Ensure to not be able to call s9y files under circumstances where .htaccess does not deny request AND register_globals is turned on

docs/NEWS

@@ -350,7 +350,14 @@ Version 1.1-alpha5()
    * Removed config option "XHTML11 compliance" and enabled by default
      now (garvinhicking)
 
-Version 1.0.3 ()
+Version 1.0.4 ()
+------------------------------------------------------------------------
+
+   * Fix local file inclusion bug on systems with two conditions:
+     register_globals=on AND missing .htaccess for restricting access to
+     .inc.php files. (garvinhicking)
+
+Version 1.0.3 (November 7th, 2006)
 ------------------------------------------------------------------------
 
    * Fix PHP 5.2.0 compatibility issue. (garvinhicking)

include/admin/configuration.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 umask(0000);
 $umask = 0775;
 @define('IN_installer', true);

include/admin/installer.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 umask(0000);
 $umask = 0775;
 @define('IN_installer', true);

include/compat.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_COMPAT')) {
     return;
 }

include/functions.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_FUNCTIONS')) {
     return;
 }

include/functions_calendars.inc.php

@@ -2,10 +2,14 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
- if (defined('S9Y_FRAMEWORK_CALENDARS')) {
-     return;
- }
- @define('S9Y_FRAMEWORK_CALENDARS', true);
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
+if (defined('S9Y_FRAMEWORK_CALENDARS')) {
+    return;
+}
+@define('S9Y_FRAMEWORK_CALENDARS', true);
 
 /**
  * Gregorian to Persian Convertor

include/functions_comments.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_COMMENTS')) {
     return;
 }

include/functions_config.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_CONFIG')) {
     return;
 }

include/functions_entries.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_ENTRIES')) {
     return;
 }

include/functions_entries_admin.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_ENTRIES_ADMIN')) {
     return;
 }

include/functions_images.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_IMAGES')) {
     return;
 }

include/functions_images_crop.inc.php

@@ -448,4 +448,3 @@ class imgedit {
         return true;
     }
 }
-?>

include/functions_installer.inc.php

@@ -2,6 +2,9 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
 
 if (defined('S9Y_FRAMEWORK_INSTALLER')) {
     return;

include/functions_permalinks.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_PERMALINKS')) {
     return;
 }

include/functions_plugins_admin.inc.php

@@ -2,6 +2,9 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
 
 if (defined('S9Y_FRAMEWORK_PLUGINS_ADMIN')) {
     return;

include/functions_rss.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_RSS')) {
     return;
 }

include/functions_smarty.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_SMARTY')) {
     return;
 }

include/functions_trackbacks.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_TRACKBACKS')) {
     return;
 }

include/functions_upgrader.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_UPGRADER')) {
     return;
 }

include/genpage.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (!defined('S9Y_FRAMEWORK')) {
     include('serendipity_config.inc.php');
 }

include/lang.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (!defined('serendipity_LANG_LOADED') || serendipity_LANG_LOADED !== true) {
     $charset = serendipity_getCharset();
 

include/plugin_internal.inc.php

@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (defined('S9Y_FRAMEWORK_PLUGIN_INTERNAL')) {
     return;
 }

templates/kubrick/config.inc.php

@@ -1,5 +1,9 @@
 <?php # $Id$
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+    
 $probelang = dirname(__FILE__) . '/lang_' . $serendipity['lang'] . '.inc.php';
 if (file_exists($probelang)) {
     include $probelang;