Merge pull request #81 from nodiscc/prevent-disclosure

Prevent full path and PHP version disclosures
This commit is contained in:
nodiscc 2014-12-16 19:26:11 +01:00
commit 712501812b

View file

@ -89,7 +89,7 @@ function stripslashes_deep($value) { $value = is_array($value) ? array_map('stri
header("Pragma: no-cache"); header("Pragma: no-cache");
// Directories creations (Note that your web host may require different rights than 705.) // Directories creations (Note that your web host may require different rights than 705.)
if (!is_writable(realpath(dirname(__FILE__)))) die('<pre>ERROR: Shaarli does not have the right to write in its own directory ('.realpath(dirname(__FILE__)).').</pre>'); if (!is_writable(realpath(dirname(__FILE__)))) die('<pre>ERROR: Shaarli does not have the right to write in its own directory.').</pre>');
// Handling of old config file which do not have the new parameters. // Handling of old config file which do not have the new parameters.
if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl()); if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl());
@ -118,7 +118,7 @@ function checkphpversion()
if (version_compare(PHP_VERSION, '5.1.0') < 0) if (version_compare(PHP_VERSION, '5.1.0') < 0)
{ {
header('Content-Type: text/plain; charset=utf-8'); header('Content-Type: text/plain; charset=utf-8');
echo 'Your server supports PHP '.PHP_VERSION.'. Shaarli requires at least php 5.1.0, and thus cannot run. Sorry.'; echo 'Your PHP version is obsolete! Shaarli requires at least php 5.1.0, and thus cannot run. Sorry. Your PHP version has known security vulnerabilities and should be updated as soon as possible.';
exit; exit;
} }
} }