kashire/lainchan
4
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

SECURITY: disallow execution of cli scripts from webserver context

Browse Source
This commit is contained in:
czaks 2014-01-31 23:37:55 +01:00
parent 858db1ccf9
commit 87677f7ed4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tools/inc/cli.php
View File

@ -13,6 +13,10 @@ error_reporting(E_ALL);
set_time_limit(0); set_time_limit(0);
$shell_path = getcwd(); $shell_path = getcwd();
if (isset ($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $_SERVER['REMOTE_ADDR'] != '::1') {
die("This script is executable only from Command Line Interface.");
}
if(getenv('TINYBOARD_PATH') !== false) if(getenv('TINYBOARD_PATH') !== false)
$dir = getenv('TINYBOARD_PATH'); $dir = getenv('TINYBOARD_PATH');
elseif(file_exists('inc/functions.php')) elseif(file_exists('inc/functions.php'))