Fix #21 (Direct access protection may cause WSoD)

cmsimple-xh · Jan 30, 2023 · 337088d · 337088d
1 parent deb09dd
commit 337088d
Show file tree

Hide file tree

Showing 14 changed files with 57 additions and 18 deletions.
diff --git a/admin.php b/admin.php
@@ -16,7 +16,10 @@
 
 define('CALENDAR_VERSION', '1.4.10');
 
-if ((!function_exists('sv')) || preg_match('!admin.php!i', sv('PHP_SELF')))die('Access denied');
+if (!defined("CMSIMPLE_XH_VERSION")) {
+    header("HTTP/1.1 403 Forbidden");
+    exit;
+}
 
 ini_set('display_errors', 0);
 error_reporting(0);

diff --git a/includes/calendar.php b/includes/calendar.php
@@ -8,7 +8,10 @@
 //=================================================
 
 // Security check
-if ((!function_exists('sv')) || preg_match('!calendar/include/calendar.php!i', sv('PHP_SELF')))die('Access denied');
+if (!defined("CMSIMPLE_XH_VERSION")) {
+    header("HTTP/1.1 403 Forbidden");
+    exit;
+}
 
 global $plugin_cf,$calendar_cf,$plugin_tx,$sl,$sn,$su,$admxx,$lang,$datapath;
 $o = '';

diff --git a/includes/calendarconfig.php b/includes/calendarconfig.php
@@ -6,8 +6,10 @@
 //                                                      //
 //======================================================//
 // Security check
-if ((!function_exists('sv')) || preg_match('!calendar/include/calendarconfig.php!i', sv('PHP_SELF')))die('Access denied');
-
+if (!defined("CMSIMPLE_XH_VERSION")) {
+   header("HTTP/1.1 403 Forbidden");
+   exit;
+}
 
 global  $pth,$plugin,$plugin_tx,$calendar_cf,$plugin_cf,$cf,$tx,$sl,$hjs;
 $o = $error = $notice = '';

diff --git a/includes/editevents.php b/includes/editevents.php
@@ -9,8 +9,10 @@
 //********************************
 
 // Security check
-if ((!function_exists('sv')))die('Access denied');
-
+if (!defined("CMSIMPLE_XH_VERSION")) {
+    header("HTTP/1.1 403 Forbidden");
+    exit;
+}
 
 global $plugin_cf,$plugin_tx,$pth,$sl,$plugin,$tx,$lang;
 $o = '';

diff --git a/includes/eventlist.php b/includes/eventlist.php
@@ -13,7 +13,11 @@
 global $plugin_cf,$calendar_cf,$cf,$plugin_tx,$sl,$h,$l,$u,$s,$lang,$datapath;
 
 // Security check
-if ((!function_exists('sv')))die('Access denied');
+if (!defined("CMSIMPLE_XH_VERSION")) {
+    header("HTTP/1.1 403 Forbidden");
+    exit;
+}
+
 $o = "\n\n<!-- CALENDAR EVENT LIST -->\n\n";
 $today = date("Ymd");
 $day = substr($today, 6);

diff --git a/includes/eventlistconfig.php b/includes/eventlistconfig.php
@@ -10,7 +10,10 @@
 $o = '';
 
 // Security check
-if ((!function_exists('sv')))die('Access denied');
+if (!defined("CMSIMPLE_XH_VERSION")) {
+   header("HTTP/1.1 403 Forbidden");
+   exit;
+}
 
 //get the button-images
 $imageFolder = $pth['folder']['plugins'] . $plugin . "/images";

diff --git a/includes/holidayconfig.php b/includes/holidayconfig.php
@@ -7,8 +7,10 @@
 //=====================================================
 
 // Security check
-if ((!function_exists('sv')))die('Access denied');
-
+if (!defined("CMSIMPLE_XH_VERSION")) {
+   header("HTTP/1.1 403 Forbidden");
+   exit;
+}
 
 global  $pth,$plugin,$plugin_tx,$tx,$sl;
 $o      = '';

diff --git a/includes/loadeventfile.php b/includes/loadeventfile.php
@@ -7,7 +7,10 @@
 global $plugin_cf,$plugin_tx,$pth,$sl,$plugin,$lang,$formatting_hints,$datapath;
 
 // Security check
-if ((!function_exists('sv')))die('Access denied');
+if (!defined("CMSIMPLE_XH_VERSION")) {
+    header("HTTP/1.1 403 Forbidden");
+    exit;
+}
 
 $event_array = array();
 // determining which file to read

diff --git a/includes/marqueeconfig.php b/includes/marqueeconfig.php
@@ -6,8 +6,10 @@
 //
 //=====================================================
 // Security check
-if ((!function_exists('sv')))die('Access denied');
-
+if (!defined("CMSIMPLE_XH_VERSION")) {
+   header("HTTP/1.1 403 Forbidden");
+   exit;
+}
 
 global  $pth,$plugin,$plugin_tx,$calendar_cf,$cf,$tx,$sl,$hjs;
 $o      = '';

diff --git a/includes/nextevent.php b/includes/nextevent.php
@@ -9,7 +9,10 @@
 global $hjs,$calendar_cf,$plugin_tx,$sl,$lang,$calendar_jqueryplugin,$datapath;
 
 // Security check
-if ((!function_exists('sv')))die('Access denied');
+if (!defined("CMSIMPLE_XH_VERSION")) {
+    header("HTTP/1.1 403 Forbidden");
+    exit;
+}
 
 $now = strtotime('now');
 

diff --git a/includes/presets.php b/includes/presets.php
@@ -12,7 +12,10 @@
 $css_ok = $lang_ok = $config_ok = FALSE;
 
 // Security check
-if ((!function_exists('sv')))die('Access denied');
+if (!defined("CMSIMPLE_XH_VERSION")) {
+    header("HTTP/1.1 403 Forbidden");
+    exit;
+}
 
 $preset       = isset($_POST['preset'])       ? $_POST['preset']       : '';
 $backup       = isset($_POST['backup'])       ? $_POST['backup']       : '';

diff --git a/includes/readcss.php b/includes/readcss.php
@@ -1,7 +1,10 @@
 <?php
 
 // Security check
-if ((!function_exists('sv')))die('Access denied');
+if (!defined("CMSIMPLE_XH_VERSION")) {
+    header("HTTP/1.1 403 Forbidden");
+    exit;
+}
 
 //get the css-data
 $cssfile = file_get_contents($pth['folder']['plugins'] . $plugin . '/css/stylesheet.css');

diff --git a/includes/saveeventfile.php b/includes/saveeventfile.php
@@ -7,7 +7,10 @@
 global $plugin_cf,$plugin_tx,$pth,$sl,$plugin,$lang,$datapath;
 
 // Security check
-if ((!function_exists('sv')))die('Access denied');
+if (!defined("CMSIMPLE_XH_VERSION")) {
+    header("HTTP/1.1 403 Forbidden");
+    exit;
+}
 
 $backups = $plugin_cf['calendar']['backups'];
 

diff --git a/index.php b/index.php
@@ -3,7 +3,10 @@
 
 
 // Security check
-if ((!function_exists('sv')) || preg_match('!calendar/index.php!i', sv('PHP_SELF')))die('Access denied');
+if (!defined("CMSIMPLE_XH_VERSION")) {
+    header("HTTP/1.1 403 Forbidden");
+    exit;
+}
 
 // checking if alternative filepath is wanted
 if (!$plugin_cf['calendar']['filepath_data']){$datapath = $pth['folder']['plugins'].$plugin."/content/";}