From 569be2e8d5b64f57bf6f0daf329f33deea69eda6 Mon Sep 17 00:00:00 2001 From: nodiscc Date: Tue, 16 Dec 2014 19:21:58 +0100 Subject: [PATCH 1/2] prevent disclosing full path when raising "Shaarli directory not writeable" error * work on https://github.com/shaarli/Shaarli/issues/78 --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.php b/index.php index 38958a79..d30cb05b 100644 --- a/index.php +++ b/index.php @@ -89,7 +89,7 @@ header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // Directories creations (Note that your web host may require different rights than 705.) -if (!is_writable(realpath(dirname(__FILE__)))) die('
ERROR: Shaarli does not have the right to write in its own directory ('.realpath(dirname(__FILE__)).').
'); +if (!is_writable(realpath(dirname(__FILE__)))) die('
ERROR: Shaarli does not have the right to write in its own directory.').
'); // Handling of old config file which do not have the new parameters. if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl()); From 509762236b4074bc7f1d344c5436fe8983db60dc Mon Sep 17 00:00:00 2001 From: nodiscc Date: Tue, 16 Dec 2014 19:24:37 +0100 Subject: [PATCH 2/2] prevent disclosing PHP version on PHP version check error * fixes https://github.com/shaarli/Shaarli/issues/78 * fixes https://github.com/sebsauvage/Shaarli/issues/214 --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.php b/index.php index d30cb05b..4bbd902f 100644 --- a/index.php +++ b/index.php @@ -118,7 +118,7 @@ function checkphpversion() if (version_compare(PHP_VERSION, '5.1.0') < 0) { header('Content-Type: text/plain; charset=utf-8'); - echo 'Your server supports PHP '.PHP_VERSION.'. Shaarli requires at least php 5.1.0, and thus cannot run. Sorry.'; + echo 'Your PHP version is obsolete! Shaarli requires at least php 5.1.0, and thus cannot run. Sorry. Your PHP version has known security vulnerabilities and should be updated as soon as possible.'; exit; } }