mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Ensure to not be able to call s9y files under circumstances where .htaccess does not deny request AND register_globals is turned on

Browse Source
This commit is contained in:
Garvin Hicking 2006-11-30 21:34:29 +00:00
parent 1549c178ce
commit 14f00d7d9e
23 changed files with 164 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/NEWS
View File

@ -350,7 +350,14 @@ Version 1.1-alpha5()
* Removed config option "XHTML11 compliance" and enabled by default
now (garvinhicking)
Version 1.0.3 ()
Version 1.0.4 ()
------------------------------------------------------------------------
* Fix local file inclusion bug on systems with two conditions:
register_globals=on AND missing .htaccess for restricting access to
.inc.php files. (garvinhicking)
Version 1.0.3 (November 7th, 2006)
------------------------------------------------------------------------
* Fix PHP 5.2.0 compatibility issue. (garvinhicking)

6
include/admin/configuration.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
umask(0000);
$umask = 0775;
@define('IN_installer', true);
@ -47,7 +51,7 @@ switch ($_POST['installAction'] && serendipity_checkFormToken()) {
$permalinkNew[] = $serendipity[$permitem['var']];
}
}
}
}
if (serendipity_checkPermission('siteConfiguration') && serialize($permalinkOld) != serialize($permalinkNew)) {
printf(ATTEMPT_WRITE_FILE, $serendipity['serendipityPath'] . '.htaccess');

4
include/admin/installer.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
umask(0000);
$umask = 0775;
@define('IN_installer', true);

14
include/compat.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_COMPAT')) {
return;
}
@ -38,11 +42,11 @@ function memSnap($tshow = '') {
static $avail = null;
static $show = true;
static $memUsage = 0;
if (!$show) {
return false;
}
if ($avail === false) {
return true;
} elseif ($avail === null) {
@ -53,11 +57,11 @@ function memSnap($tshow = '') {
return false;
}
}
if ($memUsage === 0) {
$memUsage = $avail;
}
$current = memory_get_usage();
echo '[' . date('d.m.Y H:i') . '] ' . number_format($current - $memUsage, 2, ',', '.') . ' label "' . $tshow . '", totalling ' . number_format($current, 2, ',', '.') . '<br />' . "\n";
$memUsage = $current;
@ -222,7 +226,7 @@ function serendipity_getCharset() {
$charset = '';
}
}
if (!empty($serendipity['POST']['charset'])) {
if ($serendipity['POST']['charset'] == 'UTF-8/') {
$charset = 'UTF-8/';

8
include/functions.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_FUNCTIONS')) {
return;
}
@ -323,7 +327,7 @@ function serendipity_walkRecursive($ary, $child_name = 'id', $parent_name = 'par
if ($depth !== 0) {
return true;
}
if (count($_remain) > 0) {
// Remaining items need to be appended
foreach($_remain AS $key => $data) {
@ -1146,7 +1150,7 @@ function &serendipity_pickKey(&$array, $key, $default) {
function serendipity_db_time() {
static $ts = null;
static $cache = 300; // Seconds to cache
if ($ts === null) {
$now = time();
$ts = $now - ($now % $cache) + $cache;

