From 32d76dc4b105e61dd2a2ea30c902e767d13808a6 Mon Sep 17 00:00:00 2001 From: Andy Lindeman Date: Thu, 27 Mar 2003 02:35:18 +0000 Subject: [PATCH] fixing bug #22915 git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@121380 c90b9560-bf6c-de11-be94-00142212c4b1 --- chapters/security.xml | 10 +++++----- security/index.xml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/chapters/security.xml b/chapters/security.xml index cea8902ca9..24bb489348 100644 --- a/chapters/security.xml +++ b/chapters/security.xml @@ -1,5 +1,5 @@ - + Security @@ -1011,7 +1011,7 @@ if ($username) { // Not initialized or checked before usage $good_login = 1; } if ($good_login == 1) { // If above test fails, not initialized or checked before usage - fpassthru ("/highly/sensitive/data/index.html"); + readfile ("/highly/sensitive/data/index.html"); } ?> ]]> @@ -1046,7 +1046,7 @@ if ($username) { // can be forged by a user in get/post/cookies } if ($good_login == 1) { // can be forged by a user in get/post/cookies, - fpassthru ("/highly/sensitive/data/index.html"); + readfile ("/highly/sensitive/data/index.html"); } ?> ]]> @@ -1060,7 +1060,7 @@ if ($good_login == 1) { // can be forged by a user in get/post/cookies, if($_COOKIE['username']){ // can only come from a cookie, forged or otherwise $good_login = 1; - fpassthru ("/highly/sensitive/data/index.html"); + readfile ("/highly/sensitive/data/index.html"); } ?> ]]> @@ -1083,7 +1083,7 @@ if ($_COOKIE['username'] && !$_GET['username'] ) { // Perform other checks to validate the user name... $good_login = 1; - fpassthru ("/highly/sensitive/data/index.html"); + readfile ("/highly/sensitive/data/index.html"); } else { mail("admin@example.com", "Possible breakin attempt", $_SERVER['REMOTE_ADDR']); echo "Security violation, admin has been alerted."; diff --git a/security/index.xml b/security/index.xml index cea8902ca9..24bb489348 100644 --- a/security/index.xml +++ b/security/index.xml @@ -1,5 +1,5 @@ - + Security @@ -1011,7 +1011,7 @@ if ($username) { // Not initialized or checked before usage $good_login = 1; } if ($good_login == 1) { // If above test fails, not initialized or checked before usage - fpassthru ("/highly/sensitive/data/index.html"); + readfile ("/highly/sensitive/data/index.html"); } ?> ]]> @@ -1046,7 +1046,7 @@ if ($username) { // can be forged by a user in get/post/cookies } if ($good_login == 1) { // can be forged by a user in get/post/cookies, - fpassthru ("/highly/sensitive/data/index.html"); + readfile ("/highly/sensitive/data/index.html"); } ?> ]]> @@ -1060,7 +1060,7 @@ if ($good_login == 1) { // can be forged by a user in get/post/cookies, if($_COOKIE['username']){ // can only come from a cookie, forged or otherwise $good_login = 1; - fpassthru ("/highly/sensitive/data/index.html"); + readfile ("/highly/sensitive/data/index.html"); } ?> ]]> @@ -1083,7 +1083,7 @@ if ($_COOKIE['username'] && !$_GET['username'] ) { // Perform other checks to validate the user name... $good_login = 1; - fpassthru ("/highly/sensitive/data/index.html"); + readfile ("/highly/sensitive/data/index.html"); } else { mail("admin@example.com", "Possible breakin attempt", $_SERVER['REMOTE_ADDR']); echo "Security violation, admin has been alerted.";