- updated to 6.5, release 0.1 (any PHP-Nuke user willing to test it?)

[packages/PHP-nuke.git] / PHP-nuke-official_security.patch

diff -urN html.orig/index.php html/index.php
--- html.orig/index.php	Mon Sep 16 07:40:32 2002
+++ html/index.php	Tue Feb  4 09:55:34 2003
@@ -33,7 +33,7 @@
 }
 if (!isset($mop)) { $mop="modload"; }
 if (!isset($mod_file)) { $mod_file="index"; }
-if (ereg("\.\.",$name) || ereg("\.\.",$file)) {
+if (ereg("\.\.",$name) || ereg("\.\.",$file) || ereg("\.\.", $mod_file) || ereg("\.\.", $mop)) {
     echo "You are so cool...";
 } else {
     $ThemeSel = get_theme();
diff -urN html.orig/mainfile.php html/mainfile.php
--- html.orig/mainfile.php	Mon Sep 16 07:40:32 2002
+++ html/mainfile.php	Tue Feb  4 09:54:43 2003
@@ -1,5 +1,9 @@
 <?php
 
+if (ereg("\\'",base64_decode($admin)) || ereg("\\'",base64_decode($user))) {
+	die("I don't like you");
+}
+
 ob_start("ob_gzhandler");
 
 /************************************************************************/
diff -urN html.orig/modules.php html/modules.php
--- html.orig/modules.php	Mon Sep 16 07:40:32 2002
+++ html/modules.php	Tue Feb  4 11:05:44 2003
@@ -28,6 +28,8 @@
 	    $ThemeSel = get_theme();
 	    if (file_exists("themes/$ThemeSel/modules/$name/$file.php")) {
 		$modpath = "themes/$ThemeSel/";
+	    } else {
+		$modpath = "";
 	    }
 	    if ($view == 0) {
 		$modpath .= "modules/$name/$file.php";