commit 3ee20b880667c561eb8754240e2ff6c7fee4d3c4
parent 7cb4661b9350c1a39d29bbb5bfd8602fbb0de8a0
Author: dankert <devnull@localhost>
Date: Fri, 25 Sep 2009 01:15:26 +0200
Ausgabe von Systeminformationen per Security-Konfiguration erlauben oder unterbinden.
Diffstat:
3 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/actionClasses/ProjectAction.class.php b/actionClasses/ProjectAction.class.php
@@ -307,6 +307,10 @@ class ProjectAction extends Action
*/
function phpinfo()
{
+ global $conf;
+ if ( !@$conf['security']['show_system_info'] )
+ Http::sendStatus(403,'Forbidden','Display of system information is disabled by configuration');
+
phpinfo();
}
}
\ No newline at end of file
diff --git a/config/security.ini.php b/config/security.ini.php
@@ -40,6 +40,10 @@ chmod_dir=
disable_dynamic_code = true
+; Enable or disable the displaying of system information
+show_system_info = false
+
+
; Default Login
; These values are used for the login form.
[default]
diff --git a/serviceClasses/AdministrationTree.class.php b/serviceClasses/AdministrationTree.class.php
@@ -250,6 +250,10 @@ class AdministrationTree extends AbstractTree
function prefs( $id )
{
global $conf;
+
+ if ( !@$conf['security']['show_system_info'] )
+ return;
+
$conf_config = $conf['interface']['config'];