Project

General

Profile

« Previous | Next » 

Revision 4

Added by Manuela almost 7 years ago

install:: security issue fixed. Now save.php only can be called from form inside index.php

View differences:

save.php
16 16 
 *
17 17 
 */
18 18 

  		




  19
  
  
    
$debug = false;


  		




  20
  
  
    

  		




  21
  
  
    
if (true === $debug) {


  		




  22
  
  
    
    ini_set('display_errors', 1);


  		




  23
  
  
    
    error_reporting(E_ALL);


  		




  24
  
  
    
}


  		




  25
  
  
    
// Start a session


  		




  26
  
  
    
if (!defined('SESSION_STARTED')) {


  		




  27
  
  
    
    session_name('wb-installer');


  		




  28
  
  
    
    session_start();


  		




  29
  
  
    
    define('SESSION_STARTED', true);


  		




  30
  
  
    
}


  		




  31
  
  
    
// get random-part for session_name()


  		




  32
  
  
    
list($usec,$sec) = explode(' ',microtime());


  		




  33
  
  
    
srand((float)$sec+((float)$usec*100000));


  		




  34
  
  
    
$session_rand = rand(1000,9999);


  		




  35
  
  
    

  		




  36
  19
  
    
// Function to set error


  		




  37
  
  
    
function set_error($message, $field_name = '') {


  		




  38
  
  
    
//    global $_POST;


  		




  39
  
  
    
    if (isset($message) AND $message != '') {


  		




  40
  
  
    
        // Copy values entered into session so user doesn't have to re-enter everything


  		




  41
  
  
    
        if (isset($_POST['website_title'])) {


  		




  42
  
  
    
            $_SESSION['wb_url'] = $_POST['wb_url'];


  		




  43
  
  
    
            $_SESSION['default_timezone'] = $_POST['default_timezone'];


  		




  44
  
  
    
            $_SESSION['default_language'] = $_POST['default_language'];


  		




  45
  
  
    
            if (!isset($_POST['operating_system'])) {


  		




  46
  
  
    
                $_SESSION['operating_system'] = 'linux';


  		




  47
  
  
    
            } else {


  		




  48
  
  
    
                $_SESSION['operating_system'] = $_POST['operating_system'];


  		




  
  20
  
    
    function set_error($message, $field_name = '') {


  		




  
  21
  
    
    //    global $_POST;


  		




  
  22
  
    
        if (isset($message) AND $message != '') {


  		




  
  23
  
    
            // first clean session before fill up with values to remember


  		




  
  24
  
    
            $_SESSION = [];


  		




  
  25
  
    
            // Copy values entered into session so user doesn't have to re-enter everything


  		




  
  26
  
    
            if (isset($_POST['website_title'])) {


  		




  
  27
  
    
                $_SESSION['wb_url'] = $_POST['wb_url'];


  		




  
  28
  
    
                $_SESSION['default_timezone'] = $_POST['default_timezone'];


  		




  
  29
  
    
                $_SESSION['default_language'] = $_POST['default_language'];


  		




  
  30
  
    
                if (!isset($_POST['operating_system'])) {


  		




  
  31
  
    
                    $_SESSION['operating_system'] = 'linux';


  		




  
  32
  
    
                } else {


  		




  
  33
  
    
                    $_SESSION['operating_system'] = $_POST['operating_system'];


  		




  
  34
  
    
                }


  		




  
  35
  
    
                $_SESSION['world_writeable'] = (bool) isset($_POST['world_writeable']) ? $_POST['world_writeable'] : false;


  		




  
  36
  
    
                $_SESSION['database_host'] = $_POST['database_host'];


  		




  
  37
  
    
                $_SESSION['database_username'] = $_POST['database_username'];


  		




  
  38
  
    
                $_SESSION['database_password'] = $_POST['database_password'];


  		




  
  39
  
    
                $_SESSION['database_name'] = $_POST['database_name'];


  		




  
  40
  
    
                $_SESSION['table_prefix'] = $_POST['table_prefix'];


  		




  
  41
  
    
                $_SESSION['install_tables'] = (bool) isset($_POST['install_tables']) ? $_POST['install_tables'] : false;


  		




  
  42
  
    
                $_SESSION['website_title'] = $_POST['website_title'];


  		




  
  43
  
    
                $_SESSION['admin_username'] = $_POST['admin_username'];


  		




  
  44
  
    
                $_SESSION['admin_email'] = $_POST['admin_email'];


  		




  
  45
  
    
                $_SESSION['admin_password'] = $_POST['admin_password'];


  		




  
  46
  
    
                $_SESSION['admin_repassword'] = $_POST['admin_repassword'];


  		




  49
  47
  
    
            }


  		




  50
  
  
    
            if (!isset($_POST['world_writeable'])) {


  		




