Index: trunk/CHANGELOG
===================================================================
--- trunk/CHANGELOG	(revision 706)
+++ trunk/CHANGELOG	(revision 707)
@@ -11,6 +11,8 @@
 ! = Update/Change
 
 ------------------------------------- 2.7.0 -------------------------------------
+18-Feb-2008	Christian Sommer
+!	Modified news module to create a default index.php during installation (directory spoofing)
 17-Feb-2008	Matthias Gallas
 -	Removed colloquially german language files as the filename causes issues
 17-Feb-2008	Christian Sommer
@@ -74,7 +76,7 @@
 !	changed last remaining call to my_htmlspecialchars() to htmlspecialchars()
 #	fixed path in jscalendar-css
 01-Feb-2008 Christian Sommer
-#	Added default index.php to all folders to prevent directory spoofing
+#	Added default index.php to all folders (directory spoofing)
 01-Feb-2008 Thomas Hornik
 #	Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].
 #	Fixed possible XSS-vulnerability in wb/search/search.php
Index: trunk/wb/modules/news/install.php
===================================================================
--- trunk/wb/modules/news/install.php	(revision 706)
+++ trunk/wb/modules/news/install.php	(revision 707)
@@ -133,8 +133,39 @@
 	
 	// Make news post access files dir
 	require_once(WB_PATH.'/framework/functions.php');
-	make_dir(WB_PATH.PAGES_DIRECTORY.'/posts');
-	
-}
+	if(make_dir(WB_PATH.PAGES_DIRECTORY.'/posts')) {
+		// Add a index.php file to prevent directory spoofing
+		$content = ''.
+"<?php
 
+/*
+
+ Website Baker Project <http://www.websitebaker.org/>
+ Copyright (C) 2004-2008, Ryan Djurovich
+
+ Website Baker is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ Website Baker is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with Website Baker; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+header('Location: ../');
+?>";
+		$handle = fopen(WB_PATH.PAGES_DIRECTORY.'/posts/index.php', 'w');
+		fwrite($handle, $content);
+		fclose($handle);
+		change_mode(WB_PATH.PAGES_DIRECTORY.'/posts/index.php', 'file');
+	}
+};
+
 ?>
\ No newline at end of file