|
1
|
1 |
<?php
|
|
|
2 |
|
|
|
3 |
/*
|
|
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
|
|
|
5 |
* Version 1.0 (Banshee)
|
|
|
6 |
* Copyright (C) 2006-2007 Dan Fuhry
|
|
|
7 |
*
|
|
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
|
|
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
|
|
|
10 |
*
|
|
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
|
|
|
13 |
*/
|
|
|
14 |
|
|
|
15 |
if(isset($_REQUEST['GLOBALS']))
|
|
|
16 |
{
|
|
|
17 |
?>
|
|
|
18 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head><title>Hacking Attempt</title><meta http-equiv="Content-type" content="text/html; charset=utf-8" /></head><style type="text/css">body{background-color:#000;color:#CCC;font-family:trebuchet ms,sans-serif;font-size:9pt;}a{color:#FFF;}</style><body><p>Hacking attempt using <a href="http://www.hardened-php.net/index.76.html">PHP $GLOBALS overwrite vulnerability</a> detected, reported to admin</p><p>You're worse than this guy! Unless you are this guy...</p><p id="billp"><img alt=" " src="about:blank" id="billi" /></p><script type="text/javascript">// <![CDATA[
|
|
|
19 |
window.onload=function(){counter();setInterval('counter();', 1000);};var text=false;var cnt=10;function counter(){if(!text){text=document.createElement('span');text.id='billc';text.innerHTML=cnt;text.style.fontSize='96pt';text.style.color='#FF0000';p=document.getElementById('billp');p.appendChild(text);}else{if(cnt==1){document.getElementById('billi').src='http://upload.wikimedia.org/wikipedia/commons/7/7f/Bill_Gates_2004_cr.jpg';document.getElementById('billc').innerHTML='';return;}cnt--;document.getElementById('billc').innerHTML=cnt+' ';}}
|
|
|
20 |
// ]]>
|
|
|
21 |
</script><p><span style="color:black;">Powered by Enano and valid XHTML 1.1</span></p></body></html>
|
|
|
22 |
<?php
|
|
|
23 |
exit;
|
|
|
24 |
}
|
|
|
25 |
|
|
|
26 |
$version = '1.0';
|
|
|
27 |
|
|
|
28 |
function microtime_float()
|
|
|
29 |
{
|
|
|
30 |
list($usec, $sec) = explode(" ", microtime());
|
|
|
31 |
return ((float)$usec + (float)$sec);
|
|
|
32 |
}
|
|
|
33 |
|
|
|
34 |
global $_starttime;
|
|
|
35 |
$_starttime = microtime_float();
|
|
|
36 |
|
|
|
37 |
error_reporting(E_ALL);
|
|
|
38 |
|
|
|
39 |
if(!defined('ENANO_ROOT')) // ENANO_ROOT is sometimes defined by plugins like AjIM that need the constant before the Enano API is initialized
|
|
|
40 |
define('ENANO_ROOT', dirname(dirname(__FILE__)));
|
|
|
41 |
|
|
|
42 |
if(defined('ENANO_DEBUG') && version_compare(PHP_VERSION, '5.0.0') < 0)
|
|
|
43 |
{
|
|
|
44 |
die(__FILE__.':'.__LINE__.': The debugConsole requires PHP 5.x.x or greater. Please comment out the ENANO_DEBUG constant in your index.php.');
|
|
|
45 |
}
|
|
|
46 |
|
|
|
47 |
if(defined('ENANO_DEBUG'))
|
|
|
48 |
{
|
|
|
49 |
require_once(ENANO_ROOT.'/includes/debugger/debugConsole.php');
|
|
|
50 |
} else {
|
|
|
51 |
function dc_here($m) { return false; }
|
|
|
52 |
function dc_dump($a, $g) { return false; }
|
|
|
53 |
function dc_watch($n) { return false; }
|
|
|
54 |
function dc_start_timer($u) { return false; }
|
|
|
55 |
function dc_stop_timer($m) { return false; }
|
|
|
56 |
}
|
|
|
57 |
|
|
|
58 |
if ( file_exists( ENANO_ROOT . '/_nightly.php') )
|
|
|
59 |
require(ENANO_ROOT.'/_nightly.php');
|
|
|
60 |
|
|
|
61 |
// Start including files. LOTS of files. Yeah!
|
|
|
62 |
require_once(ENANO_ROOT.'/includes/constants.php');
|
|
|
63 |
dc_here('Enano CMS '.$version.' (dev) - debug window<br />Powered by debugConsole');
|
|
|
64 |
dc_here('common: including files');
|
|
|
65 |
require_once(ENANO_ROOT.'/includes/functions.php');
|
|
|
66 |
require_once(ENANO_ROOT.'/includes/dbal.php');
|
|
|
67 |
require_once(ENANO_ROOT.'/includes/paths.php');
|
|
|
68 |
require_once(ENANO_ROOT.'/includes/sessions.php');
|
|
|
69 |
require_once(ENANO_ROOT.'/includes/template.php');
|
|
|
70 |
require_once(ENANO_ROOT.'/includes/plugins.php');
|
|
|
71 |
require_once(ENANO_ROOT.'/includes/comment.php');
|
|
|
72 |
require_once(ENANO_ROOT.'/includes/wikiformat.php');
|
|
|
73 |
require_once(ENANO_ROOT.'/includes/diff.php');
|
|
|
74 |
require_once(ENANO_ROOT.'/includes/render.php');
|
|
|
75 |
require_once(ENANO_ROOT.'/includes/stats.php');
|
|
|
76 |
require_once(ENANO_ROOT.'/includes/pageutils.php');
|
|
|
77 |
require_once(ENANO_ROOT.'/includes/js-compressor.php');
|
|
|
78 |
require_once(ENANO_ROOT.'/includes/rijndael.php');
|
|
|
79 |
require_once(ENANO_ROOT.'/includes/email.php');
|
|
|
80 |
require_once(ENANO_ROOT.'/includes/search.php');
|
|
|
81 |
require_once(ENANO_ROOT.'/includes/json.php');
|
|
|
82 |
require_once(ENANO_ROOT.'/includes/wikiengine/Tables.php');
|
|
|
83 |
require_once(ENANO_ROOT.'/includes/pageprocess.php');
|
|
|
84 |
|
|
|
85 |
strip_magic_quotes_gpc();
|
|
|
86 |
|
|
|
87 |
// Enano has five parts: the database abstraction layer (DBAL), the session manager, the path/URL manager, the template engine, and the plugin manager.
|
|
|
88 |
// Each part has its own class and a global var; nearly all Enano functions are handled by one of these five components.
|
|
|
89 |
|
|
|
90 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
91 |
global $enano_config; // A global used to cache config information without making loads of queries ;-)
|
|
|
92 |
// In addition, $enano_config is used to fetch config information if die_semicritical() is called.
|
|
|
93 |
|
|
|
94 |
global $email;
|
|
|
95 |
|
|
|
96 |
if(!isset($_SERVER['HTTP_HOST'])) grinding_halt('Cannot get hostname', '<p>Your web browser did not provide the HTTP Host: field. This site requires a modern browser that supports the HTTP 1.1 standard.</p>');
|
|
|
97 |
|
|
|
98 |
$db = new mysql();
|
|
|
99 |
dc_here('common: calling $db->connect();');
|
|
|
100 |
$db->connect(); // Redirects to install.php if an installation is not detected
|
|
|
101 |
|
|
|
102 |
if(strstr(contentPath, '?')) $sep = '&';
|
|
|
103 |
else $sep = '?';
|
|
|
104 |
define('urlSeparator', $sep);
|
|
|
105 |
unset($sep); // save 10 bytes of memory...
|
|
|
106 |
|
|
|
107 |
// See if any diagnostic actions have been requested
|
|
|
108 |
if ( isset($_GET['do']) && $_GET['do'] == 'diag' && isset($_GET['sub']) )
|
|
|
109 |
{
|
|
|
110 |
switch($_GET['sub'])
|
|
|
111 |
{
|
|
|
112 |
case 'cookie_destroy':
|
|
|
113 |
unset($_COOKIE['sid']);
|
|
|
114 |
setcookie('sid', '', time()-3600*24, scriptPath);
|
|
|
115 |
setcookie('sid', '', time()-3600*24, scriptPath.'/');
|
|
|
116 |
die('Session cookie cleared. <a href="'.$_SERVER['PHP_SELF'].'">Continue</a>');
|
|
|
117 |
break;
|
|
|
118 |
}
|
|
|
119 |
}
|
|
|
120 |
|
|
|
121 |
// Select and fetch the site configuration
|
|
|
122 |
dc_here('common: selecting global config data');
|
|
|
123 |
$e = $db->sql_query('SELECT config_name, config_value FROM '.table_prefix.'config;');
|
|
|
124 |
if(!$e) $db->_die('Some critical configuration information could not be selected.');
|
|
|
125 |
else define('ENANO_CONFIG_FETCHED', ''); // Used in die_semicritical to figure out whether to call getConfig() or not
|
|
|
126 |
|
|
|
127 |
dc_here('common: fetching $enano_config');
|
|
|
128 |
$enano_config = Array();
|
|
|
129 |
while($r = $db->fetchrow())
|
|
|
130 |
{
|
|
|
131 |
$enano_config[$r['config_name']] = $r['config_value'];
|
|
|
132 |
}
|
|
|
133 |
|
|
|
134 |
$db->free_result();
|
|
