PHP-nuke-official_security.patch

   1 diff -urN html.orig/index.php html/index.php
   2 --- html.orig/index.php Mon Sep 16 07:40:32 2002
   3 +++ html/index.php      Tue Feb  4 09:55:34 2003
   4 @@ -33,7 +33,7 @@
   5  }
   6  if (!isset($mop)) { $mop="modload"; }
   7  if (!isset($mod_file)) { $mod_file="index"; }
   8 -if (ereg("\.\.",$name) || ereg("\.\.",$file)) {
   9 +if (ereg("\.\.",$name) || ereg("\.\.",$file) || ereg("\.\.", $mod_file) || ereg("\.\.", $mop)) {
  10      echo "You are so cool...";
  11  } else {
  12      $ThemeSel = get_theme();
  13 diff -urN html.orig/mainfile.php html/mainfile.php
  14 --- html.orig/mainfile.php      Mon Sep 16 07:40:32 2002
  15 +++ html/mainfile.php   Tue Feb  4 09:54:43 2003
  16 @@ -1,5 +1,9 @@
  17  <?php
  18
  19 +if (ereg("\\'",base64_decode($admin)) || ereg("\\'",base64_decode($user))) {
  20 +       die("I don't like you");
  21 +}
  22 +
  23  ob_start("ob_gzhandler");
  24
  25  /************************************************************************/
  26 diff -urN html.orig/modules.php html/modules.php
  27 --- html.orig/modules.php       Mon Sep 16 07:40:32 2002
  28 +++ html/modules.php    Tue Feb  4 11:05:44 2003
  29 @@ -28,6 +28,8 @@
  30             $ThemeSel = get_theme();
  31             if (file_exists("themes/$ThemeSel/modules/$name/$file.php")) {
  32                 $modpath = "themes/$ThemeSel/";
  33 +           } else {
  34 +               $modpath = "";
  35             }
  36             if ($view == 0) {
  37                 $modpath .= "modules/$name/$file.php";