diff options
Diffstat (limited to 'config/filemgr/rbfminc')
-rw-r--r-- | config/filemgr/rbfminc/config.php | 100 |
1 files changed, 64 insertions, 36 deletions
diff --git a/config/filemgr/rbfminc/config.php b/config/filemgr/rbfminc/config.php index 405514f8..776abf58 100644 --- a/config/filemgr/rbfminc/config.php +++ b/config/filemgr/rbfminc/config.php @@ -1,29 +1,56 @@ <?php +/* + config.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org> + Copyright (C) 2015 ESF, LLC + All rights reserved. + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: -$initial_folder = "/"; //initial folder -$only_below = 0; // 0=you can brows all server; 1=you can brows only the $initial_folder and below + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. -//Login info {Please change the initial username and password} -$username = 'admin'; -$password = 'admin'; + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +// Initial folder +$initial_folder = "/"; +// 0 = you can browse all files on the server; +// 1= you can browse only the $initial_folder and below +$only_below = 0; +// Login info {Please change the initial username and password} +$username = 'admin'; +$password = 'admin'; -/***********************************/ -// Protect against GLOBALS tricks -if (isset($_POST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_GET['GLOBALS']) || isset($_COOKIE['GLOBALS'])){ +/* ==================================== */ +/* BEGIN Protect against GLOBALS tricks */ +if (isset($_POST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_GET['GLOBALS']) || isset($_COOKIE['GLOBALS'])) { die("Hacking attempt"); } -if (isset($_SESSION) && !is_array($_SESSION)){ +if (isset($_SESSION) && !is_array($_SESSION)) { die("Hacking attempt"); } -if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on'){ +if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { $not_unset = array('_GET', '_POST', '_COOKIE', 'HTTP_SERVER_VARS', '_SESSION', 'HTTP_ENV_VARS', '_FILES'); - if (!isset($_SESSION) || !is_array($_SESSION)){ + if (!isset($_SESSION) || !is_array($_SESSION)) { $_SESSION = array(); } $input = array_merge($_GET, $_POST, $_COOKIE, $HTTP_SERVER_VARS, $_SESSION, $HTTP_ENV_VARS, $_FILES); @@ -31,8 +58,8 @@ if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals unset($input['input']); unset($input['not_unset']); - while (list($var,) = @each($input)){ - if (in_array($var, $not_unset)){ + while (list($var,) = @each($input)) { + if (in_array($var, $not_unset)) { die('Hacking attempt!'); } unset($$var); @@ -41,55 +68,56 @@ if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals unset($input); } -if( !get_magic_quotes_gpc() ){ - if( is_array($_GET) ){ - while( list($k, $v) = each($_GET) ){ - if( is_array($_GET[$k]) ) - { - while( list($k2, $v2) = each($_GET[$k]) ){ +if (!get_magic_quotes_gpc()) { + if (is_array($_GET)) { + while (list($k, $v) = each($_GET)) { + if (is_array($_GET[$k])) { + while (list($k2, $v2) = each($_GET[$k])) { $_GET[$k][$k2] = addslashes($v2); } @reset($_GET[$k]); - }else{ + } else { $_GET[$k] = addslashes($v); } } @reset($_GET); } - if( is_array($_POST) ){ - while( list($k, $v) = each($_POST) ){ - if( is_array($_POST[$k]) ) - { - while( list($k2, $v2) = each($_POST[$k]) ){ + if (is_array($_POST)) { + while (list($k, $v) = each($_POST)) { + if (is_array($_POST[$k])) { + while (list($k2, $v2) = each($_POST[$k])) { $_POST[$k][$k2] = addslashes($v2); } @reset($_POST[$k]); - }else{ + } else { $_POST[$k] = addslashes($v); } } @reset($_POST); } - if( is_array($_COOKIE) ){ - while( list($k, $v) = each($_COOKIE) ){ - if( is_array($_COOKIE[$k]) ){ - while( list($k2, $v2) = each($_COOKIE[$k]) ){ + if (is_array($_COOKIE)) { + while (list($k, $v) = each($_COOKIE)) { + if (is_array($_COOKIE[$k])) { + while (list($k2, $v2) = each($_COOKIE[$k])) { $_COOKIE[$k][$k2] = addslashes($v2); } @reset($_COOKIE[$k]); - }else{ + } else { $_COOKIE[$k] = addslashes($v); } } @reset($_COOKIE); } } -//END Protect against GLOBALS tricks -/***********************************/ -//if($username == 'admin' and $password == 'admin'){ - //$security_issues = "<div align=\"center\" style=\"color: red;\"><b>Security issue</b>: Please change your username or password</div>"; -//} +/* END Protect against GLOBALS tricks */ +/* ==================================== */ + +/* +if ($username == 'admin' and $password == 'admin') { + $security_issues = "<div align=\"center\" style=\"color: red;\"><strong>Security issue</strong>: Please change your username or password</div>"; +} +*/ $security_issues = "<br />"; ?> |