|
135 |
|
|
|
136 |
if(enano_version(false, true) != $version)
|
|
|
137 |
{
|
|
|
138 |
grinding_halt('Version mismatch', '<p>It seems that the Enano release we\'re trying to run ('.$version.') is different from the version specified in your database ('.enano_version().'). Perhaps you need to <a href="'.scriptPath.'/upgrade.php">upgrade</a>?</p>');
|
|
|
139 |
}
|
|
|
140 |
|
|
|
141 |
// Our list of tables included in Enano
|
|
|
142 |
$system_table_list = Array(
|
|
|
143 |
table_prefix.'categories',
|
|
|
144 |
table_prefix.'comments',
|
|
|
145 |
table_prefix.'config',
|
|
|
146 |
table_prefix.'logs',
|
|
|
147 |
table_prefix.'page_text',
|
|
|
148 |
table_prefix.'session_keys',
|
|
|
149 |
table_prefix.'pages',
|
|
|
150 |
table_prefix.'users',
|
|
|
151 |
table_prefix.'themes',
|
|
|
152 |
table_prefix.'buddies',
|
|
|
153 |
table_prefix.'banlist',
|
|
|
154 |
table_prefix.'files',
|
|
|
155 |
table_prefix.'privmsgs',
|
|
|
156 |
table_prefix.'sidebar',
|
|
|
157 |
table_prefix.'hits',
|
|
|
158 |
table_prefix.'search_index',
|
|
|
159 |
table_prefix.'groups',
|
|
|
160 |
table_prefix.'group_members',
|
|
|
161 |
table_prefix.'acl',
|
|
|
162 |
table_prefix.'search_cache'
|
|
|
163 |
);
|
|
|
164 |
|
|
|
165 |
dc_here('common: initializing base classes');
|
|
|
166 |
$plugins = new pluginLoader();
|
|
|
167 |
|
|
|
168 |
// So where does the majority of Enano get executed? How about the next nine lines of code :)
|
|
|
169 |
dc_here('common: ok, we\'re set up, starting mainstream execution');
|
|
|
170 |
|
|
|
171 |
$plugins->loadAll();
|
|
|
172 |
dc_here('common: loading plugins');
|
|
|
173 |
global $plugins;
|
|
|
174 |
foreach($plugins->load_list as $f) { include_once $f; } // Can't be in object context when this is done
|
|
|
175 |
|
|
|
176 |
$session = new sessionManager();
|
|
|
177 |
$paths = new pathManager();
|
|
|
178 |
$template = new template();
|
|
|
179 |
$email = new EmailEncryptor();
|
|
|
180 |
|
|
|
181 |
define('ENANO_BASE_CLASSES_INITIALIZED', '');
|
|
|
182 |
|
|
|
183 |
$code = $plugins->setHook('base_classes_initted');
|
|
|
184 |
foreach ( $code as $cmd )
|
|
|
185 |
{
|
|
|
186 |
eval($cmd);
|
|
|
187 |
}
|
|
|
188 |
|
|
|
189 |
$p = RenderMan::strToPageId($paths->get_pageid_from_url());
|
|
|
190 |
if( ( $p[1] == 'Admin' || $p[1] == 'Special' ) && function_exists('page_'.$p[1].'_'.$p[0].'_preloader'))
|
|
|
191 |
{
|
|
|
192 |
@call_user_func('page_'.$p[1].'_'.$p[0].'_preloader');
|
|
|
193 |
}
|
|
|
194 |
|
|
|
195 |
$session->start();
|
|
|
196 |
$paths->init();
|
|
|
197 |
|
|
|
198 |
define('ENANO_MAINSTREAM', '');
|
|
|
199 |
|
|
|
200 |
// If the site is disabled, bail out, unless we're trying to log in or administer the site
|
|
|
201 |
if(getConfig('site_disabled') == '1')
|
|
|
202 |
{
|
|
|
203 |
if ( $paths->namespace == 'Admin' || ( $paths->namespace == 'Special' && ( $paths->cpage['urlname_nons'] == 'CSS' || $paths->cpage['urlname_nons'] == 'Administration' || $paths->cpage['urlname_nons'] == 'Login' ) ) )
|
|
|
204 |
{
|
|
|
205 |
// do nothing; allow execution to continue
|
|
|
206 |
}
|
|
|
207 |
else
|
|
|
208 |
{
|
|
|
209 |
if(!$n = getConfig('site_disabled_notice')) $n = 'The administrator has disabled the site. Please check back later.';
|
|
|
210 |
|
|
|
211 |
$text = RenderMan::render($n) . '
|
|
|
212 |
<div class="info-box">
|
|
|
213 |
If you have an administrative account, you may <a href="'.makeUrlNS('Special', 'Login').'">log in</a> to the site or <a href="'.makeUrlNS('Special', 'Administration').'">use the administration panel</a>.
|
|
|
214 |
</div>';
|
|
|
215 |
$paths->wiki_mode = 0;
|
|
|
216 |
die_semicritical('Site disabled', $text);
|
|
|
217 |
}
|
|
|
218 |
}
|
|
|
219 |
|
|
|
220 |
$code = $plugins->setHook('session_started');
|
|
|
221 |
foreach ( $code as $cmd )
|
|
|
222 |
{
|
|
|
223 |
eval($cmd);
|
|
|
224 |
}
|
|
|
225 |
|
|
|
226 |
if(isset($_GET['noheaders'])) $template->no_headers = true;
|
|
|
227 |
|
|
|
228 |
?>
|