From 61071e8c6c43f3ef97127a1d842e580f2c8621eb Mon Sep 17 00:00:00 2001
From: Alan Garcia <a.garcia@nnx.com>
Date: Fri, 11 Mar 2011 10:18:38 +0000
Subject: [PATCH] =?UTF-8?q?Correction=20:=20langue=20on=20enleve=20le=20fl?=
 =?UTF-8?q?ag.=20Securit=C3=A9=20:=20deny=20access=20=C3=A0=20http://panel?=
 =?UTF-8?q?-alternc/class/=20Menulist=20dans=20/etc/alternc=20et=20plus=20?=
 =?UTF-8?q?dans=20/var/alternc/bureau/?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitattributes                     |   5 +----
 bureau/admin/images/flag_de_DE.png | Bin 147 -> 0 bytes
 bureau/admin/images/flag_en_US.png | Bin 803 -> 0 bytes
 bureau/admin/images/flag_es_ES.png | Bin 168 -> 0 bytes
 bureau/admin/images/flag_fr_FR.png | Bin 178 -> 0 bytes
 bureau/admin/menu.php              |  18 ++++--------------
 bureau/admin/menu_lang.php         |  12 ++++++++++++
 debian/alternc.links               |   1 -
 debian/alternc.preinst             |   4 +---
 etc/alternc/apache2.conf           |  24 ++++++++++++++++--------
 etc/alternc/menulist.txt           |   1 +
 11 files changed, 35 insertions(+), 30 deletions(-)
 delete mode 100644 bureau/admin/images/flag_de_DE.png
 delete mode 100644 bureau/admin/images/flag_en_US.png
 delete mode 100644 bureau/admin/images/flag_es_ES.png
 delete mode 100644 bureau/admin/images/flag_fr_FR.png
 create mode 100644 bureau/admin/menu_lang.php

diff --git a/.gitattributes b/.gitattributes
index 72559bbf..8365479b 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -164,10 +164,6 @@ bureau/admin/images/delete.png -text
 bureau/admin/images/dom.png -text
 bureau/admin/images/edit.png -text
 bureau/admin/images/exit.png -text
-bureau/admin/images/flag_de_DE.png -text
-bureau/admin/images/flag_en_US.png -text
-bureau/admin/images/flag_es_ES.png -text
-bureau/admin/images/flag_fr_FR.png -text
 bureau/admin/images/folder.png -text
 bureau/admin/images/folderhta.png -text
 bureau/admin/images/ftp.png -text
@@ -234,6 +230,7 @@ bureau/admin/menu_aide.php -text
 bureau/admin/menu_brouteur.php -text
 bureau/admin/menu_dom.php -text
 bureau/admin/menu_ftp.php -text
+bureau/admin/menu_lang.php -text
 bureau/admin/menu_mail.php -text
 bureau/admin/menu_mem.php -text
 bureau/admin/menu_quota.php -text
diff --git a/bureau/admin/images/flag_de_DE.png b/bureau/admin/images/flag_de_DE.png
deleted file mode 100644
index 0a6a87036bd9388f6a4ca05cfe2ed7e2cc71460a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 147
zcmeAS@N?(olHy`uVBq!ia0vp^qCm{Y#0(_&X6%mzQak}ZA+G;{;0(imAeVumg75n#
zAjMhW5n0T@z%2~Ij105pNB{-dOFVsD*{?B+il|y=G4E;s3Q2joIEHXsPyWHr#4hn6
laJ9n%Mr%<nCcYmU40D}LYxQ(y9s{ak@O1TaS?83{1OS`^BsKs5

diff --git a/bureau/admin/images/flag_en_US.png b/bureau/admin/images/flag_en_US.png
deleted file mode 100644
index a1e212e9391605c709a6fa1244902603c5291631..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 803
zcmV+;1Kj+HP)<h;3K|Lk000e1NJLTq000#L000gM0{{R3_t>ZW00004XF*Lt006O%
z3;baP00007bV*G`2h#)_3<n@r)BO|x00E&;OjJev_WI6EPt_(c(AVWLLV7buel<#i
zI81=j)!gsDxY;f;)i5s3WoG>U|20K{f{d;H{{Q~^|NZ{^>ch#@Bq{sb+GTi|`v3ed
zOMyd9i1PIH{`~vlxwFa{9W_OF<m2t-siV~!Bk6~ISbe21KY-aWGB8Ye|NsB$!n^jv
zz&%fYIZcErJ9X~h+|(2m>#VET=I-petK2g++i`OC`TF?(|JZwc%?u7mScNl6h_$=L
z`~3Xy($3i;D)Q&&?X<GlE-wE6{PzCx<9K(_I5_0d)%E}X-7YWp{Qdg>|J@)T)FB<%
zBp=r)BGM!x*(NC2EGpL?8rUNx*(fX3C?wV@DBCV5(<dFzC??<~D9bJ`+bJ=}(BQ<(
z-NVe*`ThCx;^o>hHrF*X>4${%_4)YH*4f?UI!J;!LVSagulCW>;Iz2uuBO&9G}tsY
z+>M6&{q@Nr9@$n{lbW_VP=|1dsqXRY=!c5r^z_l)>)dN>&|6pMnwa?I=;o}b<BE&(
z?Ci!kIo>xn-Yh!o<>t-H+bl<a-i?u_w8rkEr}^yb4h-TS00009a7bBm000XT000XT
z0n*)m`~Uy}1xZ9fR4C6)%{?yz0RV^b|I^A<)t#3jO`Ez@(li9C7zn$M;4LwT-Dnb@
zz$$7mNW>y0Be9S$N*J0*imkoN-RZT>9YYt-2lzc4!ucjQFIzdsFE`z@_=tLu4LcaT
z)M|A**9?j+_w<0bXPbTBybBxd-f?A_G{BYpSY)@l1C4BL!UTYm{Mv2Ex&%BeT+dGd
z+~><b7h+6WQ6CU@d@C?pieBf$lEwikOeobF@DfIpR76Rd1`#JAie;#sQU_Dg;)lLe
zuxlf(oZ%7=VpfvX+kaXXfai-D=*j@_P4FxT(=bVx2B<^fJ2T{2;=RIX*8rT~Bq)(-
hWP6zSUt8)2{s3&EQR5r3*r)&i002ovPDHLkV1o41nq&X~

diff --git a/bureau/admin/images/flag_es_ES.png b/bureau/admin/images/flag_es_ES.png
deleted file mode 100644
index ba6f854b5f44e8b47c7c7d3dbf966aa02b8ab2e1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 168
zcmeAS@N?(olHy`uVBq!ia0vp^qCm{Y!3HD`u!WxkQtTz3zOL+7*;qt%tg^38^8pI6
zC3(BMF#HF>1$&oI28wVNctjR6FmMZlFeAgPITAoYQ%@Ji5R22vHir*<nBRD+q40&o
zuQiTbs~0Lby2;GqIQ92`zEAD+J}D~~p4upV%Spu|x;(55|CCi<C#JiH0S#dAboFyt
I=akR{0LyMLivR!s

diff --git a/bureau/admin/images/flag_fr_FR.png b/bureau/admin/images/flag_fr_FR.png
deleted file mode 100644
index 1d3c5dc4631e3442272579166fc7afcfcfe0a8f9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 178
zcmeAS@N?(olHy`uVBq!ia0vp^qCm{Y!VDyhG`#)-DVB6cUq=Rpjs4tz5?O(K_7YED
zSN6*+(md?Cnn{f-fkJWtJ|V8k3~9;?NfL}v|Ns5}|NjpVgXrHse=l14kAXp6^u`pR
zO3nh0$YKTtZXpn6ymYtj4^U9t)5S4F;&O6ILV`e0kVueF!jE$n9XA=?q=>$sRQRa~
PsD#1O)z4*}Q$iB}@t-)J

diff --git a/bureau/admin/menu.php b/bureau/admin/menu.php
index 8e8b3a4c..84a2af30 100644
--- a/bureau/admin/menu.php
+++ b/bureau/admin/menu.php
@@ -38,25 +38,15 @@ require_once("../class/config.php");
 <?php
 
 $MENUPATH="/var/alternc/bureau/admin/";
-$tt=@fopen("menulist.txt","rb");
-if ($tt) {
-  while (!feof ($tt)) {
-    $c=trim(fgets($tt,4096));
-    if ($c && file_exists($MENUPATH.$c)) {
-      include($MENUPATH.$c);
-    }
-  }
-  fclose($tt);
+$file=file("/etc/alternc/menulist.txt", FILE_SKIP_EMPTY_LINES);
+foreach($file as $v) {
+  $v=trim($v);
+  if ( file_exists($MENUPATH.$v)) include($MENUPATH.$v);
 }
-
 ?>
 <p class="center"><a href="http://www.alternc.org" target="_blank"><img src="logo2.png" border="0" alt="AlternC" /></a>
 <br />
 <?php 
 echo "$L_VERSION";
-echo "</p><p class='center'>";
-foreach($locales as $l) { ?>
-  <a href="?setlang=<?php echo $l; ?>"><img alt='<?php __($l); ?>' src='images/flag_<?php echo $l;?>.png' /></a><?php
-}
 ?>
 </p>
diff --git a/bureau/admin/menu_lang.php b/bureau/admin/menu_lang.php
new file mode 100644
index 00000000..a10f1277
--- /dev/null
+++ b/bureau/admin/menu_lang.php
@@ -0,0 +1,12 @@
+<div class="menu-box">
+ <div class="menu-title">
+  <img src="/admin/images/lang.png" alt="<?php __("Langues"); ?>" />&nbsp;<?php __("Langues"); ?></div>
+ <div class="menu-content" id="menu-lang">
+  <ul>
+   <?php foreach($locales as $l) { ?>
+    <li><a href="/admin/login.php?setlang=<?php echo $l; ?>" target="_top"><?php __($l); ?></a></li>
+   <?php } ?>
+  </ul>
+ </div>
+</div>
+
diff --git a/debian/alternc.links b/debian/alternc.links
index 0406226f..366b9315 100644
--- a/debian/alternc.links
+++ b/debian/alternc.links
@@ -1,4 +1,3 @@
 /usr/share/alternc/install/alternc.install usr/sbin/alternc.install
-/etc/alternc/menulist.txt var/alternc/bureau/admin/menulist.txt
 fr_FR var/alternc/bureau/locales/fr_CA
 en_US var/alternc/bureau/locales/en_GB
diff --git a/debian/alternc.preinst b/debian/alternc.preinst
index baf0be1a..e9381271 100644
--- a/debian/alternc.preinst
+++ b/debian/alternc.preinst
@@ -55,12 +55,10 @@ case "$1" in
             echo "/etc/bind/master was not empty. Please remove it manually."
     fi
 
-    if [ ! -h /var/alternc/bureau/admin/menulist.txt ]; then
+    if [ ! -e /etc/alternc/menulist.txt ]; then
         if [ -f /var/alternc/bureau/admin/menulist.txt ]; then
             mv -f /var/alternc/bureau/admin/menulist.txt \
                   /etc/alternc/menulist.txt
-            ln -sf /etc/alternc/menulist.txt \
-                  /var/alternc/bureau/admin/menulist.txt
         fi
     fi
 
diff --git a/etc/alternc/apache2.conf b/etc/alternc/apache2.conf
index a5667c6c..47ef014c 100644
--- a/etc/alternc/apache2.conf
+++ b/etc/alternc/apache2.conf
@@ -3,6 +3,20 @@
 
 ScriptAlias /cgi-bin/ /var/alternc/cgi-bin/
 
+#### Some security parameters
+# We set a PhpMyAdmin alias to override the one PhpMyAdmin may have installed
+# to prevent phpmyadmin to be bruteforced "by default"
+Alias /phpmyadmin /usr/share/phpmyadmin
+
+# Deny access to the root filesystem
+<Directory />
+  Options FollowSymLinks
+  AllowOverride None
+  Order allow,deny
+  Deny from all
+</Directory>
+#### End security parameters
+
 <Directory /var/alternc/cgi-bin/>
     Options FollowSymLinks IncludesNOEXEC ExecCGI
     AllowOverride None
@@ -11,14 +25,7 @@ ScriptAlias /cgi-bin/ /var/alternc/cgi-bin/
     AddHandler cgi-script .cgi
 </Directory>
 
-<Directory />
-  Options FollowSymLinks
-  AllowOverride None
-  Order allow,deny
-  Deny from all
-</Directory>
-
-<Directory /var/alternc/bureau>
+<Directory /var/alternc/bureau/admin/>
   Order allow,deny
   Allow from all
 
@@ -27,6 +34,7 @@ ScriptAlias /cgi-bin/ /var/alternc/cgi-bin/
   php_admin_flag register_globals on
   AddDefaultCharset ISO-8859-1
   php_admin_value open_basedir /etc/alternc/:/var/run/alternc/:/var/alternc/bureau/:/var/alternc/html/:/var/alternc/tmp:/tmp:/usr/share/php/:/var/cache/alternc-webalizer/:/etc/locale.gen
+
 </Directory>
 
 
diff --git a/etc/alternc/menulist.txt b/etc/alternc/menulist.txt
index 6d3d31d6..84219dc7 100644
--- a/etc/alternc/menulist.txt
+++ b/etc/alternc/menulist.txt
@@ -9,3 +9,4 @@ menu_sql.php
 menu_quota.php
 menu_aide.php
 menu_mem.php
+menu_lang.php