  51
  
  
    
                $_SESSION['world_writeable'] = false;


  		




  52
  
  
    
            } else {


  		




  53
  
  
    
                $_SESSION['world_writeable'] = true;


  		




  
  48
  
    
            // Set the message


  		




  
  49
  
    
            $_SESSION['message'] = $message;


  		




  
  50
  
    
            // Set the element(s) to highlight


  		




  
  51
  
    
            if ($field_name != '') {


  		




  
  52
  
    
                $_SESSION['ERROR_FIELD'] = $field_name;


  		




  54
  53
  
    
            }


  		




  55
  
  
    
            $_SESSION['database_host'] = $_POST['database_host'];


  		




  56
  
  
    
            $_SESSION['database_username'] = $_POST['database_username'];


  		




  57
  
  
    
            $_SESSION['database_password'] = $_POST['database_password'];


  		




  58
  
  
    
            $_SESSION['database_name'] = $_POST['database_name'];


  		




  59
  
  
    
            $_SESSION['table_prefix'] = $_POST['table_prefix'];


  		




  60
  
  
    
            if (!isset($_POST['install_tables'])) {


  		




  61
  
  
    
                $_SESSION['install_tables'] = false;


  		




  62
  
  
    
            } else {


  		




  63
  
  
    
                $_SESSION['install_tables'] = true;


  		




  64
  
  
    
            }


  		




  65
  
  
    
            $_SESSION['website_title'] = $_POST['website_title'];


  		




  66
  
  
    
            $_SESSION['admin_username'] = $_POST['admin_username'];


  		




  67
  
  
    
            $_SESSION['admin_email'] = $_POST['admin_email'];


  		




  68
  
  
    
            $_SESSION['admin_password'] = $_POST['admin_password'];


  		




  69
  
  
    
            $_SESSION['admin_repassword'] = $_POST['admin_repassword'];


  		




  
  54
  
    
            // Specify that session support is enabled


  		




  
  55
  
    
            $_SESSION['session_support'] = '<font class="good">Enabled</font>';


  		




  
  56
  
    
            // Redirect to first page again and exit


  		




  
  57
  
    
            header('Location: index.php?sessions_checked=true');


  		




  
  58
  
    
            exit();


  		




  70
  59
  
    
        }


  		




  71
  
  
    
        // Set the message


  		




  72
  
  
    
        $_SESSION['message'] = $message;


  		




  73
  
  
    
        // Set the element(s) to highlight


  		




  74
  
  
    
        if ($field_name != '') {


  		




  75
  
  
    
            $_SESSION['ERROR_FIELD'] = $field_name;


  		




  76
  
  
    
        }


  		




  77
  
  
    
        // Specify that session support is enabled


  		




  78
  
  
    
        $_SESSION['session_support'] = '<font class="good">Enabled</font>';


  		




  79
  
  
    
        // Redirect to first page again and exit


  		




  80
  
  
    
        header('Location: index.php?sessions_checked=true');


  		




  81
  
  
    
        exit();


  		




  82
  60
  
    
    }


  		




  83
  
  
    
}


  		




  84
  61
  
    
/* */


  		




  85
  62
  
    

  		




  86
  63
  
    
// Function to workout what the default permissions are for files created by the webserver


  		




  87
  
  
    
function default_file_mode($temp_dir) {


  		




  88
  
  
    
    if (version_compare(PHP_VERSION, '5.3.6', '>=') && is_writable($temp_dir)) {


  		




  89
  
  
    
        $filename = $temp_dir.'/test_permissions.txt';


  		




  90
  
  
    
        $handle = fopen($filename, 'w');


  		




  91
  
  
    
        fwrite($handle, 'This file is to get the default file permissions');


  		




  92
  
  
    
        fclose($handle);


  		




  93
  
  
    
        $default_file_mode = '0'.substr(sprintf('%o', fileperms($filename)), -3);


  		




  94
  
  
    
        unlink($filename);


  		




  95
  
  
    
    } else {


  		




  96
  
  
    
        $default_file_mode = '0777';


  		




  
  64
  
    
    function default_file_mode($temp_dir) {


  		




  
  65
  
    
        if (version_compare(PHP_VERSION, '5.3.6', '>=') && is_writable($temp_dir)) {


  		




  
  66
  
    
            $filename = $temp_dir.'/test_permissions.txt';


  		




  
  67
  
    
            $handle = fopen($filename, 'w');


  		




  
  68
  
    
            fwrite($handle, 'This file is to get the default file permissions');


  		




  
  69
  
    
            fclose($handle);


  		




  
  70
  
    
            $default_file_mode = '0'.substr(sprintf('%o', fileperms($filename)), -3);


  		




  
  71
  
    
            unlink($filename);


