aboutsummaryrefslogtreecommitdiffstats
path: root/config/filemgr/rbfminc/config.php
diff options
context:
space:
mode:
authordoktornotor <notordoktor@gmail.com>2015-08-12 00:12:54 +0200
committerdoktornotor <notordoktor@gmail.com>2015-08-12 00:12:54 +0200
commit17caa109011938ca533d5c7bb7cfa38606c0645e (patch)
treef62d790f187c4acfcc1870db04410ad2f3a27d23 /config/filemgr/rbfminc/config.php
parent27be41aa2101993dbead8cc93bab246114af6ab3 (diff)
downloadpfsense-packages-17caa109011938ca533d5c7bb7cfa38606c0645e.tar.gz
pfsense-packages-17caa109011938ca533d5c7bb7cfa38606c0645e.tar.bz2
pfsense-packages-17caa109011938ca533d5c7bb7cfa38606c0645e.zip
Rename config.tmp to config.php
Diffstat (limited to 'config/filemgr/rbfminc/config.php')
-rw-r--r--config/filemgr/rbfminc/config.php95
1 files changed, 95 insertions, 0 deletions
diff --git a/config/filemgr/rbfminc/config.php b/config/filemgr/rbfminc/config.php
new file mode 100644
index 00000000..405514f8
--- /dev/null
+++ b/config/filemgr/rbfminc/config.php
@@ -0,0 +1,95 @@
+<?php
+
+
+$initial_folder = "/"; //initial folder
+$only_below = 0; // 0=you can brows all server; 1=you can brows only the $initial_folder and below
+
+//Login info {Please change the initial username and password}
+$username = 'admin';
+$password = 'admin';
+
+
+
+/***********************************/
+// Protect against GLOBALS tricks
+if (isset($_POST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_GET['GLOBALS']) || isset($_COOKIE['GLOBALS'])){
+ die("Hacking attempt");
+}
+
+if (isset($_SESSION) && !is_array($_SESSION)){
+ die("Hacking attempt");
+}
+
+if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on'){
+ $not_unset = array('_GET', '_POST', '_COOKIE', 'HTTP_SERVER_VARS', '_SESSION', 'HTTP_ENV_VARS', '_FILES');
+
+ if (!isset($_SESSION) || !is_array($_SESSION)){
+ $_SESSION = array();
+ }
+ $input = array_merge($_GET, $_POST, $_COOKIE, $HTTP_SERVER_VARS, $_SESSION, $HTTP_ENV_VARS, $_FILES);
+
+ unset($input['input']);
+ unset($input['not_unset']);
+
+ while (list($var,) = @each($input)){
+ if (in_array($var, $not_unset)){
+ die('Hacking attempt!');
+ }
+ unset($$var);
+ }
+
+ unset($input);
+}
+
+if( !get_magic_quotes_gpc() ){
+ if( is_array($_GET) ){
+ while( list($k, $v) = each($_GET) ){
+ if( is_array($_GET[$k]) )
+ {
+ while( list($k2, $v2) = each($_GET[$k]) ){
+ $_GET[$k][$k2] = addslashes($v2);
+ }
+ @reset($_GET[$k]);
+ }else{
+ $_GET[$k] = addslashes($v);
+ }
+ }
+ @reset($_GET);
+ }
+
+ if( is_array($_POST) ){
+ while( list($k, $v) = each($_POST) ){
+ if( is_array($_POST[$k]) )
+ {
+ while( list($k2, $v2) = each($_POST[$k]) ){
+ $_POST[$k][$k2] = addslashes($v2);
+ }
+ @reset($_POST[$k]);
+ }else{
+ $_POST[$k] = addslashes($v);
+ }
+ }
+ @reset($_POST);
+ }
+
+ if( is_array($_COOKIE) ){
+ while( list($k, $v) = each($_COOKIE) ){
+ if( is_array($_COOKIE[$k]) ){
+ while( list($k2, $v2) = each($_COOKIE[$k]) ){
+ $_COOKIE[$k][$k2] = addslashes($v2);
+ }
+ @reset($_COOKIE[$k]);
+ }else{
+ $_COOKIE[$k] = addslashes($v);
+ }
+ }
+ @reset($_COOKIE);
+ }
+}
+//END Protect against GLOBALS tricks
+/***********************************/
+//if($username == 'admin' and $password == 'admin'){
+ //$security_issues = "<div align=\"center\" style=\"color: red;\"><b>Security issue</b>: Please change your username or password</div>";
+//}
+$security_issues = "<br />";
+?>