[Phpgroupware-cvs] phpsysinfo index.php,1.2.2.1.2.3

[skwashd]

Update of phpsysinfo

Modified Files:
     Branch: Version-0_9_16-branch
            index.php lines: +18 -14

Log Message:
security fixes for CVE-2005-0870, CVE-2005-3347 & CVE-2005-3348 (from Martin 
Schulze of the Debian security team) and a fix for cookie based phpgw detection 
when register_globals = off and some other little tweaks to the patch

====================================================
Index: phpsysinfo/index.php
diff -u phpsysinfo/index.php:1.2.2.1.2.2 phpsysinfo/index.php:1.2.2.1.2.3
--- phpsysinfo/index.php:1.2.2.1.2.2    Thu Jan 22 07:09:51 2004
+++ phpsysinfo/index.php        Fri Nov 18 13:23:04 2005
@@ -23,24 +23,21 @@
 // our version number
 $VERSION="2.1";

-// reassign HTTP variables (incase register_globals is off)
-if (!empty($_GET) && is_array($_GET))
-{
-       foreach($_GET as $name => $value)
-       {
-               $$name = $value;
-       }
-}
-if (!empty($_POST) && @is_array($_POST))
+$charset = 'iso-8859-1';
+
+// be selective about which vars to provide globally
+$goodvars = array("sessionid", "kp3", "domain");
+if (!empty($_REQUEST) && is_array($_REQUEST))
 {
-       foreach($_POST as $name => $value)
-       {
-               $$name = $value;
+    foreach ($goodvars as $name) {
+       if (isset($_REQUEST[$name])) {
+           $$name = $_REQUEST[$name];
        }
+    }
 }

 // Check to see if where running inside of phpGroupWare
-if (isset($sessionid) && $sessionid && $kp3 && $domain)
+if (isset($_REQUEST['sessionid']) && $_REQUEST['sessionid'] && 
$_REQUEST['kp3'] && $_REQUEST['domain'])
 {
     define('PHPGROUPWARE', 1);
     $phpgw_info['flags'] = array(
@@ -54,6 +51,13 @@
 }

 define('APP_ROOT', dirname(__FILE__));
+
+if (isset($template)) {
+    $template = basename($template);
+}
+if (isset($lng)) {
+    $lng = basename($lng);
+}

 // check to see if we have a random template first
 if (isset($template) && $template == 'random') {