修正泄露路径的漏洞

doupip · Mar 10, 2014 · 0d30d33 · 0d30d33
1 parent a7e4a8e
commit 0d30d33
Show file tree

Hide file tree

Showing 101 changed files with 99 additions and 45 deletions.
diff --git a/usr/plugins/HelloWorld/Plugin.php b/usr/plugins/HelloWorld/Plugin.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Hello World
  * 

diff --git a/var/IXR/Client.php b/var/IXR/Client.php
@@ -7,27 +7,6 @@
    Made available under the Artistic License: http://www.opensource.org/licenses/artistic-license.php
 */
 
-/** IXR值 */
-require_once 'IXR/Value.php';
-
-/** IXR消息 */
-require_once 'IXR/Message.php';
-
-/** IXR请求体 */
-require_once 'IXR/Request.php';
-
-/** IXR错误 */
-require_once 'IXR/Error.php';
-
-/** IXR日期 */
-require_once 'IXR/Date.php';
-
-/** IXR Base64编码 */
-require_once 'IXR/Base64.php';
-
-/** Typecho_Http_Client */
-require_once 'Typecho/Http/Client.php';
-
 /**
  * IXR客户端
  * reload by typecho team(http://www.typecho.org)

diff --git a/var/IXR/ClientMulticall.php b/var/IXR/ClientMulticall.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /*
    IXR - The Inutio XML-RPC Library - (c) Incutio Ltd 2002
    Version 1.61 - Simon Willison, 11th July 2003 (htmlentities -> htmlspecialchars)
@@ -7,9 +8,6 @@
    Made available under the Artistic License: http://www.opensource.org/licenses/artistic-license.php
 */
 
-/** IXR_Clinet */
-require_once 'IXR/Clinet.php';
-
 /**
  * IXR客户端
  *

diff --git a/var/IXR/Exception.php b/var/IXR/Exception.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /*
    IXR - The Inutio XML-RPC Library - (c) Incutio Ltd 2002
    Version 1.61 - Simon Willison, 11th July 2003 (htmlentities -> htmlspecialchars)

diff --git a/var/IXR/IntrospectionServer.php b/var/IXR/IntrospectionServer.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /*
    IXR - The Inutio XML-RPC Library - (c) Incutio Ltd 2002
    Version 1.61 - Simon Willison, 11th July 2003 (htmlentities -> htmlspecialchars)
@@ -7,9 +8,6 @@
    Made available under the Artistic License: http://www.opensource.org/licenses/artistic-license.php
 */
 
-/** IXR_Server */
-require_once 'IXR/Server.php';
-
 /**
  * IXR服务器
  *

diff --git a/var/IXR/Server.php b/var/IXR/Server.php
@@ -7,24 +7,6 @@
    Made available under the Artistic License: http://www.opensource.org/licenses/artistic-license.php
 */
 
-/** IXR值 */
-require_once 'IXR/Value.php';
-
-/** IXR消息 */
-require_once 'IXR/Message.php';
-
-/** IXR请求体 */
-require_once 'IXR/Request.php';
-
-/** IXR错误 */
-require_once 'IXR/Error.php';
-
-/** IXR日期 */
-require_once 'IXR/Date.php';
-
-/** IXR Base64编码 */
-require_once 'IXR/Base64.php';
-
 /**
  * IXR服务器
  *

diff --git a/var/Typecho/Db/Adapter/Exception.php b/var/Typecho/Db/Adapter/Exception.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Db/Adapter/Mysql.php b/var/Typecho/Db/Adapter/Mysql.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Db/Adapter/Pdo.php b/var/Typecho/Db/Adapter/Pdo.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Db/Adapter/Pdo/Mysql.php b/var/Typecho/Db/Adapter/Pdo/Mysql.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Db/Adapter/Pdo/Pgsql.php b/var/Typecho/Db/Adapter/Pdo/Pgsql.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Db/Adapter/Pdo/SQLite.php b/var/Typecho/Db/Adapter/Pdo/SQLite.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Db/Adapter/Pgsql.php b/var/Typecho/Db/Adapter/Pgsql.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Db/Adapter/SQLite.php b/var/Typecho/Db/Adapter/SQLite.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Db/Exception.php b/var/Typecho/Db/Exception.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Db/Query/Exception.php b/var/Typecho/Db/Query/Exception.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Http/Client/Adapter/Curl.php b/var/Typecho/Http/Client/Adapter/Curl.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * CURL适配器
  *

diff --git a/var/Typecho/Http/Client/Adapter/Socket.php b/var/Typecho/Http/Client/Adapter/Socket.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Socket适配器
  *

