Ensure to not be able to call s9y files under circumstances where .htaccess does not deny request AND register_globals is turned on
This commit is contained in:
		| @@ -350,7 +350,14 @@ Version 1.1-alpha5() | ||||
|    * Removed config option "XHTML11 compliance" and enabled by default | ||||
|      now (garvinhicking) | ||||
|  | ||||
| Version 1.0.3 () | ||||
| Version 1.0.4 () | ||||
| ------------------------------------------------------------------------ | ||||
|  | ||||
|    * Fix local file inclusion bug on systems with two conditions: | ||||
|      register_globals=on AND missing .htaccess for restricting access to | ||||
|      .inc.php files. (garvinhicking) | ||||
|  | ||||
| Version 1.0.3 (November 7th, 2006) | ||||
| ------------------------------------------------------------------------ | ||||
|  | ||||
|    * Fix PHP 5.2.0 compatibility issue. (garvinhicking) | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| umask(0000); | ||||
| $umask = 0775; | ||||
| @define('IN_installer', true); | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| umask(0000); | ||||
| $umask = 0775; | ||||
| @define('IN_installer', true); | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_COMPAT')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_FUNCTIONS')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,10 +2,14 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
|  if (defined('S9Y_FRAMEWORK_CALENDARS')) { | ||||
|      return; | ||||
|  } | ||||
|  @define('S9Y_FRAMEWORK_CALENDARS', true); | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_CALENDARS')) { | ||||
|     return; | ||||
| } | ||||
| @define('S9Y_FRAMEWORK_CALENDARS', true); | ||||
|  | ||||
| /** | ||||
|  * Gregorian to Persian Convertor | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_COMMENTS')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_CONFIG')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_ENTRIES')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_ENTRIES_ADMIN')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_IMAGES')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -448,4 +448,3 @@ class imgedit { | ||||
|         return true; | ||||
|     } | ||||
| } | ||||
| ?> | ||||
| @@ -2,6 +2,9 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_INSTALLER')) { | ||||
|     return; | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_PERMALINKS')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,9 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_PLUGINS_ADMIN')) { | ||||
|     return; | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_RSS')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_SMARTY')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_TRACKBACKS')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_UPGRADER')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (!defined('S9Y_FRAMEWORK')) { | ||||
|     include('serendipity_config.inc.php'); | ||||
| } | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (!defined('serendipity_LANG_LOADED') || serendipity_LANG_LOADED !== true) { | ||||
|     $charset = serendipity_getCharset(); | ||||
|  | ||||
|   | ||||
| @@ -2,6 +2,10 @@ | ||||
| # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) | ||||
| # All rights reserved.  See LICENSE file for licensing details | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|  | ||||
| if (defined('S9Y_FRAMEWORK_PLUGIN_INTERNAL')) { | ||||
|     return; | ||||
| } | ||||
|   | ||||
| @@ -1,5 +1,9 @@ | ||||
| <?php # $Id$ | ||||
|  | ||||
| if (IN_serendipity !== true) { | ||||
|     die ("Don't hack!"); | ||||
| } | ||||
|      | ||||
| $probelang = dirname(__FILE__) . '/lang_' . $serendipity['lang'] . '.inc.php'; | ||||
| if (file_exists($probelang)) { | ||||
|     include $probelang; | ||||
|   | ||||
		Reference in New Issue
	
	Block a user