88
include/functions_calendars.inc.php
View File

@ -2,11 +2,15 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (defined('S9Y_FRAMEWORK_CALENDARS')) {
return;
}
@define('S9Y_FRAMEWORK_CALENDARS', true);
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_CALENDARS')) {
return;
}
@define('S9Y_FRAMEWORK_CALENDARS', true);
/**
* Gregorian to Persian Convertor
*
@ -20,42 +24,42 @@
function g2p($g_y, $g_m, $g_d){
$g_days_in_month = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
$j_days_in_month = array(31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29);
$gy = $g_y-1600;
$gm = $g_m-1;
$gd = $g_d-1;
$g_day_no = 365*$gy+floor(($gy+3)/4)-floor(($gy+99)/100)+floor(($gy+399)/400);
for ($i=0; $i < $gm; ++$i){
$g_day_no += $g_days_in_month[$i];
}
if ($gm>1 && (($gy%4==0 && $gy%100!=0) || ($gy%400==0))){
/* leap and after Feb */
++$g_day_no;
}
$g_day_no += $gd;
$j_day_no = $g_day_no-79;
$j_np = floor($j_day_no/12053);
$j_day_no %= 12053;
$jy = 979+33*$j_np+4*floor($j_day_no/1461);
$j_day_no %= 1461;
if ($j_day_no >= 366) {
$jy += floor(($j_day_no-1)/365);
$j_day_no = ($j_day_no-1)%365;
}
$j_all_days = $j_day_no+1;
for ($i = 0; $i < 11 && $j_day_no >= $j_days_in_month[$i]; ++$i) {
$j_day_no -= $j_days_in_month[$i];
}
$jm = $i+1;
$jd = $j_day_no+1;
return array($jy, $jm, $jd, $j_all_days);
}
@ -107,10 +111,10 @@ function p2g($j_y, $j_m, $j_d){
}
$gm = $i+1;
$gd = $g_day_no+1;
return array($gy, $gm, $gd);
}
/**
* Format a string according to Persian calendar (UTF)
*
@ -121,11 +125,11 @@ function p2g($j_y, $j_m, $j_d){
* @return string Formatted local time/date according to locale settings
*/
function persian_strftime_utf($format, $timestamp='') {
if($timestamp==''){
$timestamp = mktime();
}
$g_d=date('j', $timestamp);
$g_m=date('n', $timestamp);
$g_y=date('Y', $timestamp);
@ -155,12 +159,12 @@ function persian_strftime_utf($format, $timestamp='') {
'Wed' => '5',
'Thu' => '6',
'Fri' => '7');
// calculate string
$output_str='';
for ($i=0; $i<strlen($format); $i++){
if($format[$i]=='%'){
$i++;
switch($format[$i]){
@ -256,7 +260,7 @@ function persian_strftime_utf($format, $timestamp='') {
$output_str.=$format[$i];
}
}
return $output_str;
}
@ -270,24 +274,24 @@ function persian_strftime_utf($format, $timestamp='') {
* @return string Formatted local time/date
*/
function persian_date_utf($format, $timestamp='') {
if($timestamp==''){
$timestamp = mktime();
}
$g_d=date('j', $timestamp);
$g_m=date('n', $timestamp);
$g_y=date('Y', $timestamp);
list($jy, $jm, $jd, $j_all_days) = g2p($g_y, $g_m, $g_d);
$j_days_in_month = array(0, 31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29);
$leap = 0;
if ($g_m>1 && (($g_y%4==0 && $g_y%100!=0) || ($g_y%400==0))){
$j_days_in_month[12]++;
$leap = 1;
}
$j_month_name = array('', 'فروردین', 'اردیبهشت', 'خرداد', 'تیر',
'مرداد', 'شهریور', 'مهر', 'آبان', 'آذر', 'دی', 'بهمن', 'اسفند');
$j_week_name = array('Saturday' => 'شنبه',
@ -311,12 +315,12 @@ function persian_date_utf($format, $timestamp='') {
'Wed' => '5',
'Thu' => '6',
'Fri' => '7');
// calculate string
$output_str='';
for ($i=0; $i<strlen($format); $i++){
if($format[$i]!='\\'){
switch($format[$i]){
case 'd':
@ -355,7 +359,7 @@ function persian_date_utf($format, $timestamp='') {
case 't':
$output_str.=$j_days_in_month[$jm];
break;
case 'L':
case 'L':
$output_str.=$leap;
break;
case 'o':
@ -420,7 +424,7 @@ function persian_date_utf($format, $timestamp='') {
$output_str.=$format[$i];
}
}
return $output_str;
}
@ -441,24 +445,24 @@ function persian_date_utf($format, $timestamp='') {
*/
function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='', $is_dst=-1){
$j_days_in_month = array(31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29);
if ( (string) $hour == '') { $hour = persian_date_utf('H'); }
if ( (string) $min == '') { $min = persian_date_utf('i'); }
if ( (string) $sec == '') { $sec = persian_date_utf('s'); }
if ( (string) $day == '') { $day = persian_date_utf('j'); }
if ( (string) $mon == '') { $mon = persian_date_utf('n'); }
if ( (string) $year == '') { $year = persian_date_utf('Y'); }
/*
/*
an ugly, beta code snippet to support days <= zero!
it should work, but days in one or more months should calculate!
*/
/*
if($day <= 0){
// change sign
$day = abs($day);
// calculate months and days that shall decrease
// this do-while has a lot of errors!!!
do{
@ -466,7 +470,7 @@ function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='',
$months = floor($day/30);
$days = $day % 30;
}while();
$mon -= $months;
$day -= $days;
if ($day < 1) {
@ -478,11 +482,11 @@ function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='',
if($mon <= 0){
// change sign
$mon = abs($mon);
// calculate years and months that shall decrease
$years = floor($mon/12);
$months = $mon % 12;
$year -= $years;
$mon -= $months;
if ($mon < 1) {
@ -490,7 +494,7 @@ function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='',
$mon += 12;
}
}
if ($day < 1) {
$temp_month = $mon-1;
$temp_year = $year;
@ -505,7 +509,7 @@ function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='',
}
$day += $j_days_in_month[$temp_month];
}
list($year, $mon, $day)=p2g($year, $mon, $day);
return mktime($hour, $min, $sec, $mon, $day, $year, $is_dst);
}

