add security fix to lighttpd

doxikus · Jun 24, 2015 · 5313740 · 5313740
1 parent b3ebf1d
commit 5313740
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 10 deletions.
diff --git a/index.php b/index.php
@@ -99,10 +99,10 @@
     <?php if(!isset($_SESSION["user"])) {?>
 	    <form action="" method="post" class="navbar-form navbar-right" >
             <div class="form-group">
-              <input type="text" name="username" placeholder="User" class="form-control input-sm">
+              <input type="text" name="username" placeholder="User" class="form-control input-sm" required="">
             </div>
             <div class="form-group">
-              <input type="password" name="password" placeholder="Password" class="form-control input-sm">
+              <input type="password" name="password" placeholder="Password" class="form-control input-sm" required="">
             </div>
 	    <input type="hidden" name="form_login" value="log">
             <button type="submit" class="btn-xs btn-primary">Sign in</button>
@@ -163,6 +163,3 @@
 <?php 
 }
 ?>
-
-
-
diff --git a/install/lighttpd b/install/lighttpd
@@ -9,6 +9,7 @@ sed -i -e 's/server.document-root        = \"\/var\/www\"/server.document-root
 # didable dir access
 sed -i '/url.access-deny/d' /etc/lighttpd/lighttpd.conf
 sed -i '$a url.access-deny = ( "~", ".inc", ".dbf", ".db", ".txt", ".rrd" )' /etc/lighttpd/lighttpd.conf
+sed -i '$a $HTTP["url"] =~ "^/modules"  { url.access-deny = ("") }' /etc/lighttpd/lighttpd.conf
 # set url rewrite
 if cat /etc/lighttpd/lighttpd.conf |grep url.rewrite-once 1> /dev/null; then
 echo -e "[ ${GREEN}ok${R} ] lighttpd: Url rewrite exist"

diff --git a/modules/login/denied.php b/modules/login/denied.php
@@ -1,3 +1,7 @@
-<span class="belka">&nbsp info<span class="okno">
+<div class="panel panel-danger">
+<div class="panel-heading">
+<h3 class="panel-title">Warning</h3>
+</div>
+<div class="panel-body">
 <h3>Please login!</h3>
-</span></span>
+</div></div>
diff --git a/modules/mail/html/mail_test.php b/modules/mail/html/mail_test.php
@@ -23,9 +23,6 @@
 <form class="form-horizontal" action="" method="post">
 <fieldset>
 
-<!-- Form Name -->
-<legend>Send test mail</legend>
-
 <!-- Text input-->
 <div class="form-group">
   <label class="col-md-4 control-label" for="user">@</label>  

diff --git a/modules/security/fw/html/fw.php b/modules/security/fw/html/fw.php
@@ -1,3 +1,9 @@
+<?php 
+if(!isset($_SESSION['user'])){
+header("Location: denied");
+}
+?>
+
 <?php
     $fw_onoff = isset($_POST['fw_onoff']) ? $_POST['fw_onoff'] : '';
     $onoff = isset($_POST['onoff']) ? $_POST['onoff'] : '';