From 87677f7ed4d33ae1dd2ac219f06e284e1d10f8ad Mon Sep 17 00:00:00 2001 From: czaks Date: Fri, 31 Jan 2014 23:37:55 +0100 Subject: [PATCH] SECURITY: disallow execution of cli scripts from webserver context --- tools/inc/cli.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/inc/cli.php b/tools/inc/cli.php index 5f78dba1..cff17e34 100644 --- a/tools/inc/cli.php +++ b/tools/inc/cli.php @@ -13,6 +13,10 @@ error_reporting(E_ALL); set_time_limit(0); $shell_path = getcwd(); +if (isset ($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $_SERVER['REMOTE_ADDR'] != '::1') { + die("This script is executable only from Command Line Interface."); +} + if(getenv('TINYBOARD_PATH') !== false) $dir = getenv('TINYBOARD_PATH'); elseif(file_exists('inc/functions.php'))