Go Back > General Forums > Feedback & News

Closed Thread
Thread Tools
Old 02-23-2004, 11:27 AM   #1
Head Mole
Charter's Avatar
Join Date: May 2003
Posts: 2,539
PhpDig - Serious

Hi. If you use PHPDIG_ADM_AUTH in the config.php file, rather than say htaccess, to protect the admin directory, then it is possible for someone to directly access the spider.php file via a browser.

To fix this in versions 1.6.5 and 1.8.0 do the following.

In spider.php find the following code and add the line indicated:
PHP Code:
else {
//include "$relative_script_path/libs/auth.php";
$run_mode 'http';
$br "<br />\n";
$hr "<hr />\n";
$s_yes "<img src='yes.gif' width='10' height='10' border='0' align='middle' alt='' />";
$s_no  "<img src='no.gif' width='10' height='10' border='0' align='middle' alt='' />";
$s_link " <a href='@url' target='_blank'>@url</a> ";
$relative_script_path '..';
"$relative_script_path/libs/auth.php";            // add this line here

Remember to remove any "word" wrapping in the above code.

If you are using a version earlier than 1.6.5, then you will need to get a later version and apply the above patch.

If you download version 1.6.5 or 1.8.0 after the date of this post, the above patch has already been applied.
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline  
Closed Thread

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

All times are GMT -8. The time now is 07:40 PM.

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.