From 87677f7ed4d33ae1dd2ac219f06e284e1d10f8ad Mon Sep 17 00:00:00 2001
From: czaks <marcin@6irc.net>
Date: Fri, 31 Jan 2014 23:37:55 +0100
Subject: [PATCH] SECURITY: disallow execution of cli scripts from webserver
 context

---
 tools/inc/cli.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/inc/cli.php b/tools/inc/cli.php
index 5f78dba1..cff17e34 100644
--- a/tools/inc/cli.php
+++ b/tools/inc/cli.php
@@ -13,6 +13,10 @@ error_reporting(E_ALL);
 set_time_limit(0);
 $shell_path = getcwd();
 
+if (isset ($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $_SERVER['REMOTE_ADDR'] != '::1') {
+	die("This script is executable only from Command Line Interface.");
+}
+
 if(getenv('TINYBOARD_PATH') !== false)
 	$dir = getenv('TINYBOARD_PATH');
 elseif(file_exists('inc/functions.php'))