[phpwiki-checkins] CVS: phpwiki/admin dumpserial.php,1.1,1.1.2.1 loadserial.php,1.1,1.1.2.1

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/phpwiki/phpwiki/admin
In directory usw-pr-cvs1:/tmp/cvs-serv10034/admin

Modified Files:
      Tag: release-1_2-branch
	dumpserial.php loadserial.php 
Log Message:
Added extra paranoid security checks.

Without these checks, if the admin directory is not protected
(e.g. via .htaccess) then loadserial.php and dumpserial.php can
be run directly and used to probe for and create directories
on the http server.

Index: dumpserial.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/admin/Attic/dumpserial.php,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -C2 -r1.1 -r1.1.2.1
*** dumpserial.php	2000/11/08 15:30:16	1.1
--- dumpserial.php	2001/02/14 06:32:19	1.1.2.1
***************
*** 6,10 ****
        directory as serialized data structures.
     */
! 
     $directory = $dumpserial;
     $pages = GetAllWikiPagenames($dbi);
--- 6,12 ----
        directory as serialized data structures.
     */
!    if (!defined('WIKI_ADMIN'))
!       die("You must be logged in as the administrator to dump serialized pages.");
!   
     $directory = $dumpserial;
     $pages = GetAllWikiPagenames($dbi);

Index: loadserial.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/admin/Attic/loadserial.php,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -C2 -r1.1 -r1.1.2.1
*** loadserial.php	2000/11/08 15:30:16	1.1
--- loadserial.php	2001/02/14 06:32:19	1.1.2.1
***************
*** 5,8 ****
--- 5,10 ----
        wiki_dumpserial.php.
     */
+    if (!defined('WIKI_ADMIN'))
+       die("You must be logged in as the administrator to load serialized pages.");

     $directory = $loadserial;