1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## 019CVE-2009-2853.dpatch by Giuseppe Iuculano <giuseppe@iuculano.it>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fixed: CVE-2009-2853: Stop direct loading of files in wp-admin that should only be included
@DPATCH@
diff -urNad wordpress~/wp-admin/admin-footer.php wordpress/wp-admin/admin-footer.php
--- wordpress~/wp-admin/admin-footer.php 2009-08-20 21:16:44.000000000 +0200
+++ wordpress/wp-admin/admin-footer.php 2009-08-20 22:16:54.000000000 +0200
@@ -1,4 +1,8 @@
-
+<?php
+// don't load directly
+if ( !defined('ABSPATH') )
+ die('-1');
+?>
<div id="footer"><p><a href="http://wordpress.org/" id="wordpress-logo"><img src="images/wordpress-logo.png" alt="WordPress" /></a></p>
<p>
<a href="http://codex.wordpress.org/"><?php _e('Documentation'); ?></a> — <a href="http://wordpress.org/support/"><?php _e('Support Forums'); ?></a> <br />
diff -urNad wordpress~/wp-admin/edit-form-advanced.php wordpress/wp-admin/edit-form-advanced.php
--- wordpress~/wp-admin/edit-form-advanced.php 2009-08-20 22:15:36.000000000 +0200
+++ wordpress/wp-admin/edit-form-advanced.php 2009-08-20 22:24:40.000000000 +0200
@@ -1,4 +1,7 @@
<?php
+// don't load directly
+if ( !defined('ABSPATH') )
+ die('-1');
if ( isset($_GET['message']) )
$_GET['message'] = (int) $_GET['message'];
$messages[1] = __('Post updated');
diff -urNad wordpress~/wp-admin/edit-form-comment.php wordpress/wp-admin/edit-form-comment.php
--- wordpress~/wp-admin/edit-form-comment.php 2009-08-20 22:15:36.000000000 +0200
+++ wordpress/wp-admin/edit-form-comment.php 2009-08-20 22:26:13.000000000 +0200
@@ -1,4 +1,7 @@
<?php
+// don't load directly
+if ( !defined('ABSPATH') )
+ die('-1');
$submitbutton_text = __('Edit Comment »');
$toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
$form_action = 'editedcomment';
diff -urNad wordpress~/wp-admin/edit-form.php wordpress/wp-admin/edit-form.php
--- wordpress~/wp-admin/edit-form.php 2009-08-20 22:15:36.000000000 +0200
+++ wordpress/wp-admin/edit-form.php 2009-08-20 22:28:38.000000000 +0200
@@ -1,3 +1,8 @@
+<?php
+// don't load directly
+if ( !defined('ABSPATH') )
+ die('-1');
+?>
<div class="wrap">
<h2><?php _e('Write Post'); ?></h2>
diff -urNad wordpress~/wp-admin/edit-link-form.php wordpress/wp-admin/edit-link-form.php
--- wordpress~/wp-admin/edit-link-form.php 2009-08-20 21:16:44.000000000 +0200
+++ wordpress/wp-admin/edit-link-form.php 2009-08-20 22:26:57.000000000 +0200
@@ -1,4 +1,8 @@
<?php
+// don't load directly
+if ( !defined('ABSPATH') )
+ die('-1');
+
if ( ! empty($link_id) ) {
$editing = true;
$heading = __('Edit a link:');
@@ -236,4 +240,4 @@
<input type="hidden" name="action" value="Add" />
<?php endif; ?>
</form>
-</div>
\ No newline at end of file
+</div>
diff -urNad wordpress~/wp-admin/edit-page-form.php wordpress/wp-admin/edit-page-form.php
--- wordpress~/wp-admin/edit-page-form.php 2009-08-20 22:15:36.000000000 +0200
+++ wordpress/wp-admin/edit-page-form.php 2009-08-20 22:29:31.000000000 +0200
@@ -1,3 +1,8 @@
+<?php
+// don't load directly
+if ( !defined('ABSPATH') )
+ die('-1');
+?>
<div class="wrap">
<h2 id="write-post"><?php _e('Write Page'); ?><?php if ( 0 != $post_ID ) : ?>
|
