Merge pull request #9155 from MrPetovan/bug/9154-forbid-bin
Forbid non-CLI access to command-line scripts
This commit is contained in:
commit
2f168d17f4
10 changed files with 49 additions and 2 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -71,8 +71,8 @@ venv/
|
||||||
/addons
|
/addons
|
||||||
/addon
|
/addon
|
||||||
|
|
||||||
#ignore .htaccess
|
#ignore base .htaccess
|
||||||
.htaccess
|
/.htaccess
|
||||||
|
|
||||||
#ignore filesystem storage default path
|
#ignore filesystem storage default path
|
||||||
/storage
|
/storage
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# This file is meant to be copied to ".htaccess" on Apache-powered web servers.
|
||||||
|
# The created .htaccess file can be edited manually and will not be overwritten by Friendica updates.
|
||||||
|
|
||||||
Options -Indexes
|
Options -Indexes
|
||||||
AddType application/x-java-archive .jar
|
AddType application/x-java-archive .jar
|
||||||
AddType audio/ogg .oga
|
AddType audio/ogg .oga
|
||||||
|
|
10
bin/.htaccess
Normal file
10
bin/.htaccess
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
# This file prevents browser access to Friendica command-line scripts on Apache-powered web servers.
|
||||||
|
# It isn't meant to be edited manually, please check the base Friendica folder for the .htaccess-dist file instead.
|
||||||
|
|
||||||
|
<IfModule authz_host_module>
|
||||||
|
Require all denied
|
||||||
|
</IfModule>
|
||||||
|
<IfModule !authz_host_module>
|
||||||
|
Order Allow,Deny
|
||||||
|
Deny from all
|
||||||
|
</IfModule>
|
|
@ -51,6 +51,11 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if (php_sapi_name() !== 'cli') {
|
||||||
|
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
use Dice\Dice;
|
use Dice\Dice;
|
||||||
use Friendica\App\Mode;
|
use Friendica\App\Mode;
|
||||||
use Friendica\Util\ExAuth;
|
use Friendica\Util\ExAuth;
|
||||||
|
|
|
@ -20,6 +20,11 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if (php_sapi_name() !== 'cli') {
|
||||||
|
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
use Dice\Dice;
|
use Dice\Dice;
|
||||||
use Psr\Log\LoggerInterface;
|
use Psr\Log\LoggerInterface;
|
||||||
|
|
||||||
|
|
|
@ -23,6 +23,11 @@
|
||||||
* This script was taken from http://php.net/manual/en/function.pcntl-fork.php
|
* This script was taken from http://php.net/manual/en/function.pcntl-fork.php
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if (php_sapi_name() !== 'cli') {
|
||||||
|
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
use Dice\Dice;
|
use Dice\Dice;
|
||||||
use Friendica\Core\Logger;
|
use Friendica\Core\Logger;
|
||||||
use Friendica\Core\Worker;
|
use Friendica\Core\Worker;
|
||||||
|
|
|
@ -26,6 +26,10 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if (php_sapi_name() !== 'cli') {
|
||||||
|
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
if (($_SERVER["argc"] > 1) && isset($_SERVER["argv"][1])) {
|
if (($_SERVER["argc"] > 1) && isset($_SERVER["argv"][1])) {
|
||||||
echo $_SERVER["argv"][1];
|
echo $_SERVER["argv"][1];
|
||||||
|
|
|
@ -24,6 +24,11 @@
|
||||||
* Usage: php bin/wait-for-connection {HOST} {PORT} [{TIMEOUT}]
|
* Usage: php bin/wait-for-connection {HOST} {PORT} [{TIMEOUT}]
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if (php_sapi_name() !== 'cli') {
|
||||||
|
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$timeout = 60;
|
$timeout = 60;
|
||||||
switch ($argc) {
|
switch ($argc) {
|
||||||
case 4:
|
case 4:
|
||||||
|
|
|
@ -21,6 +21,11 @@
|
||||||
* Starts the background processing
|
* Starts the background processing
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if (php_sapi_name() !== 'cli') {
|
||||||
|
header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
use Dice\Dice;
|
use Dice\Dice;
|
||||||
use Friendica\App;
|
use Friendica\App;
|
||||||
use Friendica\Core\Update;
|
use Friendica\Core\Update;
|
||||||
|
|
|
@ -141,4 +141,9 @@ server {
|
||||||
location ~ /\. {
|
location ~ /\. {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# deny access to the CLI scripts
|
||||||
|
location ^~ /bin {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue