From df833d34d63a1c8b5927c3261206716f6d6b01e9 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 21 Jan 2019 10:37:58 +0000
Subject: [PATCH] Only allow web interface scripts to run from the web
interface
---
src/freedombone-image-hardware-setup | 4 ++--
webadmin/backupconfirm.php | 4 +++-
webadmin/backuprestore.php | 4 +++-
webadmin/blocking.php | 4 +++-
webadmin/bridges.php | 4 +++-
webadmin/changedomain.php | 2 ++
webadmin/dynamicdns.php | 2 ++
webadmin/emailproxy.php | 4 +++-
webadmin/formatconfirm.php | 4 +++-
webadmin/installapp.php | 4 +++-
webadmin/installappcancel.php | 2 ++
webadmin/installappconfirm.php | 4 +++-
webadmin/installappfailed.php | 4 +++-
webadmin/language.php | 4 +++-
webadmin/newuser.php | 4 +++-
webadmin/password.php | 4 +++-
webadmin/removeapp.php | 4 +++-
webadmin/removeappconfirm.php | 4 +++-
webadmin/removeuserconfirm.php | 4 +++-
webadmin/reset.php | 4 +++-
webadmin/restoreconfirm.php | 4 +++-
webadmin/search.php | 4 +++-
webadmin/settings_datserver.php | 4 +++-
webadmin/settings_dlna.php | 4 +++-
webadmin/settings_edith.php | 4 +++-
webadmin/settings_fedwiki.php | 4 +++-
webadmin/settings_gogs.php | 4 +++-
webadmin/settings_icecast.php | 4 +++-
webadmin/settings_koel.php | 4 +++-
webadmin/settings_peertube.php | 4 +++-
webadmin/settings_pleroma.php | 4 +++-
webadmin/settings_rsync.php | 2 ++
webadmin/settings_scuttlebot.php | 4 +++-
webadmin/settings_smolrss.php | 4 +++-
webadmin/settings_syncthing.php | 4 +++-
webadmin/settings_turtl.php | 4 +++-
webadmin/settingsupdates.php | 4 +++-
webadmin/setup.php | 4 +++-
webadmin/setupconfirm.php | 4 +++-
webadmin/setupdomain.php | 4 +++-
webadmin/ssh.php | 4 +++-
webadmin/systemmonitor.php | 4 +++-
webadmin/theme.php | 4 +++-
webadmin/translations.php | 4 +++-
webadmin/translationsimport.php | 4 +++-
webadmin/upgradeconfirm.php | 4 +++-
webadmin/userprofile.php | 4 +++-
47 files changed, 136 insertions(+), 44 deletions(-)
diff --git a/src/freedombone-image-hardware-setup b/src/freedombone-image-hardware-setup
index 9623f8001..f71ce90fb 100755
--- a/src/freedombone-image-hardware-setup
+++ b/src/freedombone-image-hardware-setup
@@ -36,6 +36,7 @@ export TEXTDOMAIN=${PROJECT_NAME}-image-hardware-setup
export TEXTDOMAINDIR="/usr/share/locale"
INSTALL_PACKAGES='apt-get -yq install'
+INSTALL_PACKAGES_BACKPORTS='apt-get -yq -t stretch-backports install'
convert_dts() {
dts="$1"
@@ -180,8 +181,7 @@ arm_setup_boot() {
arm_boot_start='usb start; '
fi
;;
- "sun"*) $INSTALL_PACKAGES_BACKPORTS linux-image-armmp-lpae
- arm_boot_device="mmc 0:1"
+ "sun"*) arm_boot_device="mmc 0:1"
{ echo "rtc_sunxi";
echo "vfat"; } >> /etc/initramfs-tools/modules
;;
diff --git a/webadmin/backupconfirm.php b/webadmin/backupconfirm.php
index a0afb5376..81e25ea3a 100755
--- a/webadmin/backupconfirm.php
+++ b/webadmin/backupconfirm.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "backup.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['backupconfirmsubmit'])) {
if(isset($_POST['backupconfirm'])) {
$confirm = htmlspecialchars($_POST['backupconfirm']);
diff --git a/webadmin/backuprestore.php b/webadmin/backuprestore.php
index 88f8ee18c..8412c5368 100755
--- a/webadmin/backuprestore.php
+++ b/webadmin/backuprestore.php
@@ -10,7 +10,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -40,6 +40,8 @@ function endsWith($haystack, $needle)
$output_filename = "backup.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitbackuppassword'])) {
$pass = trim(htmlspecialchars($_POST['backup_password']));
$pass_confirm = trim(htmlspecialchars($_POST['backup_password_confirm']));
diff --git a/webadmin/blocking.php b/webadmin/blocking.php
index beb6cee7b..814ca7fc3 100755
--- a/webadmin/blocking.php
+++ b/webadmin/blocking.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "settings.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
// blocked addresses or domains
if (isset($_POST['submitblocking'])) {
$blockinglist = htmlspecialchars($_POST['blockinglist']);
diff --git a/webadmin/bridges.php b/webadmin/bridges.php
index dc22744c5..90e5766bf 100755
--- a/webadmin/bridges.php
+++ b/webadmin/bridges.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "settings.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitbridges'])) {
$bridgeslist = htmlspecialchars($_POST['bridgeslist']);
diff --git a/webadmin/changedomain.php b/webadmin/changedomain.php
index 66d1b0faf..b51d8502d 100755
--- a/webadmin/changedomain.php
+++ b/webadmin/changedomain.php
@@ -29,6 +29,8 @@
$output_filename = "dynamicdns.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
function endsWith($haystack, $needle)
{
$length = strlen($needle);
diff --git a/webadmin/dynamicdns.php b/webadmin/dynamicdns.php
index 795cd18f4..2bce114f4 100755
--- a/webadmin/dynamicdns.php
+++ b/webadmin/dynamicdns.php
@@ -29,6 +29,8 @@
$output_filename = "settings.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitddnshelp'])) {
$output_filename = "help_dynamicdns.html";
}
diff --git a/webadmin/emailproxy.php b/webadmin/emailproxy.php
index ea955f652..c8ae5f6d5 100755
--- a/webadmin/emailproxy.php
+++ b/webadmin/emailproxy.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "index.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitemailhelp'])) {
$output_filename = "help_email.html";
}
diff --git a/webadmin/formatconfirm.php b/webadmin/formatconfirm.php
index c2b5e32f0..0aa87b5dc 100755
--- a/webadmin/formatconfirm.php
+++ b/webadmin/formatconfirm.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "backup.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['formatconfirmsubmit'])) {
if(isset($_POST['formatconfirm'])) {
$confirm = htmlspecialchars($_POST['formatconfirm']);
diff --git a/webadmin/installapp.php b/webadmin/installapp.php
index 993a4180d..ec121f290 100755
--- a/webadmin/installapp.php
+++ b/webadmin/installapp.php
@@ -15,7 +15,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -32,6 +32,8 @@
$output_filename = "apps_add.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitappinstall'])) {
$app_name = htmlspecialchars($_POST['app_name']);
$install_domain = '';
diff --git a/webadmin/installappcancel.php b/webadmin/installappcancel.php
index 9adf24c0a..c4b4c9ff9 100755
--- a/webadmin/installappcancel.php
+++ b/webadmin/installappcancel.php
@@ -39,6 +39,8 @@ function endsWith($haystack, $needle)
$output_filename = "index.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['installcancelsubmit'])) {
$host = $_SERVER['HTTP_HOST'];
diff --git a/webadmin/installappconfirm.php b/webadmin/installappconfirm.php
index b883901f4..6de276729 100755
--- a/webadmin/installappconfirm.php
+++ b/webadmin/installappconfirm.php
@@ -17,7 +17,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -44,6 +44,8 @@ function endsWith($haystack, $needle)
$output_filename = "apps_add.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['installconfirmsubmit'])) {
if(isset($_POST['installconfirm'])) {
$confirm = htmlspecialchars($_POST['installconfirm']);
diff --git a/webadmin/installappfailed.php b/webadmin/installappfailed.php
index c0c268c0c..008bbc59e 100755
--- a/webadmin/installappfailed.php
+++ b/webadmin/installappfailed.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -39,6 +39,8 @@ function endsWith($haystack, $needle)
$output_filename = "app_installing_failed.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitinstallappfailedcontinue'])) {
$host = $_SERVER['HTTP_HOST'];
diff --git a/webadmin/language.php b/webadmin/language.php
index 369613ec3..ca6796f57 100755
--- a/webadmin/language.php
+++ b/webadmin/language.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "settings.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitlanguage'])) {
$language = htmlspecialchars($_POST['language']);
diff --git a/webadmin/newuser.php b/webadmin/newuser.php
index 629025703..1ebf4040a 100755
--- a/webadmin/newuser.php
+++ b/webadmin/newuser.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "users.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitnewuser'])) {
$username = htmlspecialchars($_POST['username']);
diff --git a/webadmin/password.php b/webadmin/password.php
index 248b69b94..6d288bdd9 100755
--- a/webadmin/password.php
+++ b/webadmin/password.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "users.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitacceptpassword'])) {
$username = htmlspecialchars($_POST['myuser']);
$newpassword = htmlspecialchars($_POST['mypassword']);
diff --git a/webadmin/removeapp.php b/webadmin/removeapp.php
index cfe09df5b..15eb9611e 100755
--- a/webadmin/removeapp.php
+++ b/webadmin/removeapp.php
@@ -15,7 +15,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -32,6 +32,8 @@
$output_filename = "apps.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['uninstall'])) {
$app_name = htmlspecialchars($_POST['app_name']);
diff --git a/webadmin/removeappconfirm.php b/webadmin/removeappconfirm.php
index 84d0a70a9..b12068ac9 100755
--- a/webadmin/removeappconfirm.php
+++ b/webadmin/removeappconfirm.php
@@ -17,7 +17,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -34,6 +34,8 @@
$output_filename = "apps.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['removeconfirmsubmit'])) {
if(isset($_POST['removeconfirm'])) {
$confirm = htmlspecialchars($_POST['removeconfirm']);
diff --git a/webadmin/removeuserconfirm.php b/webadmin/removeuserconfirm.php
index 6600413d4..49f29ad6d 100755
--- a/webadmin/removeuserconfirm.php
+++ b/webadmin/removeuserconfirm.php
@@ -10,7 +10,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -27,6 +27,8 @@
$output_filename = "users.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitremoveuser'])) {
if(isset($_POST['removeuserconfirm'])) {
$confirm = htmlspecialchars($_POST['removeuserconfirm']);
diff --git a/webadmin/reset.php b/webadmin/reset.php
index e3ed1f113..2051adba3 100755
--- a/webadmin/reset.php
+++ b/webadmin/reset.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "settings.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitreset'])) {
$reset_file = fopen(".reset.txt", "w") or die("Unable to write to reset file");
fwrite($reset_file, "reset");
diff --git a/webadmin/restoreconfirm.php b/webadmin/restoreconfirm.php
index 16dc61899..7e1a9b414 100755
--- a/webadmin/restoreconfirm.php
+++ b/webadmin/restoreconfirm.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "backup.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['restoreconfirmsubmit'])) {
if(isset($_POST['restoreconfirm'])) {
$confirm = htmlspecialchars($_POST['restoreconfirm']);
diff --git a/webadmin/search.php b/webadmin/search.php
index 1d95f8721..6d2fba789 100755
--- a/webadmin/search.php
+++ b/webadmin/search.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "index.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitsearch'])) {
$search_query = htmlspecialchars($_POST['search_query']);
diff --git a/webadmin/settings_datserver.php b/webadmin/settings_datserver.php
index ddcc92dd8..228fcbe91 100755
--- a/webadmin/settings_datserver.php
+++ b/webadmin/settings_datserver.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_datserver.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitdatlinks'])) {
$datlinks = htmlspecialchars($_POST['datlinks']);
diff --git a/webadmin/settings_dlna.php b/webadmin/settings_dlna.php
index e7e875062..d24926366 100755
--- a/webadmin/settings_dlna.php
+++ b/webadmin/settings_dlna.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_dlna.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitdlna'])) {
$dlna_file = fopen(".dlna.txt", "w") or die("Unable to write to dlna file");
fwrite($dlna_file, ' ');
diff --git a/webadmin/settings_edith.php b/webadmin/settings_edith.php
index 4e366cf09..9af7f6d3c 100755
--- a/webadmin/settings_edith.php
+++ b/webadmin/settings_edith.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_edith.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitenablepassword'])) {
$password = trim(htmlspecialchars($_POST['edith_password']));
$password_enabled = '0';
diff --git a/webadmin/settings_fedwiki.php b/webadmin/settings_fedwiki.php
index 3c28050a7..a79c9b109 100755
--- a/webadmin/settings_fedwiki.php
+++ b/webadmin/settings_fedwiki.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "settings_fedwiki.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitfedwikipassword'])) {
$pass = trim(htmlspecialchars($_POST['fedwiki_password']));
if (strpos($pass, ' ') === false) {
diff --git a/webadmin/settings_gogs.php b/webadmin/settings_gogs.php
index 29c1b4fec..f0e37163c 100755
--- a/webadmin/settings_gogs.php
+++ b/webadmin/settings_gogs.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_gogs.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitallowregistrations'])) {
$confirm = htmlspecialchars($_POST['allowregistrations']);
