[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpsysinfo index.php,1.2.2.1.2.3
From: |
skwashd |
Subject: |
[Phpgroupware-cvs] phpsysinfo index.php,1.2.2.1.2.3 |
Date: |
Fri, 18 Nov 2005 14:23:00 +0100 |
Update of phpsysinfo
Modified Files:
Branch: Version-0_9_16-branch
index.php lines: +18 -14
Log Message:
security fixes for CVE-2005-0870, CVE-2005-3347 & CVE-2005-3348 (from Martin
Schulze of the Debian security team) and a fix for cookie based phpgw detection
when register_globals = off and some other little tweaks to the patch
====================================================
Index: phpsysinfo/index.php
diff -u phpsysinfo/index.php:1.2.2.1.2.2 phpsysinfo/index.php:1.2.2.1.2.3
--- phpsysinfo/index.php:1.2.2.1.2.2 Thu Jan 22 07:09:51 2004
+++ phpsysinfo/index.php Fri Nov 18 13:23:04 2005
@@ -23,24 +23,21 @@
// our version number
$VERSION="2.1";
-// reassign HTTP variables (incase register_globals is off)
-if (!empty($_GET) && is_array($_GET))
-{
- foreach($_GET as $name => $value)
- {
- $$name = $value;
- }
-}
-if (!empty($_POST) && @is_array($_POST))
+$charset = 'iso-8859-1';
+
+// be selective about which vars to provide globally
+$goodvars = array("sessionid", "kp3", "domain");
+if (!empty($_REQUEST) && is_array($_REQUEST))
{
- foreach($_POST as $name => $value)
- {
- $$name = $value;
+ foreach ($goodvars as $name) {
+ if (isset($_REQUEST[$name])) {
+ $$name = $_REQUEST[$name];
}
+ }
}
// Check to see if where running inside of phpGroupWare
-if (isset($sessionid) && $sessionid && $kp3 && $domain)
+if (isset($_REQUEST['sessionid']) && $_REQUEST['sessionid'] &&
$_REQUEST['kp3'] && $_REQUEST['domain'])
{
define('PHPGROUPWARE', 1);
$phpgw_info['flags'] = array(
@@ -54,6 +51,13 @@
}
define('APP_ROOT', dirname(__FILE__));
+
+if (isset($template)) {
+ $template = basename($template);
+}
+if (isset($lng)) {
+ $lng = basename($lng);
+}
// check to see if we have a random template first
if (isset($template) && $template == 'random') {
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] phpsysinfo index.php,1.2.2.1.2.3,
skwashd <=
- Prev by Date:
[Phpgroupware-cvs] calendar/inc class.uiicalendar.inc.php, 1.10 class.uicalendar.inc.php, 1.117 class.bocalendar.inc.php, 1.98 class.socalendar_sql.inc.php, 1.38 class.boicalendar.inc.php, 1.28 class.socalendar.inc.php, 1.30
- Next by Date:
[Phpgroupware-cvs] news_admin/inc class.uinews.inc.php,1.35
- Previous by thread:
[Phpgroupware-cvs] calendar/inc class.uiicalendar.inc.php, 1.10 class.uicalendar.inc.php, 1.117 class.bocalendar.inc.php, 1.98 class.socalendar_sql.inc.php, 1.38 class.boicalendar.inc.php, 1.28 class.socalendar.inc.php, 1.30
- Next by thread:
[Phpgroupware-cvs] news_admin/inc class.uinews.inc.php,1.35
- Index(es):