NPDS - Gestion de Contenu et de Communauté Open Source

Index du Forum » » Sécurité

Auteur

[Résolu] - NPDS hacké !

elpipo

Posté : 22-02-2004 15:14

le voilà :

<hr noshade class=ONGL> BR><?PHP
/************************************************************************/ /
/* NPDS V : Net Portal Dynamic System */
/* =========================== */
/* */
/* This version name NPDS Copyright (c) 2001-2003 */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */ BR>/************************************************************************/ BR>/************************************************************************/
/* You can secur the access to static page by using the methode */
/* describe in model.txt, simply add phpcode to call secur_static */
/* new function (in mainfile.php). */
/* this function accept one param with three values : */
/* - member / admin /adv_m (advance member) */
/* You can also modified the look : */
/* - NPDS=0 => no right blokcs */
/* - NPDS=1 => right blokcs */
/* - NPDS=-1 => no blocks very useful for print Page ! */ BR>/************************************************************************/
if (!isset($mainfile)) { !include!("mainfile.php"); }
global $pdst;

if (($npds!="1") and ($npds!="-1")) {
$pdst=0;
} else {
$pdst=$npds;
}

if ($npds!="-1") {
!include! ("header.php");
}
opentable();
if (($op!="") and ($op)) {
// Troll Control for security
if (eregi("(^[0-9a-z_\.-])",$op) and !stristr($op,".*://") and !stristr($op,"..") and !stristr($op,"../") and !stristr($op, "script") and !stristr($op, "cookie") and !stristr($op, "!iframe!") and !stristr($op, "applet") and !stristr($op, "object") and !stristr($op, "meta")) {
if (file_exists("static/$op")) {
!include! ("static/$op");
// Si vous voulez tracer les appels au pages statiques : supprimer les // devant la ligne ci-dessous
// Ecr_Log("security", "static/$op", "");
}
echo "";
} else {
echo "<center><FONT CLASS=\"ROUGE\">".translate("Please enter information according to the specifications")."</font></center><br>";
}
}
closetable();
if ($npds!="-1") {
!include! ("footer.php");
}
?>
<hr noshade class=ONGL>

Cet article provient de NPDS

http://www.npds.org/viewtopic.php?topic=10213&forum=12