mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-27 17:00:52 +01:00
SECURITY: prevent a DoS attack by disabling HTTP access to tools/ scripts.
This commit is contained in:
parent
c5c356e077
commit
5f7e62142c
@ -13,7 +13,7 @@ error_reporting(E_ALL);
|
|||||||
set_time_limit(0);
|
set_time_limit(0);
|
||||||
$shell_path = getcwd();
|
$shell_path = getcwd();
|
||||||
|
|
||||||
if (isset ($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $_SERVER['REMOTE_ADDR'] != '::1') {
|
if (php_sapi_name() != 'cli') {
|
||||||
die("This script is executable only from Command Line Interface.");
|
die("This script is executable only from Command Line Interface.");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -48,59 +48,4 @@ $mod = Array(
|
|||||||
'boards' => Array('*')
|
'boards' => Array('*')
|
||||||
);
|
);
|
||||||
|
|
||||||
function get_httpd_privileges() {
|
|
||||||
global $config, $shell_path, $argv;
|
|
||||||
|
|
||||||
if(php_sapi_name() != 'cli')
|
|
||||||
die("get_httpd_privileges(): invoked from HTTP client.\n");
|
|
||||||
|
|
||||||
echo "Dropping priviledges...\n";
|
|
||||||
|
|
||||||
if(!is_writable('.'))
|
|
||||||
die("get_httpd_privileges(): web directory is not writable\n");
|
|
||||||
|
|
||||||
$filename = '.' . md5(rand()) . '.php';
|
|
||||||
$inc_filename = '.' . md5(rand()) . '.php';
|
|
||||||
|
|
||||||
echo "Copying rebuilder to web directory...\n";
|
|
||||||
|
|
||||||
// replace "/inc/cli.php" with its new filename
|
|
||||||
passthru("cat " . escapeshellarg($shell_path . '/' . $_SERVER['PHP_SELF']) . " | sed \"s/'\/inc\/cli\.php'/'\/{$inc_filename}'/\" > {$filename}");
|
|
||||||
|
|
||||||
$inc_header = "<?php\n";
|
|
||||||
|
|
||||||
// copy environment
|
|
||||||
$env = explode("\n", shell_exec('printenv | grep ^TINYBOARD'));
|
|
||||||
foreach($env as $line) {
|
|
||||||
if(!empty($line))
|
|
||||||
$inc_header .= "putenv('" . addslashes($line) . "');\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
// copy command line arguments
|
|
||||||
$inc_header .= "\$argv = " . var_export($argv, true) . ";\n";
|
|
||||||
|
|
||||||
// copy this file
|
|
||||||
file_put_contents($inc_filename, $inc_header . substr($inc = file_get_contents(__FILE__), strpos($inc, "\n")));
|
|
||||||
|
|
||||||
chmod($filename, 0666);
|
|
||||||
chmod($inc_filename, 0666);
|
|
||||||
|
|
||||||
if(preg_match('/^https?:\/\//', $config['root'])) {
|
|
||||||
$url = $config['root'] . $filename;
|
|
||||||
} elseif($host = getenv('TINYBOARD_HOST')) {
|
|
||||||
$url = 'http://' . $host . $config['root'] . $filename;
|
|
||||||
} else {
|
|
||||||
// assume localhost
|
|
||||||
$url = 'http://localhost' . $config['root'] . $filename;
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "Downloading $url\n";
|
|
||||||
|
|
||||||
passthru('curl -s -N ' . escapeshellarg($url));
|
|
||||||
|
|
||||||
unlink($filename);
|
|
||||||
unlink($inc_filename);
|
|
||||||
|
|
||||||
exit(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
@ -21,10 +21,6 @@
|
|||||||
|
|
||||||
require dirname(__FILE__) . '/inc/cli.php';
|
require dirname(__FILE__) . '/inc/cli.php';
|
||||||
|
|
||||||
if(!is_writable($config['file_script'])) {
|
|
||||||
get_httpd_privileges();
|
|
||||||
}
|
|
||||||
|
|
||||||
$start = microtime(true);
|
$start = microtime(true);
|
||||||
|
|
||||||
// parse command line
|
// parse command line
|
||||||
|
@ -4,10 +4,6 @@
|
|||||||
|
|
||||||
require dirname(__FILE__) . '/inc/cli.php';
|
require dirname(__FILE__) . '/inc/cli.php';
|
||||||
|
|
||||||
if(!is_writable($config['file_script'])) {
|
|
||||||
get_httpd_privileges();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!isset ($argv[1])) {
|
if (!isset ($argv[1])) {
|
||||||
die("Usage: tools/recount-bumps.php board_uri\n");
|
die("Usage: tools/recount-bumps.php board_uri\n");
|
||||||
}
|
}
|
||||||
|
@ -2,10 +2,6 @@
|
|||||||
<?php
|
<?php
|
||||||
require dirname(__FILE__) . '/inc/cli.php';
|
require dirname(__FILE__) . '/inc/cli.php';
|
||||||
|
|
||||||
if(!is_writable($config['file_script'])) {
|
|
||||||
get_httpd_privileges();
|
|
||||||
}
|
|
||||||
|
|
||||||
$variants = [["hour", 3600], ["day", 3600*24], ["3 days", 3600*24*3],
|
$variants = [["hour", 3600], ["day", 3600*24], ["3 days", 3600*24*3],
|
||||||
["week", 3600*24*7], ["month", 3600*24*7*30]];
|
["week", 3600*24*7], ["month", 3600*24*7*30]];
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user