leftypol
/
leftypol
4
5
Fork 2
Code Issues 51 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

SECURITY: prevent a DoS attack by disabling HTTP access to tools/ scripts.

pull/40/head
czaks 10 years ago
parent
c5c356e077
commit
5f7e62142c
4 changed files with 1 additions and 68 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 57
      tools/inc/cli.php
  2. 4
      tools/rebuild.php
  3. 4
      tools/recount-bumps.php
  4. 4
      tools/stats.php

57
tools/inc/cli.php
View File

@ -13,7 +13,7 @@ error_reporting(E_ALL);
set_time_limit(0);
$shell_path = getcwd();
if (isset ($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $_SERVER['REMOTE_ADDR'] != '::1') {
if (php_sapi_name() != 'cli') {
die("This script is executable only from Command Line Interface.");
}
@ -48,59 +48,4 @@ $mod = Array(
'boards' => Array('*')
);
function get_httpd_privileges() {
global $config, $shell_path, $argv;
if(php_sapi_name() != 'cli')
die("get_httpd_privileges(): invoked from HTTP client.\n");
echo "Dropping priviledges...\n";
if(!is_writable('.'))
die("get_httpd_privileges(): web directory is not writable\n");
$filename = '.' . md5(rand()) . '.php';
$inc_filename = '.' . md5(rand()) . '.php';
echo "Copying rebuilder to web directory...\n";
// replace "/inc/cli.php" with its new filename
passthru("cat " . escapeshellarg($shell_path . '/' . $_SERVER['PHP_SELF']) . " | sed \"s/'\/inc\/cli\.php'/'\/{$inc_filename}'/\" > {$filename}");
$inc_header = "<?php\n";
// copy environment
$env = explode("\n", shell_exec('printenv | grep ^TINYBOARD'));
foreach($env as $line) {
if(!empty($line))
$inc_header .= "putenv('" . addslashes($line) . "');\n";
}
// copy command line arguments
$inc_header .= "\$argv = " . var_export($argv, true) . ";\n";
// copy this file
file_put_contents($inc_filename, $inc_header . substr($inc = file_get_contents(__FILE__), strpos($inc, "\n")));
chmod($filename, 0666);
chmod($inc_filename, 0666);
if(preg_match('/^https?:\/\//', $config['root'])) {
$url = $config['root'] . $filename;
} elseif($host = getenv('TINYBOARD_HOST')) {
$url = 'http://' . $host . $config['root'] . $filename;
} else {
// assume localhost
$url = 'http://localhost' . $config['root'] . $filename;
}
echo "Downloading $url\n";
passthru('curl -s -N ' . escapeshellarg($url));
unlink($filename);
unlink($inc_filename);
exit(0);
}

4
tools/rebuild.php
View File

@ -21,10 +21,6 @@
require dirname(__FILE__) . '/inc/cli.php';
if(!is_writable($config['file_script'])) {
get_httpd_privileges();
}
$start = microtime(true);
// parse command line

4
tools/recount-bumps.php
View File

@ -4,10 +4,6 @@
require dirname(__FILE__) . '/inc/cli.php';
if(!is_writable($config['file_script'])) {
get_httpd_privileges();
}
if (!isset ($argv[1])) {
die("Usage: tools/recount-bumps.php board_uri\n");
}

4
tools/stats.php
View File

@ -2,10 +2,6 @@
<?php
require dirname(__FILE__) . '/inc/cli.php';
if(!is_writable($config['file_script'])) {
get_httpd_privileges();
}
$variants = [["hour", 3600], ["day", 3600*24], ["3 days", 3600*24*3],
["week", 3600*24*7], ["month", 3600*24*7*30]];

Write Preview
Loading…
Cancel
Save