Ausgabe von Systeminformationen per Security-Konfiguration erlauben oder unterbinden. - openrat-cms - Unnamed repository; edit this file 'description' to name the repository.

commit 3ee20b880667c561eb8754240e2ff6c7fee4d3c4
parent 7cb4661b9350c1a39d29bbb5bfd8602fbb0de8a0
Author: dankert <devnull@localhost>
Date:   Fri, 25 Sep 2009 01:15:26 +0200

Ausgabe von Systeminformationen per Security-Konfiguration erlauben oder unterbinden.

Diffstat:
actionClasses/ProjectAction.class.php  | 4 ++++
config/security.ini.php  | 4 ++++
serviceClasses/AdministrationTree.class.php  | 4 ++++

3 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/actionClasses/ProjectAction.class.php b/actionClasses/ProjectAction.class.php
@@ -307,6 +307,10 @@ class ProjectAction extends Action
 	 */
 	function phpinfo()
 	{
+		global $conf;
+		if	( !@$conf['security']['show_system_info'] )
+			Http::sendStatus(403,'Forbidden','Display of system information is disabled by configuration');
+			
 		phpinfo();
 	}
 } 
\ No newline at end of file
diff --git a/config/security.ini.php b/config/security.ini.php
@@ -40,6 +40,10 @@ chmod_dir=
 disable_dynamic_code = true
 
 
+; Enable or disable the displaying of system information
+show_system_info = false
+
+
 ; Default Login
 ; These values are used for the login form.
 [default]
diff --git a/serviceClasses/AdministrationTree.class.php b/serviceClasses/AdministrationTree.class.php
@@ -250,6 +250,10 @@ class AdministrationTree extends AbstractTree
 	function prefs( $id )
 	{
 		global $conf;
+		
+		if	( !@$conf['security']['show_system_info'] )
+			return;
+		
 		$conf_config = $conf['interface']['config'];

	openrat-cms Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs

actionClasses/ProjectAction.class.php	\|	4	++++
config/security.ini.php	\|	4	++++
serviceClasses/AdministrationTree.class.php	\|	4	++++