/CHANGELOG |
---|
11,7 → 11,8 |
BUGS |
- The users can change their password |
SECU |
- Fix vulnerabilities in the public part (1 SQL injection & 2 XSS). |
- Fix vulnerabilities in the user part (1 SQL injection & 2 XSS). |
- Remove ALCASAR version visible in the user part. |
-----------------------3.1------------------- |
NEWS |
/alcasar.sh |
---|
634,7 → 634,6 |
mkdir $DIR_WEB |
# Copy & adapt ACC files |
cp -rf $DIR_INSTALL/web/* $DIR_WEB/ |
echo "$VERSION" > $DIR_WEB/VERSION |
$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php |
$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
/scripts/alcasar-conf.sh |
---|
23,7 → 23,6 |
DIR_SHARE="/usr/local/share" # data directory |
DIR_BLACKLIST="/etc/dansguardian/lists/blacklists" # Toulouse BL directory |
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file |
VERSION="/var/www/html/VERSION" # contient la version en cours |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
MTU=`grep ^PUBLIC_MTU= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
34,7 → 33,7 |
DB_USER="radius" |
radiuspwd="" |
SED="/bin/sed -i" |
RUNNING_VERSION=`cat $VERSION|cut -d" " -f1` |
RUNNING_VERSION=`grep ^VERSION /usr/local/etc/alcasar.conf|cut -d'=' -f2` |
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1` |
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1` |
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3` |
/scripts/alcasar-version.sh |
---|
8,7 → 8,6 |
# récupère les versions d'ALCASAR (stable et développement) |
# download the ALCASAR versions (stable / dev) |
VERSION="/var/www/html/VERSION" |
SITE_VERSION="version.alcasar.net" |
MAJ="False" |
DNS_VERSION_L=`dig $SITE_VERSION txt | grep ^$SITE_VERSION | cut -d"\"" -f2` |
16,7 → 15,7 |
MAJ_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f1` |
MIN_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f2` |
UPD_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f3` |
RUNNING_VERSION=`cat $VERSION|cut -d" " -f1` |
RUNNING_VERSION=`grep ^VERSION /usr/local/etc/alcasar.conf|cut -d'=' -f2` |
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1` |
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1` |
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3` |
/web/acc/menu.php |
---|
29,13 → 29,9 |
exit(); |
} |
// Get current version |
$installed_version = trim(exec("grep ^VERSION /usr/local/etc/alcasar.conf | cut -d'=' -f2")); |
$file_version = "/var/www/html/VERSION"; |
$handle = fopen ($file_version, "r"); |
$full_version = fread ($handle, filesize ($file_version)); |
fclose ($handle); |
$tab = explode (" ", $full_version); |
$installed_version = $tab[0]; |
# Choice of language |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) |
{ |
/web/acc/phpsysinfo/includes/xml/portail.php |
---|
99,10 → 99,8 |
global $XPath; |
global $text; |
exec ("sudo /usr/local/bin/alcasar-watchdog.sh -lt"); |
$file_version = "/var/www/html/VERSION"; |
$handle = fopen ($file_version, "r"); |
$INSTALLEDVERSION = fread ($handle, filesize ($file_version)); |
fclose ($handle); |
// Get current version |
$INSTALLEDVERSION = trim(exec("grep ^VERSION /usr/local/etc/alcasar.conf | cut -d'=' -f2")); |
$VERSIONBL = date ("F d Y", filemtime ('/etc/dansguardian/lists/blacklists/README')); |
$nbr_user = request ('user'); |
$nbr_grp = request ('group'); |