_acl.php b/inc/admin_acl.php index f836f4a01..98d9e96aa 100644 --- a/inc/admin_acl.php +++ b/inc/admin_acl.php @@ -43,7 +43,7 @@ function admin_acl_handler(){ } // reload ACL config - $AUTH_ACL = file('conf/acl.auth'); + $AUTH_ACL = file('conf/acl.auth.php'); } /** @@ -112,12 +112,12 @@ function get_acl_config($id){ /** - * adds new acl-entry to conf/acl.auth + * adds new acl-entry to conf/acl.auth.php * * @author Frank Schubert <frank@schokilade.de> */ function admin_acl_add($acl_scope, $acl_user, $acl_level){ - $acl_config = join("",file('conf/acl.auth')); + $acl_config = join("",file('conf/acl.auth.php')); // max level for pagenames is edit if(strpos("*", $acl_scope) === false) { @@ -128,23 +128,23 @@ function admin_acl_add($acl_scope, $acl_user, $acl_level){ $new_config = $acl_config.$new_acl; - return io_saveFile("conf/acl.auth", $new_config); + return io_saveFile("conf/acl.auth.php", $new_config); } /** - * remove acl-entry from conf/acl.auth + * remove acl-entry from conf/acl.auth.php * * @author Frank Schubert <frank@schokilade.de> */ function admin_acl_del($acl_scope, $acl_user){ - $acl_config = file('conf/acl.auth'); + $acl_config = file('conf/acl.auth.php'); $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$'; // save all non!-matching #FIXME invert is available from 4.2.0 only! $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT); - return io_saveFile("conf/acl.auth", join("",$new_config)); + return io_saveFile("conf/acl.auth.php", join("",$new_config)); } // --- HTML OUTPUT FUNCTIONS BELOW --- // diff --git a/inc/auth.php b/inc/auth.php index 14e7230d0..64b865594 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -28,7 +28,7 @@ if($conf['useacl']){ auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']); //load ACL into a global array - $AUTH_ACL = file('conf/acl.auth'); + $AUTH_ACL = file('conf/acl.auth.php'); } /** diff --git a/inc/auth_plain.php b/inc/auth_plain.php index 93168a26f..6bc666802 100644 --- a/inc/auth_plain.php +++ b/inc/auth_plain.php @@ -76,13 +76,13 @@ function auth_createUser($user,$pass,$name,$mail){ $mail, $conf['defaultgroup'])); $userline .= "\n"; - $fh = fopen('conf/users.auth','a'); + $fh = fopen('conf/users.auth.php','a'); if($fh){ fwrite($fh,$userline); fclose($fh); return $pass; } - msg('The users.auth file is not writable. Please inform the Wiki-Admin',-1); + msg('The users.auth.php file is not writable. Please inform the Wiki-Admin',-1); return null; } @@ -96,7 +96,7 @@ function auth_createUser($user,$pass,$name,$mail){ */ function auth_plain_loadUserData(){ $data = array(); - $lines = file('conf/users.auth'); + $lines = file('conf/users.auth.php'); foreach($lines as $line){ $line = preg_replace('/#.*$/','',$line); //ignore comments $line = trim($line); diff --git a/inc/common.php b/inc/common.php index 2253402b4..1f79822a6 100644 --- a/inc/common.php +++ b/inc/common.php @@ -791,10 +791,10 @@ function check(){ msg('Mediadir is not writable',-1); } - if(is_writable('conf/users.auth')){ - msg('conf/users.auth is writable',1); + if(is_writable('conf/users.auth.php')){ + msg('conf/users.auth.php is writable',1); }else{ - msg('conf/users.auth is not writable',0); + msg('conf/users.auth.php is not writable',0); } if(function_exists('mb_strpos')){ diff --git a/inc/init.php b/inc/init.php index 075469ddb..621466196 100644 --- a/inc/init.php +++ b/inc/init.php @@ -70,6 +70,10 @@ $conf['mediadir'] = realpath($conf['mediadir']); if(!$conf['mediadir']) msg('Wrong mediadir! Check config!',-1); + // automatic upgrade to script versions of certain files + scriptify('conf/users.auth'); + scriptify('conf/acl.auth'); + /** * remove magic quotes recursivly * @@ -135,6 +139,32 @@ function getBaseURL($abs=false){ return $proto.$host.$port.$dir; } +function scriptify($file) { + // checks + if (!is_readable($file)) { + return; + } + $fn = $file.'.php'; + if (@file_exists($fn)) { + return; + } + $fh = fopen($fn, 'w'); + if (!$fh) { + die($fn.' is not writable!'); + } + // write php exit hack first + fwrite($fh, "# $fn\n"); + fwrite($fh, '# <?php exit()?>'."\n"); + fwrite($fh, "# Don't modify the lines above\n"); + fwrite($fh, "#\n"); + // copy existing lines + $lines = file($file); + foreach ($lines as $line){ + fwrite($fh, $line); + } + $fclose($fh); +} + //Setup VIM: ex: et ts=2 enc=utf-8 : |