Revision 707
Added by doc almost 17 years ago
| trunk/CHANGELOG | ||
|---|---|---|
| 11 | 11 |
! = Update/Change |
| 12 | 12 |
|
| 13 | 13 |
------------------------------------- 2.7.0 ------------------------------------- |
| 14 |
18-Feb-2008 Christian Sommer |
|
| 15 |
! Modified news module to create a default index.php during installation (directory spoofing) |
|
| 14 | 16 |
17-Feb-2008 Matthias Gallas |
| 15 | 17 |
- Removed colloquially german language files as the filename causes issues |
| 16 | 18 |
17-Feb-2008 Christian Sommer |
| ... | ... | |
| 74 | 76 |
! changed last remaining call to my_htmlspecialchars() to htmlspecialchars() |
| 75 | 77 |
# fixed path in jscalendar-css |
| 76 | 78 |
01-Feb-2008 Christian Sommer |
| 77 |
# Added default index.php to all folders to prevent directory spoofing
|
|
| 79 |
# Added default index.php to all folders (directory spoofing)
|
|
| 78 | 80 |
01-Feb-2008 Thomas Hornik |
| 79 | 81 |
# Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF']. |
| 80 | 82 |
# Fixed possible XSS-vulnerability in wb/search/search.php |
| trunk/wb/modules/news/install.php | ||
|---|---|---|
| 133 | 133 |
|
| 134 | 134 |
// Make news post access files dir |
| 135 | 135 |
require_once(WB_PATH.'/framework/functions.php'); |
| 136 |
make_dir(WB_PATH.PAGES_DIRECTORY.'/posts'); |
|
| 137 |
|
|
| 138 |
} |
|
| 136 |
if(make_dir(WB_PATH.PAGES_DIRECTORY.'/posts')) {
|
|
| 137 |
// Add a index.php file to prevent directory spoofing |
|
| 138 |
$content = ''. |
|
| 139 |
"<?php |
|
| 139 | 140 |
|
| 141 |
/* |
|
| 142 |
|
|
| 143 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 144 |
Copyright (C) 2004-2008, Ryan Djurovich |
|
| 145 |
|
|
| 146 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 147 |
it under the terms of the GNU General Public License as published by |
|
| 148 |
the Free Software Foundation; either version 2 of the License, or |
|
| 149 |
(at your option) any later version. |
|
| 150 |
|
|
| 151 |
Website Baker is distributed in the hope that it will be useful, |
|
| 152 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 153 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 154 |
GNU General Public License for more details. |
|
| 155 |
|
|
| 156 |
You should have received a copy of the GNU General Public License |
|
| 157 |
along with Website Baker; if not, write to the Free Software |
|
| 158 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 159 |
|
|
| 160 |
*/ |
|
| 161 |
|
|
| 162 |
header('Location: ../');
|
|
| 163 |
?>"; |
|
| 164 |
$handle = fopen(WB_PATH.PAGES_DIRECTORY.'/posts/index.php', 'w'); |
|
| 165 |
fwrite($handle, $content); |
|
| 166 |
fclose($handle); |
|
| 167 |
change_mode(WB_PATH.PAGES_DIRECTORY.'/posts/index.php', 'file'); |
|
| 168 |
} |
|
| 169 |
}; |
|
| 170 |
|
|
| 140 | 171 |
?> |
Also available in: Unified diff
Modified news module to create a default index.php during installation (directory spoofing)