mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-06 06:38:00 +02:00
Code Issues Releases Wiki Activity

Extra URL check. Thanks P.

Browse Source
This commit is contained in:
CaMer0n
2011-02-10 22:08:27 +00:00
parent edb0097129
commit 20e1c2138e
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
e107_handlers/e107_class.php
View File

@@ -1856,7 +1856,7 @@ class e107
{ {
// Quick security - Filter common bad agents / queries. (TODO - better!) // Quick security - Filter common bad agents / queries. (TODO - better!)
if($checkS && (strpos($_SERVER['QUERY_STRING'],"=http")!==FALSE || strpos($_SERVER["HTTP_USER_AGENT"],"libwww-perl")!==FALSE)) if($checkS && (stripos($_SERVER['QUERY_STRING'],"=http")!==FALSE || strpos($_SERVER["HTTP_USER_AGENT"],"libwww-perl")!==FALSE))
{ {
exit(); exit();
} }
@@ -1902,7 +1902,7 @@ class e107
*/ */
// If url contains a .php in it, PHP_SELF is set wrong (imho), affecting all paths. We need to 'fix' it if it does. // If url contains a .php in it, PHP_SELF is set wrong (imho), affecting all paths. We need to 'fix' it if it does.
$_SERVER['PHP_SELF'] = (($pos = strpos($_SERVER['PHP_SELF'], '.php')) !== false ? substr($_SERVER['PHP_SELF'], 0, $pos+4) : $_SERVER['PHP_SELF']); $_SERVER['PHP_SELF'] = (($pos = stripos($_SERVER['PHP_SELF'], '.php')) !== false ? substr($_SERVER['PHP_SELF'], 0, $pos+4) : $_SERVER['PHP_SELF']);
// setup some php options // setup some php options
e107::ini_set('magic_quotes_runtime', 0); e107::ini_set('magic_quotes_runtime', 0);
@@ -2198,6 +2198,14 @@ class e107
//global $PLUGINS_DIRECTORY,$ADMIN_DIRECTORY, $eplug_admin; //global $PLUGINS_DIRECTORY,$ADMIN_DIRECTORY, $eplug_admin;
$PLUGINS_DIRECTORY = $this->getFolder('plugins'); $PLUGINS_DIRECTORY = $this->getFolder('plugins');
$ADMIN_DIRECTORY = $this->getFolder('admin'); $ADMIN_DIRECTORY = $this->getFolder('admin');
list($requestUrl,$requestQry) = explode("?",$_SERVER['REQUEST_URI']);
if($requestUrl != $_SERVER['PHP_SELF'])
{
$_SERVER['PHP_SELF'] = $requestUrl;
}
$eplug_admin = vartrue($GLOBALS['eplug_admin'], false); $eplug_admin = vartrue($GLOBALS['eplug_admin'], false);
$page = substr(strrchr($_SERVER['PHP_SELF'], '/'), 1); $page = substr(strrchr($_SERVER['PHP_SELF'], '/'), 1);