diff --git a/var/Typecho/Http/Client/Exception.php b/var/Typecho/Http/Client/Exception.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Plugin/Exception.php b/var/Typecho/Plugin/Exception.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Router/Exception.php b/var/Typecho/Router/Exception.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Widget/Exception.php b/var/Typecho/Widget/Exception.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Widget/Helper/Form.php b/var/Typecho/Widget/Helper/Form.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 表单处理帮手
  *

diff --git a/var/Typecho/Widget/Helper/Form/Element.php b/var/Typecho/Widget/Helper/Form/Element.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 表单元素抽象帮手
  *

diff --git a/var/Typecho/Widget/Helper/Form/Element/Checkbox.php b/var/Typecho/Widget/Helper/Form/Element/Checkbox.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 多选框帮手
  *

diff --git a/var/Typecho/Widget/Helper/Form/Element/Fake.php b/var/Typecho/Widget/Helper/Form/Element/Fake.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 虚拟域帮手类
  *

diff --git a/var/Typecho/Widget/Helper/Form/Element/Hidden.php b/var/Typecho/Widget/Helper/Form/Element/Hidden.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 隐藏域帮手类
  *

diff --git a/var/Typecho/Widget/Helper/Form/Element/Password.php b/var/Typecho/Widget/Helper/Form/Element/Password.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 密码输入表单项帮手
  *

diff --git a/var/Typecho/Widget/Helper/Form/Element/Radio.php b/var/Typecho/Widget/Helper/Form/Element/Radio.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 单选框帮手
  *

diff --git a/var/Typecho/Widget/Helper/Form/Element/Select.php b/var/Typecho/Widget/Helper/Form/Element/Select.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 下拉选择框帮手
  *

diff --git a/var/Typecho/Widget/Helper/Form/Element/Submit.php b/var/Typecho/Widget/Helper/Form/Element/Submit.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 提交按钮表单项帮手
  *

diff --git a/var/Typecho/Widget/Helper/Form/Element/Text.php b/var/Typecho/Widget/Helper/Form/Element/Text.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 文字输入表单项帮手
  *

diff --git a/var/Typecho/Widget/Helper/Form/Element/Textarea.php b/var/Typecho/Widget/Helper/Form/Element/Textarea.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 多行文字域帮手
  *

diff --git a/var/Typecho/Widget/Helper/PageNavigator/Box.php b/var/Typecho/Widget/Helper/PageNavigator/Box.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Typecho/Widget/Helper/PageNavigator/Classic.php b/var/Typecho/Widget/Helper/PageNavigator/Classic.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Widget/Abstract.php b/var/Widget/Abstract.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 纯数据抽象组件
  *

diff --git a/var/Widget/Abstract/Comments.php b/var/Widget/Abstract/Comments.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Widget/Abstract/Contents.php b/var/Widget/Abstract/Contents.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Widget/Abstract/Metas.php b/var/Widget/Abstract/Metas.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 描述性数据
  *

diff --git a/var/Widget/Abstract/Options.php b/var/Widget/Abstract/Options.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 全局选项
  *

diff --git a/var/Widget/Abstract/Users.php b/var/Widget/Abstract/Users.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 用户抽象组件
  *

diff --git a/var/Widget/Ajax.php b/var/Widget/Ajax.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 异步调用组件
  *

diff --git a/var/Widget/Archive.php b/var/Widget/Archive.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Widget/Comments/Admin.php b/var/Widget/Comments/Admin.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Widget/Comments/Archive.php b/var/Widget/Comments/Archive.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 评论归档
  *

diff --git a/var/Widget/Comments/Edit.php b/var/Widget/Comments/Edit.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Widget/Comments/Ping.php b/var/Widget/Comments/Ping.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 回响归档
  *

diff --git a/var/Widget/Comments/Recent.php b/var/Widget/Comments/Recent.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * Typecho Blog Platform
  *

diff --git a/var/Widget/Contents/Attachment/Admin.php b/var/Widget/Contents/Attachment/Admin.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 文件管理列表
  *

diff --git a/var/Widget/Contents/Attachment/Edit.php b/var/Widget/Contents/Attachment/Edit.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 编辑文章
  *

diff --git a/var/Widget/Contents/Attachment/Related.php b/var/Widget/Contents/Attachment/Related.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 文章相关文件
  *

diff --git a/var/Widget/Contents/Attachment/Unattached.php b/var/Widget/Contents/Attachment/Unattached.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 没有关联的文件
  *

diff --git a/var/Widget/Contents/Page/Admin.php b/var/Widget/Contents/Page/Admin.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 独立页面管理列表
  *

diff --git a/var/Widget/Contents/Page/Edit.php b/var/Widget/Contents/Page/Edit.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 编辑页面
  *

diff --git a/var/Widget/Contents/Page/List.php b/var/Widget/Contents/Page/List.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 独立页面列表
  *

diff --git a/var/Widget/Contents/Post/Admin.php b/var/Widget/Contents/Post/Admin.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
 /**
  * 文章管理列表
  *