Hi. If you use PHPDIG_ADM_AUTH in the config.php file, rather than say htaccess, to protect the admin directory, then it is possible for someone to directly access the spider.php file via a browser.
To fix this in versions 1.6.5 and 1.8.0 do the following.
In spider.php find the following code and add the line indicated:
PHP Code:
else {
//include "$relative_script_path/libs/auth.php";
$run_mode = 'http';
$br = "<br />\n";
$hr = "<hr />\n";
$s_yes = "<img src='yes.gif' width='10' height='10' border='0' align='middle' alt='' />";
$s_no = "<img src='no.gif' width='10' height='10' border='0' align='middle' alt='' />";
$s_link = " <a href='@url' target='_blank'>@url</a> ";
$relative_script_path = '..';
include "$relative_script_path/includes/config.php";
include "$relative_script_path/libs/auth.php"; // add this line here
}
Remember to remove any "word" wrapping in the above code.
If you are using a version earlier than 1.6.5, then you will need to get a later version and apply the above patch.
If you
download version 1.6.5 or 1.8.0 after the date of this post, the above patch has already been applied.