View Single Post
Old 02-23-2004, 10:27 AM   #1
Charter
Head Mole
 
Charter's Avatar
 
Join Date: May 2003
Posts: 2,539
PhpDig - Serious

Hi. If you use PHPDIG_ADM_AUTH in the config.php file, rather than say htaccess, to protect the admin directory, then it is possible for someone to directly access the spider.php file via a browser.

To fix this in versions 1.6.5 and 1.8.0 do the following.

In spider.php find the following code and add the line indicated:
PHP Code:
else {
    
//include "$relative_script_path/libs/auth.php";
    
$run_mode 'http';
    
$br "<br />\n";
    
$hr "<hr />\n";
    
$s_yes "<img src='yes.gif' width='10' height='10' border='0' align='middle' alt='' />";
    
$s_no  "<img src='no.gif' width='10' height='10' border='0' align='middle' alt='' />";
    
$s_link " <a href='@url' target='_blank'>@url</a> ";
    
$relative_script_path '..';
    include 
"$relative_script_path/includes/config.php";
    include 
"$relative_script_path/libs/auth.php";            // add this line here

Remember to remove any "word" wrapping in the above code.

If you are using a version earlier than 1.6.5, then you will need to get a later version and apply the above patch.

If you download version 1.6.5 or 1.8.0 after the date of this post, the above patch has already been applied.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline