WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

removed debug_dump because of XSS vulnerability

This commit is contained in:
Roland Gruber 2011-07-26 15:26:21 +00:00
parent d069be9981
commit 8b21c9a83b
2 changed files with 9 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lam/templates/3rdParty/pla/htdocs/cmd.php vendored
View File

@ -18,24 +18,17 @@ $www['meth'] = get_request('meth','REQUEST');
ob_start(); ob_start();
switch ($www['cmd']) { if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))
case '_debug':
debug_dump($_REQUEST,1);
break;
default:
if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))
$app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php'; $app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php';
elseif (defined('HTDOCDIR') && file_exists(HTDOCDIR.$www['cmd'].'.php')) elseif (defined('HTDOCDIR') && file_exists(HTDOCDIR.$www['cmd'].'.php'))
$app['script_cmd'] = HTDOCDIR.$www['cmd'].'.php'; $app['script_cmd'] = HTDOCDIR.$www['cmd'].'.php';
elseif (file_exists('welcome.php')) elseif (file_exists('welcome.php'))
$app['script_cmd'] = 'welcome.php'; $app['script_cmd'] = 'welcome.php';
else else
$app['script_cmd'] = null; $app['script_cmd'] = null;
}
if (DEBUG_ENABLED) if (DEBUG_ENABLED)
debug_log('Ready to render page for command [%s,%s].',128,0,__FILE__,__LINE__,__METHOD__,$www['cmd'],$app['script_cmd']); debug_log('Ready to render page for command [%s,%s].',128,0,__FILE__,__LINE__,__METHOD__,$www['cmd'],$app['script_cmd']);

20
lam/templates/3rdParty/pla/lib/functions.php vendored
View File

@ -357,25 +357,7 @@ function cmd_control_pane($type) {
* @param boolean Whether to stop execution or not. * @param boolean Whether to stop execution or not.
*/ */
function debug_dump($variable,$die=false,$onlydebugaddr=false) { function debug_dump($variable,$die=false,$onlydebugaddr=false) {
if ($onlydebugaddr && if ($die) die();
isset($_SESSION[APPCONFIG]) && $_SESSION[APPCONFIG]->getValue('debug','addr') &&
$_SERVER['HTTP_X_FORWARDED_FOR'] != $_SESSION[APPCONFIG]->getValue('debug','addr') &&
$_SERVER['REMOTE_ADDR'] != $_SESSION[APPCONFIG]->getValue('debug','addr'))
return;
$backtrace = debug_backtrace();
$caller['class'] = isset($backtrace[0]['class']) ? $backtrace[0]['class'] : 'N/A';
$caller['function'] = isset($backtrace[0]['function']) ? $backtrace[0]['function'] : 'N/A';
$caller['file'] = isset($backtrace[0]['file']) ? $backtrace[0]['file'] : 'N/A';
$caller['line'] = isset($backtrace[0]['line']) ? $backtrace[0]['line'] : 'N/A';
$caller['debug'] = $variable;
print '<PRE>';
print_r($caller);
print '</PRE>';
if ($die)
die();
} }
/** /**