xinha security issue, temporarily disabled all PHP plugins

2010-12-21 19:46:29 +00:00 · 2010-12-21 19:46:29 +00:00 · 429f9aff34
commit 429f9aff34
parent e46563693c
11 changed files with 11 additions and 25 deletions
--- a/htmlarea/contrib/php-xinha.php
+++ b/htmlarea/contrib/php-xinha.php
@ -1,4 +1,5 @@
 <?php
+die('disabled in s9y');
  /** Write the appropriate xinha_config directives to pass data to a PHP (Plugin) backend file.
   *
   *  ImageManager Example:
--- a/htmlarea/examples/files/ext_example-dest.php
+++ b/htmlarea/examples/files/ext_example-dest.php
@ -1,23 +0,0 @@
-<html>
-<head>
-  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <title>Example of Xinha</title>
-  <link rel="stylesheet" href="full_example.css" />
-</head>
-<body>
-<?php
-if (get_magic_quotes_gpc()) {
-  $_REQUEST = array_map('stripslashes',$_REQUEST);
-}
-// or in php.ini
-//; Magic quotes for incoming GET/POST/Cookie data.
-//magic_quotes_gpc = Off
-  foreach($_REQUEST as $key=>$value){
-    if(substr($key,0,10) == 'myTextarea') {
-      echo '<h3 style="border-bottom:1px solid black;">'.$key.'(source):</h3><xmp style="border:1px solid black; width: 100%; height: 200px; overflow: auto;">'.$value.'</xmp><br/>';
-      echo '<h3 style="border-bottom:1px solid black;">'.$key.'(preview):</h3>'.$value;
-    }
-  }
-?>
-</body>
-</html>
--- a/htmlarea/plugins/ExtendedFileManager/config.inc.php
+++ b/htmlarea/plugins/ExtendedFileManager/config.inc.php
@ -1,4 +1,5 @@
 <?php
+die('disabled in s9y');
 /**
 * ExtendedFileManager configuration file.
 * Authors: Wei Zhuo, Afru
--- a/htmlarea/plugins/FormOperations/formmail.php
+++ b/htmlarea/plugins/FormOperations/formmail.php
@ -1,5 +1,5 @@
 <?php
-
+die('disabled in s9y');
  $send_to      = 'Website Enquiries <enquiries@' . preg_replace('/^www./', '', $_SERVER['HTTP_HOST']) . '>';

  $emailfield   = NULL;
--- a/htmlarea/plugins/HtmlTidy/html-tidy-logic.php
+++ b/htmlarea/plugins/HtmlTidy/html-tidy-logic.php
@ -1,4 +1,6 @@
 <?php 
+die('disabled in s9y');
+
 ##
 ##  Plugin for htmlArea, to run code through the server's HTML Tidy
 ##   By Adam Wright, for The University of Western Australia
--- a/htmlarea/plugins/ImageManager/config.inc.php
+++ b/htmlarea/plugins/ImageManager/config.inc.php
@ -1,4 +1,5 @@
 <?php
+die('disabled in s9y');
 /**
 * Image Manager configuration file.
 * @author $Author:gogo $
--- a/htmlarea/plugins/InsertPicture/InsertPicture.php
+++ b/htmlarea/plugins/InsertPicture/InsertPicture.php
@ -1,4 +1,5 @@
 <?PHP
+die('disabled in s9y');
  //this plugin only use the relativ webpath to the picturefolder
  //default ~  /Xinha/plugins/InsertPicture/demo_pictures/
  strstr( PHP_OS, "WIN") ? $strPathSeparator = "\\" : $strPathSeparator = "/";
--- a/htmlarea/plugins/InsertSnippet/snippets.php
+++ b/htmlarea/plugins/InsertSnippet/snippets.php
@ -1,4 +1,5 @@
 <?php
+die('disabled in s9y');
 $snippets_file = 'snippets.html';

 include_once('../../contrib/php-xinha.php');
--- a/htmlarea/plugins/SpellChecker/aspell_setup.php
+++ b/htmlarea/plugins/SpellChecker/aspell_setup.php
@ -4,7 +4,7 @@
 // 2005-08-17 YmL:
 //	.	security fix on unchecked variables. Original author missed quite a few
 //		holes.
-
+die('disabled in s9y');
  umask(000);
  $temptext = tempnam('/tmp', 'spell_');
  if ((!isset($_POST['dictionary'])) || (strlen(trim($_POST['dictionary'])) < 1))
--- a/htmlarea/plugins/SpellChecker/spell-check-logic.php
+++ b/htmlarea/plugins/SpellChecker/spell-check-logic.php
@ -1,4 +1,5 @@
 <?php
+die('disabled in s9y');
  $text = stripslashes($_POST['content']);

  // Convert UTF-8 multi-bytes into decimal character entities.  This is because
--- a/htmlarea/plugins/SuperClean/tidy.php
+++ b/htmlarea/plugins/SuperClean/tidy.php
@ -1,4 +1,5 @@
 <?php
+die('disabled in s9y');
  /** This PHP file is intended for use with XMLHTTPRequest from Xinha
   * it requrns javascript to set the Xinha html with tidied html that is
   * submitted in a $_POST parameter called 'content'