This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
Closed
Fixed
FS#2567 Template files should not be callable directly
Security
2012-07-28andi
came in via email:
lib/tpl/default/mediamanager.php was tagged by a Qualys scan here as causing a "Server Internal Error". The web logs show
Tue Jul 24 13:02:25 2012] [error] [client 128.196.135.68] PHP Notice: Undefined variable: conf in /srv/www/doku/lib/tpl/default/mediamanager.php on line 16
[Tue Jul 24 13:02:25 2012] [error] [client 128.196.135.68] PHP Notice: Undefined variable: conf in /srv/www/doku/lib/tpl/default/mediamanager.php on line 16
[Tue Jul 24 13:02:25 2012] [error] [client 128.196.135.68] PHP Fatal error: Call to undefined function hsc() in /srv/www/doku/lib/tpl/default/mediamanager.php on line 20
My bandaid patch is include below - not sure it's correct, but it does stop the errors in the apache logsā¦
Cheers,
Ric Anderson
--begin patch--
# diff -c mediamanager.php.ORG mediamanager.php
*** mediamanager.php.ORG Fri Feb 24 02:50:22 2012
--- mediamanager.php Tue Jul 24 13:09:12 2012
***************
*** 1,6 ****
--- 1,8 ----
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
+ // must be run within Dokuwiki
+ if(!defined('DOKU_INC')) die();
/**
* DokuWiki Default Template
*
2012-07-28andi
I guess we should have this in all template files...