forked from verdnatura/hedera-web
Solucionados fallos de seguridad en la configuracion y en inyeccion php
This commit is contained in:
Juan Ferrer Toribio
parent
c30dbce493
commit
9943703f61
|
|
@ -0,0 +1 @@
|
|||
/etc/hedera-web/config.php
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
Package: hedera-web
|
||||
Version: 1.0-1
|
||||
Version: 1.0-3
|
||||
Architecture: all
|
||||
Maintainer: Juan Ferrer Toribio <juan@verdnatura.es>
|
||||
Depends: php5-mysql, php5-imap
|
||||
Depends: apache2, php5-mysql
|
||||
Section: misc
|
||||
Priority: optional
|
||||
Description: Verdnatura's web page
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
service apache2 reload
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
service apache2 reload
|
||||
|
||||
|
|
@ -33,7 +33,7 @@ if (Hedera::login ())
|
|||
if (isset ($_REQUEST['action']))
|
||||
$action = $_REQUEST['action'];
|
||||
|
||||
if ($action)
|
||||
if ($action && checkToken ($action))
|
||||
{
|
||||
$actionFile = 'ajax/'. $action .'.php';
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ if (!Hedera::$sysConn->isOpen ())
|
|||
|
||||
// Getting the section
|
||||
|
||||
if (isset ($_GET['section']))
|
||||
if (isset ($_GET['section']) && checkToken ($_GET['section']))
|
||||
$section = $_GET['section'];
|
||||
else
|
||||
$section = 'login';
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ require_once ('php/web/hedera.php');
|
|||
Hedera::init ();
|
||||
Hedera::login ();
|
||||
|
||||
if (isset ($_GET['module']))
|
||||
if (isset ($_GET['module']) && checkToken ($_GET['module']))
|
||||
$module = $_GET['module'];
|
||||
else
|
||||
$module = $conf['defaultModule'];
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
<?php
|
||||
|
||||
require_once ('config.php');
|
||||
require_once ('php/vn/type.php');
|
||||
require_once ('php/vn/locale.php');
|
||||
require_once ('php/vn/error.php');
|
||||
|
|
|
|||
|
|
@ -1,8 +1,20 @@
|
|||
<?php
|
||||
|
||||
$homeConf = $_SERVER['CONTEXT_DOCUMENT_ROOT'].'/../.config/hedera-web/config.php';
|
||||
|
||||
if (file_exists ($homeConf))
|
||||
require_once ($homeConf);
|
||||
else
|
||||
require_once ('/etc/hedera-web/config.php');
|
||||
|
||||
require_once ('php/db/db.php');
|
||||
require_once ('php/web/auth.php');
|
||||
|
||||
function checkToken ($token)
|
||||
{
|
||||
return preg_match ('/^[\w\-]+$/', $token);
|
||||
}
|
||||
|
||||
function ifNull ($map, $key)
|
||||
{
|
||||
return isset ($map[$key]) ? $map[$key] : NULL;
|
||||
|
|
|
|||
Loading…
Reference in New Issue