18
include/functions_comments.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_COMMENTS')) {
return;
}
@ -126,7 +130,7 @@ function serendipity_fetchComments($id, $limit = null, $order = '', $showAll = f
} else {
$limit = '';
}
if ($type == 'comments' || empty($type)) {
$type = 'NORMAL';
} elseif ($type == 'trackbacks') {
@ -142,7 +146,7 @@ function serendipity_fetchComments($id, $limit = null, $order = '', $showAll = f
if (!$showAll) {
$and .= ' AND co.status = \'approved\'';
}
$and .= $where;
if ($serendipity['dbType'] == 'postgres') {
@ -332,7 +336,7 @@ function serendipity_printCommentsByAuthor() {
}
$sql_limit = $serendipity['fetchLimit'] * ($serendipity['GET']['page']-1) . ',' . $serendipity['fetchLimit'];
$c = serendipity_fetchComments(null, $sql_limit, 'co.entry_id DESC, co.id ASC', false, $type, $sql_where);
$entry_comments = array();
foreach($c as $i => $comment) {
if (!isset($entry_comments[$comment['entry_id']])) {
@ -341,7 +345,7 @@ function serendipity_printCommentsByAuthor() {
}
$entry_comments[$comment['entry_id']]['comments'][] = $comment;
}
foreach($entry_comments AS $entry_id => $_data) {
$entry_comments[$entry_id]['tpl_comments'] =& serendipity_printComments($_data['comments'], VIEWMODE_LINEAR, 0, null, 'COMMENTS', 'comments.tpl');
}
@ -356,10 +360,10 @@ function serendipity_printCommentsByAuthor() {
$and .= ' AND co.status = \'approved\'';
}
$cc = serendipity_db_query("SELECT count(co.id) AS counter
$cc = serendipity_db_query("SELECT count(co.id) AS counter
FROM {$serendipity['dbPrefix']}comments AS co
WHERE co.entry_id > 0
AND co.type LIKE '" . $type . "'
WHERE co.entry_id > 0
AND co.type LIKE '" . $type . "'
AND co.status = 'approved' " . $sql_where . "
GROUP BY co.author", true, 'assoc');
if (!isset($cc['counter'])) {

4
include/functions_config.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_CONFIG')) {
return;
}

4
include/functions_entries.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_ENTRIES')) {
return;
}

4
include/functions_entries_admin.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_ENTRIES_ADMIN')) {
return;
}

12
include/functions_images.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_IMAGES')) {
return;
}
@ -3315,15 +3319,15 @@ function serendipity_checkDirUpload($dir) {
return true;
}
*/
$allowed = serendipity_ACLGet(0, 'directory', 'write', $dir);
$mygroups = serendipity_checkPermission(null, null, true);
// Usergroup "0" always means that access is granted. If no array exists, no ACL restrictions have been set and all is fine.
if (!is_array($allowed) || isset($allowed[0])) {
return true;
}
if (!is_array($mygroups)) {
return true;
}
@ -3334,6 +3338,6 @@ function serendipity_checkDirUpload($dir) {
break;
}
}
return false;
}

