[Linpha-cvs] SF.net SVN: linpha: [4784] trunk/linpha2
Status: Inactive
Brought to you by:
bzrudi
From: <bz...@us...> - 2007-11-07 17:56:56
|
Revision: 4784 http://linpha.svn.sourceforge.net/linpha/?rev=4784&view=rev Author: bzrudi Date: 2007-11-07 09:56:52 -0800 (Wed, 07 Nov 2007) Log Message: ----------- "Security fixes" Modified Paths: -------------- trunk/linpha2/ChangeLog trunk/linpha2/install/lib.install.php trunk/linpha2/install/step10_postsettings.php trunk/linpha2/install/step11_finish.php trunk/linpha2/install/step1_license.php trunk/linpha2/install/step2_requirements.php trunk/linpha2/install/step3_dbtype.php trunk/linpha2/install/step4_selectdirectories.php trunk/linpha2/install/step5_getlogin.php trunk/linpha2/install/step6_selectdatabase.php trunk/linpha2/install/step7_selectprefix.php trunk/linpha2/install/step8_testing.php trunk/linpha2/install/step9_createtables.php trunk/linpha2/lib/classes/linpha.functions.php trunk/linpha2/lib/include/sql.data.php Modified: trunk/linpha2/ChangeLog =================================================================== --- trunk/linpha2/ChangeLog 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/ChangeLog 2007-11-07 17:56:52 UTC (rev 4784) @@ -1,3 +1,8 @@ +2007-12-06 bzrudi + * Installer: create random folder names for /cache and /tmp directory to + prevent direct access to image cache (security). + * linpha.log is now created as something like linpha-xH6gHH.log (security) + 2007-11-06 bzrudi * moved sql.data.php out of install folder into /lib/include to make sure we can delete /install folder after installation. Modified: trunk/linpha2/install/lib.install.php =================================================================== --- trunk/linpha2/install/lib.install.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/lib.install.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -419,4 +419,5 @@ } -?> \ No newline at end of file +/* vi: set ts=4 sw=4 sts=4 */ +?> Modified: trunk/linpha2/install/step10_postsettings.php =================================================================== --- trunk/linpha2/install/step10_postsettings.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step10_postsettings.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -80,15 +80,15 @@ <?php echo "<h2>".i18n_install("Please Choose LinPHA2 Install Location")."</h2><hr>"; -echo i18n_install("Internet - Public Available Over The Internet.")."<br />"; -echo i18n_install("Intranet - Running In A Secure Local Network")."<br /><br />"; +echo i18n_install("<b>Internet</b> - Public Available Over The Internet.")."<br />"; +echo i18n_install("<b>Intranet</b> - Running In A Secure Local Network")."<br /><br />"; ?> <div align="center"> <div class="box4"> <input type='radio' name='sys_public_installation' value='1' checked=checked> - <?php echo i18n_install("Internet"); ?> + <?php echo i18n_install("<b>Internet</b>"); ?> <input type='radio' name='sys_public_installation' value='0' > - <?php echo i18n_install("Intranet"); ?> + <?php echo i18n_install("<b>Intranet</b>"); ?> </div> </div> @@ -182,4 +182,5 @@ ); $do_javascript_disable_button = true; include_once(LINPHA_DIR.'/install/footer.php'); -?> \ No newline at end of file +/* vi: set ts=4 sw=4 sts=4 */ +?> Modified: trunk/linpha2/install/step11_finish.php =================================================================== --- trunk/linpha2/install/step11_finish.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step11_finish.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -195,7 +195,7 @@ if($_POST['sys_public_installation']) { - echo "<b><br>".i18n_install("For security reasons you have to remove the /install directory before continuing!")."</b>"; + echo "<span style='color: red;'><b><br />".i18n_install("For security reasons you have to remove the /install directory before continuing!")."</b></span>"; } ?> @@ -208,4 +208,6 @@ session_destroy(); include_once(LINPHA_DIR.'/install/footer.php'); + +/* vi: set ts=4 sw=4 sts=4 */ ?> Modified: trunk/linpha2/install/step1_license.php =================================================================== --- trunk/linpha2/install/step1_license.