mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-23 23:20:57 +01:00
SECURITY: prevent a DoS attack by disabling HTTP access to tools/ scripts.
This commit is contained in:
czaks
parent
c5c356e077
commit
5f7e62142c
@ -13,7 +13,7 @@ error_reporting(E_ALL);
|
||||
set_time_limit(0);
|
||||
$shell_path = getcwd();
|
||||
|
||||
if (isset ($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $_SERVER['REMOTE_ADDR'] != '::1') {
|
||||
if (php_sapi_name() != 'cli') {
|
||||
die("This script is executable only from Command Line Interface.");
|
||||
}
|
||||
|
||||
@ -48,59 +48,4 @@ $mod = Array(
|
||||
'boards' => Array('*')
|
||||
);
|
||||
|
||||
function get_httpd_privileges() {
|
||||
global $config, $shell_path, $argv;
|
||||
|
||||
if(php_sapi_name() != 'cli')
|
||||
die("get_httpd_privileges(): invoked from HTTP client.\n");
|
||||
|
||||
echo "Dropping priviledges...\n";
|
||||
|
||||
if(!is_writable('.'))
|
||||
die("get_httpd_privileges(): web directory is not writable\n");
|
||||
|
||||
$filename = '.' . md5(rand()) . '.php';
|
||||
$inc_filename = '.' . md5(rand()) . '.php';
|
||||
|
||||
echo "Copying rebuilder to web directory...\n";
|
||||
|
||||
// replace "/inc/cli.php" with its new filename
|
||||
passthru("cat " . escapeshellarg($shell_path . '/' . $_SERVER['PHP_SELF']) . " | sed \"s/'\/inc\/cli\.php'/'\/{$inc_filename}'/\" > {$filename}");
|
||||
|
||||
$inc_header = "<?php\n";
|
||||
|
||||
// copy environment
|
||||
$env = explode("\n", shell_exec('printenv | grep ^TINYBOARD'));
|
||||
foreach($env as $line) {
|
||||
if(!empty($line))
|
||||
$inc_header .= "putenv('" . addslashes($line) . "');\n";
|
||||
}
|
||||
|
||||
// copy command line arguments
|
||||
$inc_header .= "\$argv = " . var_export($argv, true) . ";\n";
|
||||
|
||||
// copy this file
|
||||
file_put_contents($inc_filename, $inc_header . substr($inc = file_get_contents(__FILE__), strpos($inc, "\n")));
|
||||
|
||||
chmod($filename, 0666);
|
||||
chmod($inc_filename, 0666);
|
||||
|
||||
if(preg_match('/^https?:\/\//', $config['root'])) {
|
||||
$url = $config['root'] . $filename;
|
||||
} elseif($host = getenv('TINYBOARD_HOST')) {
|
||||
$url = 'http://' . $host . $config['root'] . $filename;
|
||||
} else {
|
||||
// assume localhost
|
||||
$url = 'http://localhost' . $config['root'] . $filename;
|
||||
}
|
||||
|
||||
echo "Downloading $url\n";
|
||||
|
||||
passthru('curl -s -N ' . escapeshellarg($url));
|
||||
|
||||
unlink($filename);
|
||||
unlink($inc_filename);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
||||
|
||||
@ -21,10 +21,6 @@
|
||||
|
||||
require dirname(__FILE__) . '/inc/cli.php';
|
||||
|
||||
if(!is_writable($config['file_script'])) {
|
||||
get_httpd_privileges();
|
||||
}
|
||||
|
||||
$start = microtime(true);
|
||||
|
||||
// parse command line
|
||||
|
||||
@ -4,10 +4,6 @@
|
||||
|
||||
require dirname(__FILE__) . '/inc/cli.php';
|
||||
|
||||
if(!is_writable($config['file_script'])) {
|
||||
get_httpd_privileges();
|
||||
}
|
||||
|
||||
if (!isset ($argv[1])) {
|
||||
die("Usage: tools/recount-bumps.php board_uri\n");
|
||||
}
|
||||
|
||||
@ -2,10 +2,6 @@
|
||||
<?php
|
||||
require dirname(__FILE__) . '/inc/cli.php';
|
||||
|
||||
if(!is_writable($config['file_script'])) {
|
||||
get_httpd_privileges();
|
||||
}
|
||||
|
||||
$variants = [["hour", 3600], ["day", 3600*24], ["3 days", 3600*24*3],
|
||||
["week", 3600*24*7], ["month", 3600*24*7*30]];
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user