From c2272766f2af1daa3d8b7ad0e361fc3ff1970f79 Mon Sep 17 00:00:00 2001
From: tomas <tomas@cfc7b370-4200-0410-a6e3-cb6bdb053afe>
Date: Sun, 20 Feb 2005 21:16:46 +0000
Subject: [PATCH] Remote exec protection added.

---
 .../modules/storageServer/var/install/install.php     | 11 ++++++++++-
 .../modules/storageServer/var/install/uninstall.php   | 11 ++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/livesupport/modules/storageServer/var/install/install.php b/livesupport/modules/storageServer/var/install/install.php
index f538d2168..cb0de1617 100644
--- a/livesupport/modules/storageServer/var/install/install.php
+++ b/livesupport/modules/storageServer/var/install/install.php
@@ -23,10 +23,19 @@
  
  
     Author   : $Author: tomas $
-    Version  : $Revision: 1.11 $
+    Version  : $Revision: 1.12 $
     Location : $Source: /home/paul/cvs2svn-livesupport/newcvsrepo/livesupport/modules/storageServer/var/install/install.php,v $
 
 ------------------------------------------------------------------------------*/
+// no remote execution
+$arr = array_diff_assoc($_SERVER, $_ENV);
+if($arr["DOCUMENT_ROOT"] != ""){
+    header("HTTP/1.1 400");
+    header("Content-type: text/plain; charset=UTF-8");
+    echo "400 Not executable\r\n";
+    exit;
+}
+
 require_once '../conf.php';
 require_once 'DB.php';
 require_once '../GreenBox.php';
diff --git a/livesupport/modules/storageServer/var/install/uninstall.php b/livesupport/modules/storageServer/var/install/uninstall.php
index 1e08260c2..296525617 100644
--- a/livesupport/modules/storageServer/var/install/uninstall.php
+++ b/livesupport/modules/storageServer/var/install/uninstall.php
@@ -23,10 +23,19 @@
  
  
     Author   : $Author: tomas $
-    Version  : $Revision: 1.9 $
+    Version  : $Revision: 1.10 $
     Location : $Source: /home/paul/cvs2svn-livesupport/newcvsrepo/livesupport/modules/storageServer/var/install/uninstall.php,v $
 
 ------------------------------------------------------------------------------*/
+// no remote execution
+$arr = array_diff_assoc($_SERVER, $_ENV);
+if($arr["DOCUMENT_ROOT"] != ""){
+    header("HTTP/1.1 400");
+    header("Content-type: text/plain; charset=UTF-8");
+    echo "400 Not executable\r\n";
+    exit;
+}
+
 require_once '../conf.php';
 require_once 'DB.php';
 require_once '../GreenBox.php';