From 944f8ca2a616df44e9a49a371050d1101be8924a Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Tue, 13 Nov 2007 14:22:51 +0000 Subject: Tested and fixed syntax converter security --- it_auto_prepend.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/it_auto_prepend.php b/it_auto_prepend.php index 58f522b..472a016 100644 --- a/it_auto_prepend.php +++ b/it_auto_prepend.php @@ -57,19 +57,19 @@ function it_initialize() require("itools.lib"); # PHP 4 fallback } + # IT_HOME is recommended variable name for applications + $GLOBALS['IT_HOME'] = $GLOBALS['ULTRAHOME'] = it_untaint($GLOBALS['ULTRAHOME'], TC_ALL); + $needsconvert = !@eval("return is_array(42=>69,);"); # Check if PHP is patched to support our syntax, see http://cschneid.com/php/ if ($needsconvert && !$GLOBALS['IT_SYNTAXCONVERTER_DIR']) { $GLOBALS['IT_SYNTAXCONVERTER_DIR'] = $GLOBALS['ULTRAHOME'] . "/tmp"; - if (!is_writeable($GLOBALS['IT_SYNTAXCONVERTER_DIR']) || getmyuid() != fileowner($GLOBALS['IT_SYNTAXCONVERTER_DIR'])) + if (!is_writeable($GLOBALS['IT_SYNTAXCONVERTER_DIR']) || !function_exists("posix_geteuid") || posix_geteuid() != fileowner($GLOBALS['IT_SYNTAXCONVERTER_DIR'])) die(($webmode ? "
" : "") . "Seems to be running in shared environment, manually set\n\$GLOBALS['IT_SYNTAXCONVERTER_DIR'] in $it_path/auto_prepend_local.php\nto either:\n a) FALSE (syntax conversion disabled) or\n b) the path to a writeable directory (NOTE: THIS IS UNSAFE!) or\n c) install the PHP patch from http://cschneid.com/php/\n" . ($webmode ? "" : "")); } - # IT_HOME is recommended variable name for applications - $GLOBALS['IT_HOME'] = $GLOBALS['ULTRAHOME'] = it_untaint($GLOBALS['ULTRAHOME'], TC_ALL); - @set_error_handler("it_errorhandler", E_USER_ERROR | E_RECOVERABLE_ERROR | E_WARNING | E_USER_WARNING | E_NOTICE | E_USER_NOTICE); ini_set('include_path', $GLOBALS['IT_SYNTAXCONVERTER_DIR'] . "/it_syntaxconverter:$it_path:$include_path"); $user_includes = explode(":", $include_path); @@ -103,7 +103,7 @@ function it_initialize() if ($needsconvert) { # Convert syntax and start - $converted = it_convert($_SERVER['SCRIPT_FILENAME']); + $converted = it_convert(it_untaint($_SERVER['SCRIPT_FILENAME'], TC_SELF)); /* XXX Disabled as DB not always there if (!$autoloader) # PHP 4 fallback -- cgit v1.2.3