11
include/functions_images_crop.inc.php
View File

@ -258,7 +258,7 @@ class imgedit {
$this->slice_to_x = $this->slice_from_x + $this->slice_width;
$this->slice_to_y = $this->slice_from_y + $this->slice_height;
// TODO:
// TODO:
// - Operate also on PNG, TIFF etc.
// - Support image magick
// - Save file as new image!
@ -283,7 +283,7 @@ class imgedit {
rename($new_img_name, $this->img_name);
$http_new_file = preg_replace('@^' . preg_quote($serendipity['serendipityPath'] . $serendipity['uploadPath']) . '@', '', $this->img_name);
serendipity_makeThumbnail(basename($http_new_file), dirname($http_new_file) . '/');
$this->img_name = $new_img_name;
$this->img_width = $new_img_width;
$this->img_height = $new_img_height;
@ -295,9 +295,9 @@ class imgedit {
function increment($fullfile) {
$d = dirname($fullfile) . '/';
$f = basename($fullfile);
$f = time() . '.' . $f;
return $d . $f;
}
@ -391,7 +391,7 @@ class imgedit {
// Set the template variables
function setVars() {
$this->imgedit_smarty['zoombox_width'] = $this->zoombox_width;
$this->imgedit_smarty['zoombox_padding'] = $this->zoombox_width + 20;
$this->imgedit_smarty['area_width'] = $this->area_width;
@ -448,4 +448,3 @@ class imgedit {
return true;
}
}
?>

3
include/functions_installer.inc.php
View File

@ -2,6 +2,9 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_INSTALLER')) {
return;

4
include/functions_permalinks.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_PERMALINKS')) {
return;
}

3
include/functions_plugins_admin.inc.php
View File

@ -2,6 +2,9 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_PLUGINS_ADMIN')) {
return;

4
include/functions_rss.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_RSS')) {
return;
}

6
include/functions_smarty.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_SMARTY')) {
return;
}
@ -354,7 +358,7 @@ function serendipity_smarty_showCommentForm($params, &$smarty) {
if (!isset($params['data'])) {
$params['data'] = $serendipity['POST'];
}
if (!isset($params['showToolbar'])) {
$params['showToolbar'] = true;
}

4
include/functions_trackbacks.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_TRACKBACKS')) {
return;
}

16
include/functions_upgrader.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_UPGRADER')) {
return;
}
@ -89,7 +93,7 @@ function serendipity_fixPlugins($case) {
'serendipity_event_searchhighlight',
'serendipity_event_textile'
);
$elements = array(
'ENTRY_BODY',
'EXTENDED_BODY',
@ -102,24 +106,24 @@ function serendipity_fixPlugins($case) {
$where[] = "name LIKE '$plugin:%'";
}
$rows = serendipity_db_query("SELECT name, value, authorid
FROM {$serendipity['dbPrefix']}config
$rows = serendipity_db_query("SELECT name, value, authorid
FROM {$serendipity['dbPrefix']}config
WHERE " . implode(' OR ', $where));
if (!is_array($rows)) {
return false;
}
foreach($rows AS $row) {
if (preg_match('@^(serendipity_event_.+):([a-z0-9]+)/(.+)@i', $row['name'], $plugin_data)) {
foreach($elements AS $element) {
if ($plugin_data[3] != constant($element)) {
continue;
}
$new = $plugin_data[1] . ':' . $plugin_data[2] . '/' . $element;
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}config
SET name = '$new'
WHERE name = '{$row['name']}'
WHERE name = '{$row['name']}'
AND value = '{$row['value']}'
AND authorid = '{$row['authorid']}'");
}

6
include/genpage.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (!defined('S9Y_FRAMEWORK')) {
include('serendipity_config.inc.php');
}
@ -97,7 +101,7 @@ if ($serendipity['smarty_raw_mode']) {
case 'comments':
serendipity_printCommentsByAuthor();
// use 'content_message' for pagination?
break;
// Show the archive

4
include/lang.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (!defined('serendipity_LANG_LOADED') || serendipity_LANG_LOADED !== true) {
$charset = serendipity_getCharset();

4
include/plugin_internal.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_PLUGIN_INTERNAL')) {
return;
}

4
templates/kubrick/config.inc.php
View File

@ -1,5 +1,9 @@
<?php # $Id$
if (IN_serendipity !== true) {
die ("Don't hack!");
}
$probelang = dirname(__FILE__) . '/lang_' . $serendipity['lang'] . '.inc.php';
if (file_exists($probelang)) {
include $probelang;