$settings_file = fopen(".appsettings.txt", "w") or die("Unable to write to appsettings file");
diff --git a/webadmin/settings_icecast.php b/webadmin/settings_icecast.php
index 9741e0128..375d6a5fd 100755
--- a/webadmin/settings_icecast.php
+++ b/webadmin/settings_icecast.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_icecast.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submiticecast'])) {
$icecast_name = trim(htmlspecialchars($_POST['icecast_name']));
$icecast_description = trim(htmlspecialchars($_POST['icecast_description']));
diff --git a/webadmin/settings_koel.php b/webadmin/settings_koel.php
index a75308d16..1aa55384b 100755
--- a/webadmin/settings_koel.php
+++ b/webadmin/settings_koel.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_koel.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitkoel'])) {
$koel_file = fopen(".koel.txt", "w") or die("Unable to write to koel file");
fwrite($koel_file, ' ');
diff --git a/webadmin/settings_peertube.php b/webadmin/settings_peertube.php
index d39271bc9..c6db80c6e 100755
--- a/webadmin/settings_peertube.php
+++ b/webadmin/settings_peertube.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_peertube.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitallowregistrations'])) {
$confirm = htmlspecialchars($_POST['allowregistrations']);
$settings_file = fopen(".appsettings.txt", "w") or die("Unable to write to appsettings file");
diff --git a/webadmin/settings_pleroma.php b/webadmin/settings_pleroma.php
index c531ff81a..d4f5a0437 100755
--- a/webadmin/settings_pleroma.php
+++ b/webadmin/settings_pleroma.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "settings_pleroma.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitallowregistrations'])) {
$confirm = htmlspecialchars($_POST['allowregistrations']);
$settings_file = fopen(".appsettings.txt", "w") or die("Unable to write to appsettings file");
diff --git a/webadmin/settings_rsync.php b/webadmin/settings_rsync.php
index 29b28d1ae..12cd0f08b 100755
--- a/webadmin/settings_rsync.php
+++ b/webadmin/settings_rsync.php
@@ -29,6 +29,8 @@
$output_filename = "app_rsync.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitrsync'])) {
$rsync_hostname = htmlspecialchars($_POST['rsync_hostname']);
if (strpos($rsync_hostname, ' ') === false) {
diff --git a/webadmin/settings_scuttlebot.php b/webadmin/settings_scuttlebot.php
index f392c15b4..54e1875f3 100755
--- a/webadmin/settings_scuttlebot.php
+++ b/webadmin/settings_scuttlebot.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_scuttlebot.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['scuttlebotinvitesubmit'])) {
if(isset($_POST['inviteconfirm'])) {
$confirm = htmlspecialchars($_POST['inviteconfirm']);
diff --git a/webadmin/settings_smolrss.php b/webadmin/settings_smolrss.php
index 71930085d..35c6ad60c 100755
--- a/webadmin/settings_smolrss.php
+++ b/webadmin/settings_smolrss.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_smolrss.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitfeeds'])) {
$feeds = htmlspecialchars($_POST['feeds']);
diff --git a/webadmin/settings_syncthing.php b/webadmin/settings_syncthing.php
index 3fa1cb905..379cb5fd6 100755
--- a/webadmin/settings_syncthing.php
+++ b/webadmin/settings_syncthing.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_syncthing.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitsyncthing'])) {
$ids = htmlspecialchars($_POST['syncthing_ids']);
diff --git a/webadmin/settings_turtl.php b/webadmin/settings_turtl.php
index b8cfcdfbb..a1e0d93f1 100755
--- a/webadmin/settings_turtl.php
+++ b/webadmin/settings_turtl.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "app_turtl.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitallowregistrations'])) {
$confirm = htmlspecialchars($_POST['allowregistrations']);
$settings_file = fopen(".appsettings.txt", "w") or die("Unable to write to appsettings file");
diff --git a/webadmin/settingsupdates.php b/webadmin/settingsupdates.php
index 471742f21..7c56d2890 100755
--- a/webadmin/settingsupdates.php
+++ b/webadmin/settingsupdates.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "index.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitsettingsupdates'])) {
$enable = htmlspecialchars($_POST['enable_updates']);
