PhpDig.net

PhpDig.net (http://www.phpdig.net/forum/index.php)
-   Feedback & News (http://www.phpdig.net/forum/forumdisplay.php?f=25)
-   -   PhpDig - Serious (http://www.phpdig.net/forum/showthread.php?t=565)

Charter 02-23-2004 10:27 AM
PhpDig - Serious
 
Hi. If you use PHPDIG_ADM_AUTH in the config.php file, rather than say htaccess, to protect the admin directory, then it is possible for someone to directly access the spider.php file via a browser.

To fix this in versions 1.6.5 and 1.8.0 do the following.

In spider.php find the following code and add the line indicated:
PHP Code:
else {
    //include "$relative_script_path/libs/auth.php";
    $run_mode 'http';
    $br "<br />\n";
    $hr "<hr />\n";
    $s_yes "<img src='yes.gif' width='10' height='10' border='0' align='middle' alt='' />";
    $s_no  "<img src='no.gif' width='10' height='10' border='0' align='middle' alt='' />";
    $s_link " <a href='@url' target='_blank'>@url</a> ";
    $relative_script_path '..';
    include "$relative_script_path/includes/config.php";
    include "$relative_script_path/libs/auth.php";            // add this line here

Remember to remove any "word" wrapping in the above code.

If you are using a version earlier than 1.6.5, then you will need to get a later version and apply the above patch.

If you download version 1.6.5 or 1.8.0 after the date of this post, the above patch has already been applied.


All times are GMT -8. The time now is 03:32 AM.

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.