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step1_license.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -38,4 +38,6 @@ $array_check = array('check01' => 'checkbox'); $do_javascript_disable_button = true; include_once(LINPHA_DIR.'/install/footer.php'); -?> \ No newline at end of file + +/* vi: set ts=4 sw=4 sts=4 */ +?> Modified: trunk/linpha2/install/step2_requirements.php =================================================================== --- trunk/linpha2/install/step2_requirements.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step2_requirements.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -410,7 +410,7 @@ /** * checking album and var folder are protected from outside */ - print_line_left( i18n_install("Album And System Folder Protected From Outside") ); + print_line_left( i18n_install("Album Folder Protection") ); $ret = installCheckProtectedFromOutside(); if( $ret == 1 ) @@ -418,7 +418,7 @@ print_line_middle( i18n_install("Yes") ); print_line_right(success_msg()); print_line_info( - i18n_install("The /albums and /var folders are protected from outside."). + i18n_install("The /albums folder is protected from outside."). i18n_install("Please see <a href=\"http://linpha.sourceforge.net/wiki/index.php/Secure_LinPHA\">here</a> for more details.") ); } @@ -427,7 +427,7 @@ print_line_middle( i18n_install("No") ); print_line_right(warning_msg()); print_line_info( - i18n_install("The /albums and /var folders are not protected from outside!"). + i18n_install("The /albums folder is not protected from outside!"). i18n_install("Please see <a href=\"http://linpha.sourceforge.net/wiki/index.php/Secure_LinPHA\">here</a> for more details.") ); } @@ -436,7 +436,7 @@ print_line_middle( i18n_install("Unknown") ); print_line_right(warning_msg()); print_line_info( - i18n_install("Cannot determine wether the /albums and /var folders are protected from outside!"). + i18n_install("Cannot determine wether the /albums folder is protected from outside!"). i18n_install("Please see <a href=\"http://linpha.sourceforge.net/wiki/index.php/Secure_LinPHA\" target=\"_blank\">here</a> for more details.") ); } @@ -533,4 +533,6 @@ </div> <?php } + +/* vi: set ts=4 sw=4 sts=4 */ ?> Modified: trunk/linpha2/install/step3_dbtype.php =================================================================== --- trunk/linpha2/install/step3_dbtype.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step3_dbtype.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -133,4 +133,6 @@ <?php include_once(LINPHA_DIR.'/install/footer.php'); -?> \ No newline at end of file + +/* vi: set ts=4 sw=4 sts=4 */ +?> Modified: trunk/linpha2/install/step4_selectdirectories.php =================================================================== --- trunk/linpha2/install/step4_selectdirectories.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step4_selectdirectories.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -28,8 +28,8 @@ $album_dir = (isset($_SESSION['album_dir']) ? $_SESSION['album_dir'] : 'albums'); $sql_dir = (isset($_SESSION['sql_dir']) ? $_SESSION['sql_dir'] : 'var/sql'); -$cache_dir = (isset($_SESSION['cache_dir']) ? $_SESSION['cache_dir'] : 'var/cache'); -$tmp_dir = (isset($_SESSION['tmp_dir']) ? $_SESSION['tmp_dir'] : 'var/tmp'); +$cache_dir = (isset($_SESSION['cache_dir']) ? $_SESSION['cache_dir'] : 'var/'.random_password(12)); +$tmp_dir = (isset($_SESSION['tmp_dir']) ? $_SESSION['tmp_dir'] : 'var/'.random_password(12)); /** @@ -74,7 +74,7 @@ <br /><br /> <br /> -<h2 style="color: red;"><?php echo i18n_install("Warning: All Directories Below Will Be Deleted If Exists !"); ?></h2><hr> +<h2 style="color: red;"><?php echo i18n_install("Note: For security reasons folder names were named random!"); ?></h2><hr> <br /> <div class="boxalign"> @@ -113,4 +113,6 @@ ); $do_javascript_disable_button = true; include_once(LINPHA_DIR.'/install/footer.php'); -?> \ No newline at end of file + +/* vi: set ts=4 sw=4 sts=4 */ +?