$repo = htmlspecialchars($_POST['updates_repo']);
diff --git a/webadmin/setup.php b/webadmin/setup.php
index 794369d37..b7b1b8fe7 100755
--- a/webadmin/setup.php
+++ b/webadmin/setup.php
@@ -15,7 +15,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -32,6 +32,8 @@
$output_filename = "index.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['setup'])) {
if(file_exists("setup_confirm.html")) {
$my_username = htmlspecialchars($_POST['my_username']);
diff --git a/webadmin/setupconfirm.php b/webadmin/setupconfirm.php
index 0a532e2c1..001052686 100755
--- a/webadmin/setupconfirm.php
+++ b/webadmin/setupconfirm.php
@@ -14,7 +14,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -31,6 +31,8 @@
$output_filename = "index.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['setupconfirmsubmit'])) {
if(isset($_POST['setupconfirm'])) {
$confirm = htmlspecialchars($_POST['setupconfirm']);
diff --git a/webadmin/setupdomain.php b/webadmin/setupdomain.php
index 5b86d8159..e0d58c2a3 100755
--- a/webadmin/setupdomain.php
+++ b/webadmin/setupdomain.php
@@ -14,7 +14,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -31,6 +31,8 @@
$output_filename = "index.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['setupdomain'])) {
$install_domain = htmlspecialchars($_POST['default_domain_name']);
diff --git a/webadmin/ssh.php b/webadmin/ssh.php
index dc88d2dba..888c485e2 100755
--- a/webadmin/ssh.php
+++ b/webadmin/ssh.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "settings.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitssh'])) {
$confirm = htmlspecialchars($_POST['sshconfirm']);
diff --git a/webadmin/systemmonitor.php b/webadmin/systemmonitor.php
index 8aee1b77b..94c67720b 100755
--- a/webadmin/systemmonitor.php
+++ b/webadmin/systemmonitor.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -41,6 +41,8 @@ function endsWith($haystack, $needle)
$output_filename = "settings.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitsystemmonitor'])) {
$system_monitor_file = fopen(".system_monitor.txt", "w") or die("Unable to create system monitor file");
fwrite($system_monitor_file, "update");
diff --git a/webadmin/theme.php b/webadmin/theme.php
index aface2fe3..73402a2cc 100755
--- a/webadmin/theme.php
+++ b/webadmin/theme.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "settings.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submittheme'])) {
$confirm = htmlspecialchars($_POST['themechange']);
diff --git a/webadmin/translations.php b/webadmin/translations.php
index e210d2b92..0ced7cc9f 100755
--- a/webadmin/translations.php
+++ b/webadmin/translations.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -39,6 +39,8 @@ function endsWith($haystack, $needle)
return (substr($haystack, -$length) === $needle);
}
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (!isset($_POST['submitkeeptranslations'])) {
if (file_exists('.keep_translations.txt')) {
exec('rm .keep_translations.txt');
diff --git a/webadmin/translationsimport.php b/webadmin/translationsimport.php
index a2fd6f275..67e9497db 100755
--- a/webadmin/translationsimport.php
+++ b/webadmin/translationsimport.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "language.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submittranslationsimport'])) {
$language = htmlspecialchars($_POST['language']);
$translations_import = htmlspecialchars($_POST['translationslist']);
diff --git a/webadmin/upgradeconfirm.php b/webadmin/upgradeconfirm.php
index 5245c8e75..bf602a0b0 100755
--- a/webadmin/upgradeconfirm.php
+++ b/webadmin/upgradeconfirm.php
@@ -12,7 +12,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
$output_filename = "settings.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitupgradesettings'])) {
$output_filename = "settings_updates.html";
}
diff --git a/webadmin/userprofile.php b/webadmin/userprofile.php
index fd8482e5a..1abce95ef 100755
--- a/webadmin/userprofile.php
+++ b/webadmin/userprofile.php
@@ -13,7 +13,7 @@
// License
// =======
//
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
@@ -30,6 +30,8 @@
$output_filename = "users.html";
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
if (isset($_POST['submitremoveuser'])) {
$username = htmlspecialchars($_POST['myuser']);
--
GitLab