1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#! /bin/sh -e
##
## All lines beginning with `## DP:' are a description of the patch.
##
## DP: Remote execution vulnerability fixed upstream in 2.4.21
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
if [ $# -ne 1 ]; then
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1
fi
case "$1" in
-patch) ( cd BUILD/sql-ledger && patch $patch_opts -p1 ) < $0 ;;
-unpatch) ( cd BUILD/sql-ledger && patch $patch_opts -p1 -R ) < $0 ;;
*)
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1;;
esac
exit 0
@DPATCH@
diff -ur sql-ledger-2.6.20/login.pl sql-ledger-2.6.21/login.pl
--- sql-ledger-2.6.20/login.pl 2006-09-11 22:13:58.000000000 +0200
+++ sql-ledger-2.6.21/login.pl 2006-11-24 23:11:23.000000000 +0100
@@ -69,6 +69,13 @@
$pos = rindex $0, '/';
$script = substr($0, $pos + 1);
+@scripts = qw(login.pl admin.pl custom_login.pl custom_admin.pl);
+
+if (grep !/^\Q$form{script}\E/, @scripts) {
+ print "Content-Type: text/html\n\n" if $ENV{HTTP_USER_AGENT};
+ print "\nAccess denied!\n";
+ exit;
+}
if (-e "$userspath/nologin" && $script ne 'admin.pl') {
print "Content-Type: text/html\n\n" if $ENV{HTTP_USER_AGENT};
|
