[Secureideas-cvs] base-php4 base_qry_common.php,1.32,1.33 base_stat_common.php,1.21,1.22
Brought to you by:
secureideas,
sinukas
From: jhart314 <jha...@us...> - 2006-05-31 01:21:19
|
Update of /cvsroot/secureideas/base-php4 In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv19312 Modified Files: base_qry_common.php base_stat_common.php Log Message: Fix remote PHP file inclusion vulnerabilities listed at http://www.frsirt.com/english/advisories/2006/1996 Take the approach that was taken with other files in this project to prevent similar vulnerabilities Index: base_qry_common.php =================================================================== RCS file: /cvsroot/secureideas/base-php4/base_qry_common.php,v retrieving revision 1.32 retrieving revision 1.33 diff -u -d -r1.32 -r1.33 --- base_qry_common.php 21 Apr 2006 03:03:40 -0000 1.32 +++ base_qry_common.php 31 May 2006 01:21:15 -0000 1.33 @@ -17,7 +17,7 @@ ** ******************************************************************************** */ - +include("base_conf.php"); include_once("$BASE_path/includes/base_signature.inc.php"); function PrintCriteriaState() Index: base_stat_common.php =================================================================== RCS file: /cvsroot/secureideas/base-php4/base_stat_common.php,v retrieving revision 1.21 retrieving revision 1.22 diff -u -d -r1.21 -r1.22 --- base_stat_common.php 17 Mar 2006 21:15:39 -0000 1.21 +++ base_stat_common.php 31 May 2006 01:21:15 -0000 1.22 @@ -17,7 +17,7 @@ ** ******************************************************************************** */ - +defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' ); include_once("$BASE_path/includes/base_constants.inc.php"); function SensorCnt($db, $join = "", $where = "") |