diff options
author | doktornotor <notordoktor@gmail.com> | 2015-08-12 00:12:54 +0200 |
---|---|---|
committer | doktornotor <notordoktor@gmail.com> | 2015-08-12 00:12:54 +0200 |
commit | 17caa109011938ca533d5c7bb7cfa38606c0645e (patch) | |
tree | f62d790f187c4acfcc1870db04410ad2f3a27d23 /config/filemgr/rbfminc/config.php | |
parent | 27be41aa2101993dbead8cc93bab246114af6ab3 (diff) | |
download | pfsense-packages-17caa109011938ca533d5c7bb7cfa38606c0645e.tar.gz pfsense-packages-17caa109011938ca533d5c7bb7cfa38606c0645e.tar.bz2 pfsense-packages-17caa109011938ca533d5c7bb7cfa38606c0645e.zip |
Rename config.tmp to config.php
Diffstat (limited to 'config/filemgr/rbfminc/config.php')
-rw-r--r-- | config/filemgr/rbfminc/config.php | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/config/filemgr/rbfminc/config.php b/config/filemgr/rbfminc/config.php new file mode 100644 index 00000000..405514f8 --- /dev/null +++ b/config/filemgr/rbfminc/config.php @@ -0,0 +1,95 @@ +<?php + + +$initial_folder = "/"; //initial folder +$only_below = 0; // 0=you can brows all server; 1=you can brows only the $initial_folder and below + +//Login info {Please change the initial username and password} +$username = 'admin'; +$password = 'admin'; + + + +/***********************************/ +// Protect against GLOBALS tricks +if (isset($_POST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_GET['GLOBALS']) || isset($_COOKIE['GLOBALS'])){ + die("Hacking attempt"); +} + +if (isset($_SESSION) && !is_array($_SESSION)){ + die("Hacking attempt"); +} + +if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on'){ + $not_unset = array('_GET', '_POST', '_COOKIE', 'HTTP_SERVER_VARS', '_SESSION', 'HTTP_ENV_VARS', '_FILES'); + + if (!isset($_SESSION) || !is_array($_SESSION)){ + $_SESSION = array(); + } + $input = array_merge($_GET, $_POST, $_COOKIE, $HTTP_SERVER_VARS, $_SESSION, $HTTP_ENV_VARS, $_FILES); + + unset($input['input']); + unset($input['not_unset']); + + while (list($var,) = @each($input)){ + if (in_array($var, $not_unset)){ + die('Hacking attempt!'); + } + unset($$var); + } + + unset($input); +} + +if( !get_magic_quotes_gpc() ){ + if( is_array($_GET) ){ + while( list($k, $v) = each($_GET) ){ + if( is_array($_GET[$k]) ) + { + while( list($k2, $v2) = each($_GET[$k]) ){ + $_GET[$k][$k2] = addslashes($v2); + } + @reset($_GET[$k]); + }else{ + $_GET[$k] = addslashes($v); + } + } + @reset($_GET); + } + + if( is_array($_POST) ){ + while( list($k, $v) = each($_POST) ){ + if( is_array($_POST[$k]) ) + { + while( list($k2, $v2) = each($_POST[$k]) ){ + $_POST[$k][$k2] = addslashes($v2); + } + @reset($_POST[$k]); + }else{ + $_POST[$k] = addslashes($v); + } + } + @reset($_POST); + } + + if( is_array($_COOKIE) ){ + while( list($k, $v) = each($_COOKIE) ){ + if( is_array($_COOKIE[$k]) ){ + while( list($k2, $v2) = each($_COOKIE[$k]) ){ + $_COOKIE[$k][$k2] = addslashes($v2); + } + @reset($_COOKIE[$k]); + }else{ + $_COOKIE[$k] = addslashes($v); + } + } + @reset($_COOKIE); + } +} +//END Protect against GLOBALS tricks +/***********************************/ +//if($username == 'admin' and $password == 'admin'){ + //$security_issues = "<div align=\"center\" style=\"color: red;\"><b>Security issue</b>: Please change your username or password</div>"; +//} +$security_issues = "<br />"; +?> |