d07ecac79cc01e0a75526f23f8c02fa8 PHP-nuke-official_security.patch

Changed files:
    PHP-nuke-official_security.patch -> 1.1

diff --git a/PHP-nuke-official_security.patch b/PHP-nuke-official_security.patch
new file mode 100644 (file)
index 0000000..0665537
--- /dev/null
+++ b/PHP-nuke-official_security.patch
@@ -0,0 +1,37 @@
+diff -urN html.orig/index.php html/index.php
+--- html.orig/index.php        Mon Sep 16 07:40:32 2002
++++ html/index.php     Tue Feb  4 09:55:34 2003
+@@ -33,7 +33,7 @@
+ }
+ if (!isset($mop)) { $mop="modload"; }
+ if (!isset($mod_file)) { $mod_file="index"; }
+-if (ereg("\.\.",$name) || ereg("\.\.",$file)) {
++if (ereg("\.\.",$name) || ereg("\.\.",$file) || ereg("\.\.", $mod_file) || ereg("\.\.", $mop)) {
+     echo "You are so cool...";
+ } else {
+     $ThemeSel = get_theme();
+diff -urN html.orig/mainfile.php html/mainfile.php
+--- html.orig/mainfile.php     Mon Sep 16 07:40:32 2002
++++ html/mainfile.php  Tue Feb  4 09:54:43 2003
+@@ -1,5 +1,9 @@
+ <?php
+ 
++if (ereg("\\'",base64_decode($admin)) || ereg("\\'",base64_decode($user))) {
++      die("I don't like you");
++}
++
+ ob_start("ob_gzhandler");
+ 
+ /************************************************************************/
+diff -urN html.orig/modules.php html/modules.php
+--- html.orig/modules.php      Mon Sep 16 07:40:32 2002
++++ html/modules.php   Tue Feb  4 11:05:44 2003
+@@ -28,6 +28,8 @@
+           $ThemeSel = get_theme();
+           if (file_exists("themes/$ThemeSel/modules/$name/$file.php")) {
+               $modpath = "themes/$ThemeSel/";
++          } else {
++              $modpath = "";
+           }
+           if ($view == 0) {
+               $modpath .= "modules/$name/$file.php";