PhpDig - Serious

Charter · 02-23-2004, 10:27 AM

Hi. If you use PHPDIG_ADM_AUTH in the config.php file, rather than say htaccess, to protect the admin directory, then it is possible for someone to directly access the spider.php file via a browser.

To fix this in versions 1.6.5 and 1.8.0 do the following.

In spider.php find the following code and add the line indicated:

PHP Code:


			
else {

    //include "$relative_script_path/libs/auth.php";

    $run_mode = 'http';

    $br = "<br />\n";

    $hr = "<hr />\n";

    $s_yes = "<img src='yes.gif' width='10' height='10' border='0' align='middle' alt='' />";

    $s_no  = "<img src='no.gif' width='10' height='10' border='0' align='middle' alt='' />";

    $s_link = " <a href='@url' target='_blank'>@url</a> ";

    $relative_script_path = '..';

    include "$relative_script_path/includes/config.php";

    include "$relative_script_path/libs/auth.php";            // add this line here

}

Remember to remove any "word" wrapping in the above code.

If you are using a version earlier than 1.6.5, then you will need to get a later version and apply the above patch.

If you download version 1.6.5 or 1.8.0 after the date of this post, the above patch has already been applied.

02-23-2004, 10:27 AM	#1
Charter Head Mole Join Date: May 2003 Posts: 2,539	PhpDig - Serious Hi. If you use PHPDIG_ADM_AUTH in the config.php file, rather than say htaccess, to protect the admin directory, then it is possible for someone to directly access the spider.php file via a browser. To fix this in versions 1.6.5 and 1.8.0 do the following. In spider.php find the following code and add the line indicated: PHP Code: else { //include "$relative_script_path/libs/auth.php"; $run_mode = 'http'; $br = "<br />\n"; $hr = "<hr />\n"; $s_yes = "<img src='yes.gif' width='10' height='10' border='0' align='middle' alt='' />"; $s_no = "<img src='no.gif' width='10' height='10' border='0' align='middle' alt='' />"; $s_link = " <a href='@url' target='_blank'>@url</a> "; $relative_script_path = '..'; include "$relative_script_path/includes/config.php"; include "$relative_script_path/libs/auth.php"; // add this line here } Remember to remove any "word" wrapping in the above code. If you are using a version earlier than 1.6.5, then you will need to get a later version and apply the above patch. If you download version 1.6.5 or 1.8.0 after the date of this post, the above patch has already been applied. __________________ Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.