> Modified: trunk/linpha2/install/step5_getlogin.php =================================================================== --- trunk/linpha2/install/step5_getlogin.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step5_getlogin.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -147,4 +147,6 @@ $do_javascript_disable_button = true; include_once(LINPHA_DIR.'/install/footer.php'); -?> \ No newline at end of file + +/* vi: set ts=4 sw=4 sts=4 */ +?> Modified: trunk/linpha2/install/step6_selectdatabase.php =================================================================== --- trunk/linpha2/install/step6_selectdatabase.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step6_selectdatabase.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -60,10 +60,12 @@ } + echo "<h1>".i18n_install("Testing Server Connection")."</h1><hr /><br />"; + switch($_SESSION['sql_dbtype']) { case "mysql": - echo i18n_install("Testing Server Connection")."<br /><br />"; + echo i18n_install("Connecting MySQL-Server... "); $link = @mysql_connect($_SESSION['sql_hostname'].":".$_SESSION['sql_dbport'], @@ -104,6 +106,9 @@ case "oci8po": $_SESSION['allowed_to_create_db'] = false; break; +default: + $_SESSION['allowed_to_create_db'] = false; +break; // case "sqlite": sqlite goes directly to stage8 } @@ -232,4 +237,6 @@ } include_once(LINPHA_DIR.'/install/footer.php'); + +/* vi: set ts=4 sw=4 sts=4 */ ?> Modified: trunk/linpha2/install/step7_selectprefix.php =================================================================== --- trunk/linpha2/install/step7_selectprefix.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step7_selectprefix.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -223,4 +223,6 @@ } include_once(LINPHA_DIR.'/install/footer.php'); -?> \ No newline at end of file + +/* vi: set ts=4 sw=4 sts=4 */ +?> Modified: trunk/linpha2/install/step8_testing.php =================================================================== --- trunk/linpha2/install/step8_testing.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step8_testing.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -307,4 +307,6 @@ echo '<br /><br />'; include_once(LINPHA_DIR.'/install/footer.php'); -?> \ No newline at end of file + +/* vi: set ts=4 sw=4 sts=4 */ +?> Modified: trunk/linpha2/install/step9_createtables.php =================================================================== --- trunk/linpha2/install/step9_createtables.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/install/step9_createtables.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -233,4 +233,6 @@ } include_once(LINPHA_DIR.'/install/footer.php'); + +/* vi: set ts=4 sw=4 sts=4 */ ?> Modified: trunk/linpha2/lib/classes/linpha.functions.php =================================================================== --- trunk/linpha2/lib/classes/linpha.functions.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/lib/classes/linpha.functions.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -910,4 +910,32 @@ return $accept_lang; } -?> \ No newline at end of file +/** + * generates a random string/password in given length + * @author bzrudi + * @param int length of random string to generate + * @return string random string + * @package functions + + */ +function random_string($len) +{ + $pass = ''; + $lchar = 0; + $char = 0; + for($i = 0; $i < $len; $i++) + { + while($char == $lchar) + { + $char = rand(48, 109); + if($char > 57) $char += 7; + if($char > 90) $char += 6; + } + $pass .= chr($char); + $lchar = $char; + } + return $pass; +} + +/* vi: set ts=4 sw=4 sts=4 */ +?> Modified: trunk/linpha2/lib/include/sql.data.php =================================================================== --- trunk/linpha2/lib/include/sql.data.php 2007-11-06 18:05:36 UTC (rev 4783) +++ trunk/linpha2/lib/include/sql.data.php 2007-11-07 17:56:52 UTC (rev 4784) @@ -98,7 +98,7 @@ 'sys_user_autologin' => '1', - 'plugins_log_filename' => 'var/linpha.log', + 'plugins_log_filename' => 'var/linpha-'.random_string(6).'log', 'plugins_log_syslog_enable' => '0', 'plugins_log_syslog_add_events' => '', 'plugins_log_email_enable' => '0', This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |