removed debug_dump because of XSS vulnerability
This commit is contained in:
parent
d069be9981
commit
8b21c9a83b
|
@ -18,24 +18,17 @@ $www['meth'] = get_request('meth','REQUEST');
|
||||||
|
|
||||||
ob_start();
|
ob_start();
|
||||||
|
|
||||||
switch ($www['cmd']) {
|
if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))
|
||||||
case '_debug':
|
$app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php';
|
||||||
debug_dump($_REQUEST,1);
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
elseif (defined('HTDOCDIR') && file_exists(HTDOCDIR.$www['cmd'].'.php'))
|
||||||
if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))
|
$app['script_cmd'] = HTDOCDIR.$www['cmd'].'.php';
|
||||||
$app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php';
|
|
||||||
|
|
||||||
elseif (defined('HTDOCDIR') && file_exists(HTDOCDIR.$www['cmd'].'.php'))
|
elseif (file_exists('welcome.php'))
|
||||||
$app['script_cmd'] = HTDOCDIR.$www['cmd'].'.php';
|
$app['script_cmd'] = 'welcome.php';
|
||||||
|
|
||||||
elseif (file_exists('welcome.php'))
|
else
|
||||||
$app['script_cmd'] = 'welcome.php';
|
$app['script_cmd'] = null;
|
||||||
|
|
||||||
else
|
|
||||||
$app['script_cmd'] = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (DEBUG_ENABLED)
|
if (DEBUG_ENABLED)
|
||||||
debug_log('Ready to render page for command [%s,%s].',128,0,__FILE__,__LINE__,__METHOD__,$www['cmd'],$app['script_cmd']);
|
debug_log('Ready to render page for command [%s,%s].',128,0,__FILE__,__LINE__,__METHOD__,$www['cmd'],$app['script_cmd']);
|
||||||
|
|
|
@ -357,25 +357,7 @@ function cmd_control_pane($type) {
|
||||||
* @param boolean Whether to stop execution or not.
|
* @param boolean Whether to stop execution or not.
|
||||||
*/
|
*/
|
||||||
function debug_dump($variable,$die=false,$onlydebugaddr=false) {
|
function debug_dump($variable,$die=false,$onlydebugaddr=false) {
|
||||||
if ($onlydebugaddr &&
|
if ($die) die();
|
||||||
isset($_SESSION[APPCONFIG]) && $_SESSION[APPCONFIG]->getValue('debug','addr') &&
|
|
||||||
$_SERVER['HTTP_X_FORWARDED_FOR'] != $_SESSION[APPCONFIG]->getValue('debug','addr') &&
|
|
||||||
$_SERVER['REMOTE_ADDR'] != $_SESSION[APPCONFIG]->getValue('debug','addr'))
|
|
||||||
return;
|
|
||||||
|
|
||||||
$backtrace = debug_backtrace();
|
|
||||||
$caller['class'] = isset($backtrace[0]['class']) ? $backtrace[0]['class'] : 'N/A';
|
|
||||||
$caller['function'] = isset($backtrace[0]['function']) ? $backtrace[0]['function'] : 'N/A';
|
|
||||||
$caller['file'] = isset($backtrace[0]['file']) ? $backtrace[0]['file'] : 'N/A';
|
|
||||||
$caller['line'] = isset($backtrace[0]['line']) ? $backtrace[0]['line'] : 'N/A';
|
|
||||||
$caller['debug'] = $variable;
|
|
||||||
|
|
||||||
print '<PRE>';
|
|
||||||
print_r($caller);
|
|
||||||
print '</PRE>';
|
|
||||||
|
|
||||||
if ($die)
|
|
||||||
die();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue