Correction : langue on enleve le flag.

Securité : deny access à http://panel-alternc/class/ Menulist dans /etc/alternc et plus dans /var/alternc/bureau/
2011-03-11 10:18:38 +00:00 · 2011-03-11 10:18:38 +00:00 · 61071e8c6c
parent 5668506c08
commit 61071e8c6c
11 changed files with 35 additions and 30 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -164,10 +164,6 @@ bureau/admin/images/delete.png -text
 bureau/admin/images/dom.png -text
 bureau/admin/images/edit.png -text
 bureau/admin/images/exit.png -text
-bureau/admin/images/flag_de_DE.png -text
-bureau/admin/images/flag_en_US.png -text
-bureau/admin/images/flag_es_ES.png -text
-bureau/admin/images/flag_fr_FR.png -text
 bureau/admin/images/folder.png -text
 bureau/admin/images/folderhta.png -text
 bureau/admin/images/ftp.png -text
@ -234,6 +230,7 @@ bureau/admin/menu_aide.php -text
 bureau/admin/menu_brouteur.php -text
 bureau/admin/menu_dom.php -text
 bureau/admin/menu_ftp.php -text
+bureau/admin/menu_lang.php -text
 bureau/admin/menu_mail.php -text
 bureau/admin/menu_mem.php -text
 bureau/admin/menu_quota.php -text
--- a/bureau/admin/images/flag_de_DE.png
+++ b/bureau/admin/images/flag_de_DE.png
--- a/bureau/admin/images/flag_en_US.png
+++ b/bureau/admin/images/flag_en_US.png
--- a/bureau/admin/images/flag_es_ES.png
+++ b/bureau/admin/images/flag_es_ES.png
--- a/bureau/admin/images/flag_fr_FR.png
+++ b/bureau/admin/images/flag_fr_FR.png
--- a/bureau/admin/menu.php
+++ b/bureau/admin/menu.php
@ -38,25 +38,15 @@ require_once("../class/config.php");
 <?php

 $MENUPATH="/var/alternc/bureau/admin/";
-$tt=@fopen("menulist.txt","rb");
-if ($tt) {
-  while (!feof ($tt)) {
-    $c=trim(fgets($tt,4096));
-    if ($c && file_exists($MENUPATH.$c)) {
-      include($MENUPATH.$c);
-    }
-  }
-  fclose($tt);
+$file=file("/etc/alternc/menulist.txt", FILE_SKIP_EMPTY_LINES);
+foreach($file as $v) {
+  $v=trim($v);
+  if ( file_exists($MENUPATH.$v)) include($MENUPATH.$v);
 }
-
 ?>
 <p class="center"><a href="http://www.alternc.org" target="_blank"><img src="logo2.png" border="0" alt="AlternC" /></a>
 <br />
 <?php 
 echo "$L_VERSION";
-echo "</p><p class='center'>";
-foreach($locales as $l) { ?>
-  <a href="?setlang=<?php echo $l; ?>"><img alt='<?php __($l); ?>' src='images/flag_<?php echo $l;?>.png' /></a><?php
-}
 ?>
 </p>
--- a/bureau/admin/menu_lang.php
+++ b/bureau/admin/menu_lang.php
@ -0,0 +1,12 @@
+<div class="menu-box">
+ <div class="menu-title">
+  <img src="/admin/images/lang.png" alt="<?php __("Langues"); ?>" />&nbsp;<?php __("Langues"); ?></div>
+ <div class="menu-content" id="menu-lang">
+  <ul>
+   <?php foreach($locales as $l) { ?>
+    <li><a href="/admin/login.php?setlang=<?php echo $l; ?>" target="_top"><?php __($l); ?></a></li>
+   <?php } ?>
+  </ul>
+ </div>
+</div>
+
--- a/debian/alternc.links
+++ b/debian/alternc.links
@ -1,4 +1,3 @@
 /usr/share/alternc/install/alternc.install usr/sbin/alternc.install
-/etc/alternc/menulist.txt var/alternc/bureau/admin/menulist.txt
 fr_FR var/alternc/bureau/locales/fr_CA
 en_US var/alternc/bureau/locales/en_GB
--- a/debian/alternc.preinst
+++ b/debian/alternc.preinst
@ -55,12 +55,10 @@ case "$1" in
            echo "/etc/bind/master was not empty. Please remove it manually."
    fi

-    if [ ! -h /var/alternc/bureau/admin/menulist.txt ]; then
+    if [ ! -e /etc/alternc/menulist.txt ]; then
        if [ -f /var/alternc/bureau/admin/menulist.txt ]; then
            mv -f /var/alternc/bureau/admin/menulist.txt \
                  /etc/alternc/menulist.txt
-            ln -sf /etc/alternc/menulist.txt \
-                  /var/alternc/bureau/admin/menulist.txt
        fi
    fi

--- a/etc/alternc/apache2.conf
+++ b/etc/alternc/apache2.conf
@ -3,6 +3,20 @@

 ScriptAlias /cgi-bin/ /var/alternc/cgi-bin/

+#### Some security parameters
+# We set a PhpMyAdmin alias to override the one PhpMyAdmin may have installed
+# to prevent phpmyadmin to be bruteforced "by default"
+Alias /phpmyadmin /usr/share/phpmyadmin
+
+# Deny access to the root filesystem
+<Directory />
+  Options FollowSymLinks
+  AllowOverride None
+  Order allow,deny
+  Deny from all
+</Directory>
+#### End security parameters
+
 <Directory /var/alternc/cgi-bin/>
    Options FollowSymLinks IncludesNOEXEC ExecCGI
    AllowOverride None
@ -11,14 +25,7 @@ ScriptAlias /cgi-bin/ /var/alternc/cgi-bin/
    AddHandler cgi-script .cgi
 </Directory>

-<Directory />
-  Options FollowSymLinks
-  AllowOverride None
-  Order allow,deny
-  Deny from all
-</Directory>
-
-<Directory /var/alternc/bureau>
+<Directory /var/alternc/bureau/admin/>
  Order allow,deny
  Allow from all

@ -27,6 +34,7 @@ ScriptAlias /cgi-bin/ /var/alternc/cgi-bin/
  php_admin_flag register_globals on
  AddDefaultCharset ISO-8859-1
  php_admin_value open_basedir /etc/alternc/:/var/run/alternc/:/var/alternc/bureau/:/var/alternc/html/:/var/alternc/tmp:/tmp:/usr/share/php/:/var/cache/alternc-webalizer/:/etc/locale.gen
+
 </Directory>


--- a/etc/alternc/menulist.txt
+++ b/etc/alternc/menulist.txt
@ -9,3 +9,4 @@ menu_sql.php
 menu_quota.php
 menu_aide.php
 menu_mem.php
+menu_lang.php