nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent direct execution of some files.

Browse Source
This commit is contained in:
Michal Čihař
2010-04-02 09:03:46 +02:00
parent c9465ae77c
commit 2691e959c1
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libraries/messages.inc.php
View File

@@ -8,6 +8,10 @@
* file. * file.
*/ */
if (!function_exists('__')) {
die('Bad invocation!');
}
/* We use only utf-8 */ /* We use only utf-8 */
$charset = 'utf-8'; $charset = 'utf-8';

4
setup/lib/common.inc.php
View File

@@ -15,6 +15,10 @@ define('PMA_MINIMUM_COMMON', TRUE);
define('PMA_SETUP', TRUE); define('PMA_SETUP', TRUE);
chdir('..'); chdir('..');
if (!file_exists('./libraries/common.inc.php')) {
die('Bad invocation!');
}
require_once './libraries/common.inc.php'; require_once './libraries/common.inc.php';
require_once './libraries/url_generating.lib.php'; require_once './libraries/url_generating.lib.php';
require_once './setup/lib/messages.inc.php'; require_once './setup/lib/messages.inc.php';

5
setup/lib/messages.inc.php
View File

@@ -8,6 +8,11 @@
* file. * file.
*/ */
if (!function_exists('__')) {
die('Bad invocation!');
}
$strSetupAllowAnywhereRecoding_name = __('Allow character set conversion'); $strSetupAllowAnywhereRecoding_name = __('Allow character set conversion');
$strSetupAllowArbitraryServer_desc = __('If enabled user can enter any MySQL server in login form for cookie auth'); $strSetupAllowArbitraryServer_desc = __('If enabled user can enter any MySQL server in login form for cookie auth');
$strSetupAllowArbitraryServerMsg = __('This [a@?page=form&formset=features#tab_Security]option[/a] should be disabled as it allows attackers to bruteforce login to any MySQL server. If you feel this is necessary, use [a@?page=form&formset=features#tab_Security]trusted proxies list[/a]. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.'); $strSetupAllowArbitraryServerMsg = __('This [a@?page=form&formset=features#tab_Security]option[/a] should be disabled as it allows attackers to bruteforce login to any MySQL server. If you feel this is necessary, use [a@?page=form&formset=features#tab_Security]trusted proxies list[/a]. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');