mirror of
https://github.com/friendica/friendica
synced 2024-12-22 18:40:17 +00:00
Merge pull request #9155 from MrPetovan/bug/9154-forbid-bin
Forbid non-CLI access to command-line scripts
This commit is contained in:
commit
2f168d17f4
10 changed files with 49 additions and 2 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -71,8 +71,8 @@ venv/
|
|||
/addons
|
||||
/addon
|
||||
|
||||
#ignore .htaccess
|
||||
.htaccess
|
||||
#ignore base .htaccess
|
||||
/.htaccess
|
||||
|
||||
#ignore filesystem storage default path
|
||||
/storage
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# This file is meant to be copied to ".htaccess" on Apache-powered web servers.
|
||||
# The created .htaccess file can be edited manually and will not be overwritten by Friendica updates.
|
||||
|
||||
Options -Indexes
|
||||
AddType application/x-java-archive .jar
|
||||
AddType audio/ogg .oga
|
||||
|
|
10
bin/.htaccess
Normal file
10
bin/.htaccess
Normal file
|
@ -0,0 +1,10 @@
|
|||
# This file prevents browser access to Friendica command-line scripts on Apache-powered web servers.
|
||||
# It isn't meant to be edited manually, please check the base Friendica folder for the .htaccess-dist file instead.
|
||||
|
||||
<IfModule authz_host_module>
|
||||
Require all denied
|
||||
</IfModule>
|
||||
<IfModule !authz_host_module>
|
||||
Order Allow,Deny
|
||||
Deny from all
|
||||
</IfModule>
|
|
@ -51,6 +51,11 @@
|
|||
*
|
||||
*/
|
||||
|
||||
if (php_sapi_name() !== 'cli') {
|
||||
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||
exit();
|
||||
}
|
||||
|
||||
use Dice\Dice;
|
||||
use Friendica\App\Mode;
|
||||
use Friendica\Util\ExAuth;
|
||||
|
|
|
@ -20,6 +20,11 @@
|
|||
*
|
||||
*/
|
||||
|
||||
if (php_sapi_name() !== 'cli') {
|
||||
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||
exit();
|
||||
}
|
||||
|
||||
use Dice\Dice;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
||||
|
|
|
@ -23,6 +23,11 @@
|
|||
* This script was taken from http://php.net/manual/en/function.pcntl-fork.php
|
||||
*/
|
||||
|
||||
if (php_sapi_name() !== 'cli') {
|
||||
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||
exit();
|
||||
}
|
||||
|
||||
use Dice\Dice;
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\Worker;
|
||||
|
|
|
@ -26,6 +26,10 @@
|
|||
*
|
||||
*/
|
||||
|
||||
if (php_sapi_name() !== 'cli') {
|
||||
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||
exit();
|
||||
}
|
||||
|
||||
if (($_SERVER["argc"] > 1) && isset($_SERVER["argv"][1])) {
|
||||
echo $_SERVER["argv"][1];
|
||||
|
|
|
@ -24,6 +24,11 @@
|
|||
* Usage: php bin/wait-for-connection {HOST} {PORT} [{TIMEOUT}]
|
||||
*/
|
||||
|
||||
if (php_sapi_name() !== 'cli') {
|
||||
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||
exit();
|
||||
}
|
||||
|
||||
$timeout = 60;
|
||||
switch ($argc) {
|
||||
case 4:
|
||||
|
|
|
@ -21,6 +21,11 @@
|
|||
* Starts the background processing
|
||||
*/
|
||||
|
||||
if (php_sapi_name() !== 'cli') {
|
||||
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||
exit();
|
||||
}
|
||||
|
||||
use Dice\Dice;
|
||||
use Friendica\App;
|
||||
use Friendica\Core\Update;
|
||||
|
|
|
@ -141,4 +141,9 @@ server {
|
|||
location ~ /\. {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# deny access to the CLI scripts
|
||||
location ^~ /bin {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue