Update of /cvsroot/php-blog/serendipity
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12579
Modified Files:
Tag: branch_0_6
compat.php htaccess.errordocs.tpl htaccess.normal.tpl
htaccess.rewrite.tpl serendipity_admin_installer.inc.php
serendipity_config.inc.php
Log Message:
security fix
Index: serendipity_admin_installer.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_installer.inc.php,v
retrieving revision 1.59.4.4
retrieving revision 1.59.4.5
diff -u -d -r1.59.4.4 -r1.59.4.5
--- serendipity_admin_installer.inc.php 5 May 2004 11:50:51 -0000 1.59.4.4
+++ serendipity_admin_installer.inc.php 24 May 2004 10:38:00 -0000 1.59.4.5
@@ -4,7 +4,7 @@
$umask = 0775;
@define('IN_installer', true);
-require_once($serendipity['serendipityPath'] . 'serendipity_config.inc.php');
+require_once('serendipity_config.inc.php');
require_once(S9Y_INCLUDE_PATH . 'serendipity_functions_installer.inc.php');
define('S9Y_CONFIG_TEMPLATE', S9Y_INCLUDE_PATH . 'serendipity_config_local.tpl');
Index: serendipity_config.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_config.inc.php,v
retrieving revision 1.63.2.5
retrieving revision 1.63.2.6
diff -u -d -r1.63.2.5 -r1.63.2.6
--- serendipity_config.inc.php 14 May 2004 08:29:58 -0000 1.63.2.5
+++ serendipity_config.inc.php 24 May 2004 10:38:00 -0000 1.63.2.6
@@ -6,7 +6,7 @@
define('S9Y_INCLUDE_PATH', dirname(__FILE__) . '/');
}
-define('IS_installed', file_exists((isset($serendipity['serendipityPath']) ? $serendipity['serendipityPath'] : '') . 'serendipity_config_local.inc.php'));
+define('IS_installed', file_exists((isset($serendipity['serendipityPath']) && !isset($_REQUEST['serendipity']['serendipityPath']) ? $serendipity['serendipityPath'] : '') . 'serendipity_config_local.inc.php'));
if ( IS_installed === true ) {
define('IN_serendipity', true);
@@ -15,7 +15,7 @@
include_once(S9Y_INCLUDE_PATH . 'compat.php');
ini_set('session.use_trans_sid', 0);
-$serendipity['version'] = '0.6-pl1';
+$serendipity['version'] = '0.6-pl2';
$serendipity['production'] = 1;
$serendipity['rewrite'] = 'none';
$serendipity['messagestack'] = array();
Index: htaccess.normal.tpl
===================================================================
RCS file: /cvsroot/php-blog/serendipity/htaccess.normal.tpl,v
retrieving revision 1.2
retrieving revision 1.2.8.1
diff -u -d -r1.2 -r1.2.8.1
--- htaccess.normal.tpl 20 Jan 2004 11:12:37 -0000 1.2
+++ htaccess.normal.tpl 24 May 2004 10:38:00 -0000 1.2.8.1
@@ -1,5 +1,7 @@
# BEGIN s9y
DirectoryIndex {PREFIX}{indexFile}
+php_value session.use_trans_sid 0
+php_value register_globals off
<Files *.tpl>
deny from all
Index: htaccess.rewrite.tpl
===================================================================
RCS file: /cvsroot/php-blog/serendipity/htaccess.rewrite.tpl,v
retrieving revision 1.6
retrieving revision 1.6.4.1
diff -u -d -r1.6 -r1.6.4.1
--- htaccess.rewrite.tpl 23 Mar 2004 15:49:24 -0000 1.6
+++ htaccess.rewrite.tpl 24 May 2004 10:38:00 -0000 1.6.4.1
@@ -1,6 +1,8 @@
# BEGIN s9y
ErrorDocument 404 {PREFIX}{indexFile}
DirectoryIndex {PREFIX}{indexFile}
+php_value session.use_trans_sid 0
+php_value register_globals off
RewriteEngine On
RewriteRule ^{PAT_ARCHIVES} {indexFile}?url=/{PATH_ARCHIVES}/$1.html [L,QSA]
Index: compat.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/compat.php,v
retrieving revision 1.14
retrieving revision 1.14.4.1
diff -u -d -r1.14 -r1.14.4.1
--- compat.php 3 Apr 2004 17:36:16 -0000 1.14
+++ compat.php 24 May 2004 10:38:00 -0000 1.14.4.1
@@ -1,4 +1,5 @@
<?php # $Id$
+$serendipity = array();
if (!function_exists('file_get_contents')) {
function file_get_contents($filename, $use_include_path = 0) {
@@ -12,7 +13,7 @@
}
return $data;
- }
+ }
}
if (!isset($_REQUEST)) {
@@ -89,13 +90,13 @@
function serendipity_get_bool($item) {
$translation = array('true' => true,
'false' => false);
-
+
if ( isset($translation[$item]) ) {
return $translation[$item];
} else {
return $item;
}
-}
+}
function serendipity_version($version) {
return preg_replace('@\-.+$@', '', $version);
Index: htaccess.errordocs.tpl
===================================================================
RCS file: /cvsroot/php-blog/serendipity/htaccess.errordocs.tpl,v
retrieving revision 1.2
retrieving revision 1.2.8.1
diff -u -d -r1.2 -r1.2.8.1
--- htaccess.errordocs.tpl 20 Jan 2004 11:12:37 -0000 1.2
+++ htaccess.errordocs.tpl 24 May 2004 10:38:00 -0000 1.2.8.1
@@ -1,6 +1,8 @@
# BEGIN s9y
ErrorDocument 404 {PREFIX}{indexFile}
DirectoryIndex {PREFIX}{indexFile}
+php_value session.use_trans_sid 0
+php_value register_globals off
<Files *.tpl>
deny from all
|
