Only allow web interface scripts to run from the web interface

src/freedombone-image-hardware-setup

@@ -36,6 +36,7 @@ export TEXTDOMAIN=${PROJECT_NAME}-image-hardware-setup
 export TEXTDOMAINDIR="/usr/share/locale"
 
 INSTALL_PACKAGES='apt-get -yq install'
+INSTALL_PACKAGES_BACKPORTS='apt-get -yq -t stretch-backports install'
 
 convert_dts() {
     dts="$1"
@@ -180,8 +181,7 @@ arm_setup_boot() {
                    arm_boot_start='usb start; '
                fi
                ;;
-        "sun"*) $INSTALL_PACKAGES_BACKPORTS linux-image-armmp-lpae
-                arm_boot_device="mmc 0:1"
+        "sun"*) arm_boot_device="mmc 0:1"
                 { echo "rtc_sunxi";
                   echo "vfat"; } >> /etc/initramfs-tools/modules
                 ;;

webadmin/backupconfirm.php

@@ -12,7 +12,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
 
 $output_filename = "backup.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['backupconfirmsubmit'])) {
     if(isset($_POST['backupconfirm'])) {
         $confirm = htmlspecialchars($_POST['backupconfirm']);

webadmin/backuprestore.php

@@ -10,7 +10,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -40,6 +40,8 @@ function endsWith($haystack, $needle)
 
 $output_filename = "backup.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitbackuppassword'])) {
     $pass = trim(htmlspecialchars($_POST['backup_password']));
     $pass_confirm = trim(htmlspecialchars($_POST['backup_password_confirm']));

webadmin/blocking.php

@@ -12,7 +12,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
 
 $output_filename = "settings.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 // blocked addresses or domains
 if (isset($_POST['submitblocking'])) {
     $blockinglist = htmlspecialchars($_POST['blockinglist']);

webadmin/bridges.php

@@ -12,7 +12,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
 
 $output_filename = "settings.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitbridges'])) {
     $bridgeslist = htmlspecialchars($_POST['bridgeslist']);
 

webadmin/changedomain.php

@@ -29,6 +29,8 @@
 
 $output_filename = "dynamicdns.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 function endsWith($haystack, $needle)
 {
     $length = strlen($needle);

webadmin/dynamicdns.php

@@ -29,6 +29,8 @@
 
 $output_filename = "settings.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitddnshelp'])) {
     $output_filename = "help_dynamicdns.html";
 }

webadmin/emailproxy.php

@@ -12,7 +12,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
 
 $output_filename = "index.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitemailhelp'])) {
     $output_filename = "help_email.html";
 }

webadmin/formatconfirm.php

@@ -12,7 +12,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
 
 $output_filename = "backup.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['formatconfirmsubmit'])) {
     if(isset($_POST['formatconfirm'])) {
         $confirm = htmlspecialchars($_POST['formatconfirm']);

webadmin/installapp.php

@@ -15,7 +15,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -32,6 +32,8 @@
 
 $output_filename = "apps_add.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitappinstall'])) {
     $app_name = htmlspecialchars($_POST['app_name']);
     $install_domain = '';

webadmin/installappcancel.php

@@ -39,6 +39,8 @@ function endsWith($haystack, $needle)
 
 $output_filename = "index.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['installcancelsubmit'])) {
 
     $host  = $_SERVER['HTTP_HOST'];

webadmin/installappconfirm.php

@@ -17,7 +17,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -44,6 +44,8 @@ function endsWith($haystack, $needle)
 
 $output_filename = "apps_add.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['installconfirmsubmit'])) {
     if(isset($_POST['installconfirm'])) {
         $confirm = htmlspecialchars($_POST['installconfirm']);

webadmin/installappfailed.php

@@ -12,7 +12,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -39,6 +39,8 @@ function endsWith($haystack, $needle)
 
 $output_filename = "app_installing_failed.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitinstallappfailedcontinue'])) {
 
     $host  = $_SERVER['HTTP_HOST'];

webadmin/language.php

@@ -12,7 +12,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
 
 $output_filename = "settings.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitlanguage'])) {
     $language = htmlspecialchars($_POST['language']);
 

webadmin/newuser.php

@@ -12,7 +12,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
 
 $output_filename = "users.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitnewuser'])) {
     $username = htmlspecialchars($_POST['username']);
 

webadmin/password.php

@@ -12,7 +12,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
 
 $output_filename = "users.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitacceptpassword'])) {
     $username = htmlspecialchars($_POST['myuser']);
     $newpassword = htmlspecialchars($_POST['mypassword']);

webadmin/removeapp.php

@@ -15,7 +15,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -32,6 +32,8 @@
 
 $output_filename = "apps.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['uninstall'])) {
     $app_name = htmlspecialchars($_POST['app_name']);
 

webadmin/removeappconfirm.php

@@ -17,7 +17,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -34,6 +34,8 @@
 
 $output_filename = "apps.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['removeconfirmsubmit'])) {
     if(isset($_POST['removeconfirm'])) {
         $confirm = htmlspecialchars($_POST['removeconfirm']);

webadmin/removeuserconfirm.php

@@ -10,7 +10,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -27,6 +27,8 @@
 
 $output_filename = "users.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitremoveuser'])) {
     if(isset($_POST['removeuserconfirm'])) {
         $confirm = htmlspecialchars($_POST['removeuserconfirm']);

webadmin/reset.php

@@ -12,7 +12,7 @@
 // License
 // =======
 //
-// Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -29,6 +29,8 @@
 
 $output_filename = "settings.html";
 
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
 if (isset($_POST['submitreset'])) {
     $reset_file = fopen(".reset.txt", "w") or die("Unable to write to reset file");
     fwrite($reset_file, "reset");