  		




  
  72
  
    
        } else {


  		




  
  73
  
    
            $default_file_mode = '0777';


  		




  
  74
  
    
        }


  		




  
  75
  
    
        return $default_file_mode;


  		




  97
  76
  
    
    }


  		




  98
  
  
    
    return $default_file_mode;


  		




  99
  
  
    
}


  		




  100
  77
  
    

  		




  101
  78
  
    
// Function to workout what the default permissions are for directories created by the webserver


  		




  102
  
  
    
function default_dir_mode($temp_dir) {


  		




  103
  
  
    
    if (version_compare(PHP_VERSION, '5.3.6', '>=') && is_writable($temp_dir)) {


  		




  104
  
  
    
        $dirname = $temp_dir.'/test_permissions/';


  		




  105
  
  
    
        mkdir($dirname);


  		




  106
  
  
    
        $default_dir_mode = '0'.substr(sprintf('%o', fileperms($dirname)), -3);


  		




  107
  
  
    
        rmdir($dirname);


  		




  108
  
  
    
    } else {


  		




  109
  
  
    
        $default_dir_mode = '0777';


  		




  
  79
  
    
    function default_dir_mode($temp_dir) {


  		




  
  80
  
    
        if (version_compare(PHP_VERSION, '5.3.6', '>=') && is_writable($temp_dir)) {


  		




  
  81
  
    
            $dirname = $temp_dir.'/test_permissions/';


  		




  
  82
  
    
            mkdir($dirname);


  		




  
  83
  
    
            $default_dir_mode = '0'.substr(sprintf('%o', fileperms($dirname)), -3);


  		




  
  84
  
    
            rmdir($dirname);


  		




  
  85
  
    
        } else {


  		




  
  86
  
    
            $default_dir_mode = '0777';


  		




  
  87
  
    
        }


  		




  
  88
  
    
        return $default_dir_mode;


  		




  110
  89
  
    
    }


  		




  111
  
  
    
    return $default_dir_mode;


  		




  112
  
  
    
}


  		




  113
  90
  
    

  		




  114
  
  
    
function add_slashes($input) {


  		




  115
  
  
    
    if (get_magic_quotes_gpc() || ( !is_string($input) )) {


  		




  116
  
  
    
        return $input;


  		




  
  91
  
    
    function add_slashes($sInput) {


  		




  
  92
  
    
    //    if (get_magic_quotes_gpc() || ( !is_string($input) )) {


  		




  
  93
  
    
    //        return $input;


  		




  
  94
  
    
    //    }


  		




  
  95
  
    
    //    $output = addslashes($input);


  		




  
  96
  
    
    //    return $output;


  		




  
  97
  
    
        return $sInput;


  		




  117
  98
  
    
    }


  		




  118
  
  
    
    $output = addslashes($input);


  		




  119
  
  
    
    return $output;


  		




  
  99
  
    
//


  		




  
  100
  
    
// ************************************************************************************ //


  		




  
  101
  
    
//


  		




  
  102
  
    

  		




  
  103
  
    
$debug = false;


  		




  
  104
  
    

  		




  
  105
  
    
if (true === $debug) {


  		




  
  106
  
    
    ini_set('display_errors', 1);


  		




  
  107
  
    
    error_reporting(E_ALL);


  		




  120
  108
  
    
}


  		




  
  109
  
    
// Start a session


  		




  
  110
  
    
if (!defined('SESSION_STARTED')) {


  		




  
  111
  
    
    session_name('wb-installer');


  		




  
  112
  
    
    session_start();


  		




  
  113
  
    
    define('SESSION_STARTED', true);


  		




  
  114
  
    
}


  		




  
  115
  
    
$bTokenOk = false;


  		




  
  116
  
    
if (isset($_SESSION['token']) && isset($_POST[$_SESSION['token']['name']])) {


  		




  
  117
  
    
    $bTokenOk = (bool) ($_POST[$_SESSION['token']['name']] == $_SESSION['token']['value']);


  		




  
  118
  
    
}


  		




  
  119
  
    
if (!$bTokenOk) { throw new RuntimeException('Illegal file access detected!!'); }


  		




  
  120
  
    
unset($_SESSION['token']);


  		




  121
  121
  
    

  		




  122
  122
  
    
// Begin check to see if form was even submitted


  		




  123
  123
  
    
// Set error if no post vars found


  		




  ......




  153
  153
  
    
    $default_language = $_POST['default_language'];


  		




  154
  154
  
    
    // make sure the selected language file exists in the language folder


  		




  155
  155
  
    
    if (!file_exists('../languages/' .$default_language .'.php')) {


  		




  156
  
  
    
        set_error('The language file: \'' .$default_language .'.php\' is missing. Upload file to language folder or choose another language','default_language');


  		




  
  156
  
    
        set_error(


  		




  
  157
  
    
            'The language file: \'' .$default_language .'.php\' is missing. '.


