From 06632536f3a93dbe33cdc2aa67d9daad191ac696 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Mon, 7 Sep 2020 05:51:26 -0400 Subject: [PATCH] Forbid non-CLI access to command-line scripts --- bin/auth_ejabberd.php | 5 +++++ bin/console.php | 5 +++++ bin/daemon.php | 5 +++++ bin/testargs.php | 4 ++++ bin/wait-for-connection | 5 +++++ bin/worker.php | 5 +++++ 6 files changed, 29 insertions(+) diff --git a/bin/auth_ejabberd.php b/bin/auth_ejabberd.php index fa71faf26..e92182916 100755 --- a/bin/auth_ejabberd.php +++ b/bin/auth_ejabberd.php @@ -51,6 +51,11 @@ * */ +if (php_sapi_name() !== 'cli') { + header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden'); + exit(); +} + use Dice\Dice; use Friendica\App\Mode; use Friendica\Util\ExAuth; diff --git a/bin/console.php b/bin/console.php index 27522d855..4d5b4c79c 100755 --- a/bin/console.php +++ b/bin/console.php @@ -20,6 +20,11 @@ * */ +if (php_sapi_name() !== 'cli') { + header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden'); + exit(); +} + use Dice\Dice; use Psr\Log\LoggerInterface; diff --git a/bin/daemon.php b/bin/daemon.php index 596f4de56..3fe803d6f 100755 --- a/bin/daemon.php +++ b/bin/daemon.php @@ -23,6 +23,11 @@ * This script was taken from http://php.net/manual/en/function.pcntl-fork.php */ +if (php_sapi_name() !== 'cli') { + header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden'); + exit(); +} + use Dice\Dice; use Friendica\Core\Logger; use Friendica\Core\Worker; diff --git a/bin/testargs.php b/bin/testargs.php index b7d7125f7..9aed35303 100644 --- a/bin/testargs.php +++ b/bin/testargs.php @@ -26,6 +26,10 @@ * */ +if (php_sapi_name() !== 'cli') { + header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden'); + exit(); +} if (($_SERVER["argc"] > 1) && isset($_SERVER["argv"][1])) { echo $_SERVER["argv"][1]; diff --git a/bin/wait-for-connection b/bin/wait-for-connection index b6c03a670..de860e984 100755 --- a/bin/wait-for-connection +++ b/bin/wait-for-connection @@ -24,6 +24,11 @@ * Usage: php bin/wait-for-connection {HOST} {PORT} [{TIMEOUT}] */ +if (php_sapi_name() !== 'cli') { + header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden'); + exit(); +} + $timeout = 60; switch ($argc) { case 4: diff --git a/bin/worker.php b/bin/worker.php index 1b70a2095..833e5b002 100755 --- a/bin/worker.php +++ b/bin/worker.php @@ -21,6 +21,11 @@ * Starts the background processing */ +if (php_sapi_name() !== 'cli') { + header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden'); + exit(); +} + use Dice\Dice; use Friendica\App; use Friendica\Core\Update;