From 337088d0f2994f13a7775612b193d1f35dc51296 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Mon, 30 Jan 2023 20:25:38 +0100 Subject: [PATCH] Fix #21 (Direct access protection may cause WSoD) --- admin.php | 5 ++++- includes/calendar.php | 5 ++++- includes/calendarconfig.php | 6 ++++-- includes/editevents.php | 6 ++++-- includes/eventlist.php | 6 +++++- includes/eventlistconfig.php | 5 ++++- includes/holidayconfig.php | 6 ++++-- includes/loadeventfile.php | 5 ++++- includes/marqueeconfig.php | 6 ++++-- includes/nextevent.php | 5 ++++- includes/presets.php | 5 ++++- includes/readcss.php | 5 ++++- includes/saveeventfile.php | 5 ++++- index.php | 5 ++++- 14 files changed, 57 insertions(+), 18 deletions(-) diff --git a/admin.php b/admin.php index 96bc236..17954ce 100644 --- a/admin.php +++ b/admin.php @@ -16,7 +16,10 @@ define('CALENDAR_VERSION', '1.4.10'); -if ((!function_exists('sv')) || preg_match('!admin.php!i', sv('PHP_SELF')))die('Access denied'); +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} ini_set('display_errors', 0); error_reporting(0); diff --git a/includes/calendar.php b/includes/calendar.php index b33432b..b307e4c 100644 --- a/includes/calendar.php +++ b/includes/calendar.php @@ -8,7 +8,10 @@ //================================================= // Security check -if ((!function_exists('sv')) || preg_match('!calendar/include/calendar.php!i', sv('PHP_SELF')))die('Access denied'); +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} global $plugin_cf,$calendar_cf,$plugin_tx,$sl,$sn,$su,$admxx,$lang,$datapath; $o = ''; diff --git a/includes/calendarconfig.php b/includes/calendarconfig.php index 065bb5a..008f155 100644 --- a/includes/calendarconfig.php +++ b/includes/calendarconfig.php @@ -6,8 +6,10 @@ // // //======================================================// // Security check -if ((!function_exists('sv')) || preg_match('!calendar/include/calendarconfig.php!i', sv('PHP_SELF')))die('Access denied'); - +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} global $pth,$plugin,$plugin_tx,$calendar_cf,$plugin_cf,$cf,$tx,$sl,$hjs; $o = $error = $notice = ''; diff --git a/includes/editevents.php b/includes/editevents.php index 0888409..1fcb8b0 100644 --- a/includes/editevents.php +++ b/includes/editevents.php @@ -9,8 +9,10 @@ //******************************** // Security check -if ((!function_exists('sv')))die('Access denied'); - +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} global $plugin_cf,$plugin_tx,$pth,$sl,$plugin,$tx,$lang; $o = ''; diff --git a/includes/eventlist.php b/includes/eventlist.php index ccbb61e..2fe76e5 100644 --- a/includes/eventlist.php +++ b/includes/eventlist.php @@ -13,7 +13,11 @@ global $plugin_cf,$calendar_cf,$cf,$plugin_tx,$sl,$h,$l,$u,$s,$lang,$datapath; // Security check -if ((!function_exists('sv')))die('Access denied'); +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} + $o = "\n\n\n\n"; $today = date("Ymd"); $day = substr($today, 6); diff --git a/includes/eventlistconfig.php b/includes/eventlistconfig.php index 472a660..3ad57d4 100644 --- a/includes/eventlistconfig.php +++ b/includes/eventlistconfig.php @@ -10,7 +10,10 @@ $o = ''; // Security check -if ((!function_exists('sv')))die('Access denied'); +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} //get the button-images $imageFolder = $pth['folder']['plugins'] . $plugin . "/images"; diff --git a/includes/holidayconfig.php b/includes/holidayconfig.php index 6ff190b..46ecfc9 100644 --- a/includes/holidayconfig.php +++ b/includes/holidayconfig.php @@ -7,8 +7,10 @@ //===================================================== // Security check -if ((!function_exists('sv')))die('Access denied'); - +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} global $pth,$plugin,$plugin_tx,$tx,$sl; $o = ''; diff --git a/includes/loadeventfile.php b/includes/loadeventfile.php index d9507a4..b1cac56 100644 --- a/includes/loadeventfile.php +++ b/includes/loadeventfile.php @@ -7,7 +7,10 @@ global $plugin_cf,$plugin_tx,$pth,$sl,$plugin,$lang,$formatting_hints,$datapath; // Security check -if ((!function_exists('sv')))die('Access denied'); +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} $event_array = array(); // determining which file to read diff --git a/includes/marqueeconfig.php b/includes/marqueeconfig.php index d36100b..0080592 100644 --- a/includes/marqueeconfig.php +++ b/includes/marqueeconfig.php @@ -6,8 +6,10 @@ // //===================================================== // Security check -if ((!function_exists('sv')))die('Access denied'); - +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} global $pth,$plugin,$plugin_tx,$calendar_cf,$cf,$tx,$sl,$hjs; $o = ''; diff --git a/includes/nextevent.php b/includes/nextevent.php index 997c07a..58fa5ad 100644 --- a/includes/nextevent.php +++ b/includes/nextevent.php @@ -9,7 +9,10 @@ global $hjs,$calendar_cf,$plugin_tx,$sl,$lang,$calendar_jqueryplugin,$datapath; // Security check -if ((!function_exists('sv')))die('Access denied'); +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} $now = strtotime('now'); diff --git a/includes/presets.php b/includes/presets.php index 982fad9..7c42578 100644 --- a/includes/presets.php +++ b/includes/presets.php @@ -12,7 +12,10 @@ $css_ok = $lang_ok = $config_ok = FALSE; // Security check -if ((!function_exists('sv')))die('Access denied'); +if (!defined("CMSIMPLE_XH_VERSION")) { + header("HTTP/1.1 403 Forbidden"); + exit; +} $preset = isset($_POST['preset']) ? $_POST['preset'] : ''; $backup = isset($_POST['backup']) ? $_POST['backup'] : ''; diff --git a/includes/readcss.php b/includes/readcss.php index 2ce5dfb..7317fe0 100644 --- a/includes/readcss.php +++ b/includes/readcss.php @@ -1,7 +1,10 @@