  		




  
  158
  
    
            'Upload file to language folder or choose another language',


  		




  
  159
  
    
            'default_language'


  		




  
  160
  
    
        );


  		




  157
  161
  
    
    }


  		




  158
  162
  
    
}


  		




  159
  163
  
    
// End default language details code


  		




  ......




  376
  380
  
    
    .'(\'wb_sp\', \''.SP.'\'),'


  		




  377
  381
  
    
    .'(\'website_title\', \''.$website_title.'\'),'


  		




  378
  382
  
    
    .'(\'default_language\', \''.$default_language.'\'),'


  		




  379
  
  
    
    .'(\'app_name\', \'wb-'.$session_rand.'\'),'


  		




  
  383
  
    
    .'(\'app_name\', \'wb-'.(string) rand(1000, 9999).'\'),'


  		




  380
  384
  
    
    .'(\'default_timezone\', \''.$default_timezone.'\'),'


  		




  381
  385
  
    
    .'(\'operating_system\', \''.$operating_system.'\'),'


  		




  382
  386
  
    
    .'(\'string_dir_mode\', \''.$dir_mode.'\'),'


  		




  ......




  427
  431
  
    
class admin_dummy extends admin


  		




  428
  432
  
    
{


  		




  429
  433
  
    
    public $error='';


  		




  
  434
  
    
    // overwrite method from parent


  		




  430
  435
  
    
    public function print_error($message, $link = 'index.php', $auto_footer = true)


  		




  431
  436
  
    
    {


  		




  432
  437
  
    
        $this->error=$message;


  		




  ......




  443
  448
  
    
$admin = new admin_dummy('Start','',false,false);


  		




  444
  449
  
    

  		




  445
  450
  
    
// Load addons into DB


  		




  446
  
  
    
$dirs['modules']   = WB_PATH.'/modules/';


  		




  447
  
  
    
$dirs['templates'] = WB_PATH.'/templates/';


  		




  448
  
  
    
$dirs['languages'] = WB_PATH.'/languages/';


  		




  449
  451
  
    

  		




  450
  
  
    
foreach ($dirs as $type => $dir) {


  		




  451
  
  
    
    if ($handle = opendir($dir)) {


  		




  452
  
  
    
        while (false !== ($file = readdir($handle))) {


  		




  453
  
  
    
            if ($file != '' AND substr($file, 0, 1) != '.' AND $file != 'admin.php' AND $file != 'index.php') {


  		




  454
  
  
    
                // Get addon type


  		




  455
  
  
    
                if ($type == 'modules') {


  		




  456
  
  
    
                    load_module($dir.'/'.$file, true);


  		




  457
  
  
    
                    // Pretty ugly hack to let modules run $admin->set_error


  		




  458
  
  
    
                    // See dummy class definition admin_dummy above


  		




  459
  
  
    
                    if ($admin->error!='') {


  		




  460
  
  
    
                        set_error($admin->error);


  		




  461
  
  
    
                    }


  		




  462
  
  
    
                } elseif ($type == 'templates') {


  		




  463
  
  
    
                    load_template($dir.'/'.$file);


  		




  464
  
  
    
                } elseif ($type == 'languages') {


  		




  465
  
  
    
                    load_language($dir.'/'.$file);


  		




  466
  
  
    
                }


  		




  467
  
  
    
            }


  		




  
  452
  
    
    $sOldWorkingDir = getcwd();


  		




  
  453
  
    
    foreach (glob(WB_PATH.'/modules/*', GLOB_ONLYDIR) as $sModule) {


  		




  
  454
  
    
        load_module($sModule, true);


  		




  
  455
  
    
        if ($admin->error!='') {


  		




  
  456
  
    
            set_error($admin->error);


  		




  468
  457
  
    
        }


  		




  469
  
  
    
    closedir($handle);


  		




  470
  458
  
    
    }


  		




  471
  
  
    
}


  		




  
  459
  
    
    foreach (glob(WB_PATH.'/templates/*', GLOB_ONLYDIR) as $sTemplate) {


  		




  
  460
  
    
        load_template($sTemplate);


  		




  
  461
  
    
    }


  		




  
  462
  
    
    foreach (glob(WB_PATH.'/languages/??.php') as $sLanguage) {


  		




  
  463
  
    
        load_language($sLanguage);


  		




  
  464
  
    
    }


  		




  
  465
  
    

  		




  472
  466
  
    
// Check if there was a database error


  		




  473
  467
  
    
if ($database->is_error()) {


  		




  474
  468
  
    
    set_error($database->get_error());


  		












Also available in:  Unified diff