Security fix: unauthorized access (#10091)

* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
2024-10-07 16:52:45 +00:00 · 2019-04-11 23:26:42 -05:00
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
--- a/includes/html/error-no-perm.inc.php
+++ b/includes/html/error-no-perm.inc.php
@@ -0,0 +1,18 @@
+<?php
+
+echo("<div style='margin:auto; text-align: center; margin-top: 50px; max-width:600px'>");
+print_optionbar_start(100, 600);
+echo("
+   <table height=100% width=100%><tr>
+   <td><img src='images/no-48.png' valign=absmiddle></td>
+   <td width=10></td>
+   <td>
+     <span style='color: #990000; font-weight: bold;'>
+       <span style='font-size: 16px; font-weight: bold;'>Error</span>
+       <br />
+       <span style='font-size: 12px;'>You have insufficient permissions to view this page.</span>
+     </span>
+   </td>
+   </tr></table>");
+print_optionbar_end();
+echo("</div>");