Charter
02-23-2004, 10:27 AM
Hi. If you use PHPDIG_ADM_AUTH in the config.php file, rather than say htaccess, to protect the admin directory, then it is possible for someone to directly access the spider.php file via a browser.
To fix this in versions 1.6.5 and 1.8.0 do the following.
In spider.php find the following code and add the line indicated:
else {
//include "$relative_script_path/libs/auth.php";
$run_mode = 'http';
$br = "<br />\n";
$hr = "<hr />\n";
$s_yes = "<img src='yes.gif' width='10' height='10' border='0' align='middle' alt='' />";
$s_no = "<img src='no.gif' width='10' height='10' border='0' align='middle' alt='' />";
$s_link = " <a href='@url' target='_blank'>@url</a> ";
$relative_script_path = '..';
include "$relative_script_path/includes/config.php";
include "$relative_script_path/libs/auth.php"; // add this line here
}
Remember to remove any "word" wrapping in the above code.
If you are using a version earlier than 1.6.5, then you will need to get a later version and apply the above patch.
If you download (http://www.phpdig.net/navigation.php?action=download) version 1.6.5 or 1.8.0 after the date of this post, the above patch has already been applied.
To fix this in versions 1.6.5 and 1.8.0 do the following.
In spider.php find the following code and add the line indicated:
else {
//include "$relative_script_path/libs/auth.php";
$run_mode = 'http';
$br = "<br />\n";
$hr = "<hr />\n";
$s_yes = "<img src='yes.gif' width='10' height='10' border='0' align='middle' alt='' />";
$s_no = "<img src='no.gif' width='10' height='10' border='0' align='middle' alt='' />";
$s_link = " <a href='@url' target='_blank'>@url</a> ";
$relative_script_path = '..';
include "$relative_script_path/includes/config.php";
include "$relative_script_path/libs/auth.php"; // add this line here
}
Remember to remove any "word" wrapping in the above code.
If you are using a version earlier than 1.6.5, then you will need to get a later version and apply the above patch.
If you download (http://www.phpdig.net/navigation.php?action=download) version 1.6.5 or 1.8.0 after the date of this post, the above patch has already been applied.