| /CHANGELOG |
|---|
| 11,7 → 11,8 |
| BUGS |
| - The users can change their password |
| SECU |
| - Fix vulnerabilities in the public part (1 SQL injection & 2 XSS). |
| - Fix vulnerabilities in the user part (1 SQL injection & 2 XSS). |
| - Remove ALCASAR version visible in the user part. |
| -----------------------3.1------------------- |
| NEWS |
| /alcasar.sh |
|---|
| 634,7 → 634,6 |
| mkdir $DIR_WEB |
| # Copy & adapt ACC files |
| cp -rf $DIR_INSTALL/web/* $DIR_WEB/ |
| echo "$VERSION" > $DIR_WEB/VERSION |
| $SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php |
| $SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
| $SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
| /scripts/alcasar-conf.sh |
|---|
| 23,7 → 23,6 |
| DIR_SHARE="/usr/local/share" # data directory |
| DIR_BLACKLIST="/etc/dansguardian/lists/blacklists" # Toulouse BL directory |
| CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file |
| VERSION="/var/www/html/VERSION" # contient la version en cours |
| EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
| INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
| MTU=`grep ^PUBLIC_MTU= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
| 34,7 → 33,7 |
| DB_USER="radius" |
| radiuspwd="" |
| SED="/bin/sed -i" |
| RUNNING_VERSION=`cat $VERSION|cut -d" " -f1` |
| RUNNING_VERSION=`grep ^VERSION /usr/local/etc/alcasar.conf|cut -d'=' -f2` |
| MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1` |
| MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1` |
| UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3` |
| /scripts/alcasar-version.sh |
|---|
| 8,7 → 8,6 |
| # récupère les versions d'ALCASAR (stable et développement) |
| # download the ALCASAR versions (stable / dev) |
| VERSION="/var/www/html/VERSION" |
| SITE_VERSION="version.alcasar.net" |
| MAJ="False" |
| DNS_VERSION_L=`dig $SITE_VERSION txt | grep ^$SITE_VERSION | cut -d"\"" -f2` |
| 16,7 → 15,7 |
| MAJ_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f1` |
| MIN_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f2` |
| UPD_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f3` |
| RUNNING_VERSION=`cat $VERSION|cut -d" " -f1` |
| RUNNING_VERSION=`grep ^VERSION /usr/local/etc/alcasar.conf|cut -d'=' -f2` |
| MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1` |
| MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1` |
| UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3` |
| /web/acc/menu.php |
|---|
| 29,13 → 29,9 |
| exit(); |
| } |
| // Get current version |
| $installed_version = trim(exec("grep ^VERSION /usr/local/etc/alcasar.conf | cut -d'=' -f2")); |
| $file_version = "/var/www/html/VERSION"; |
| $handle = fopen ($file_version, "r"); |
| $full_version = fread ($handle, filesize ($file_version)); |
| fclose ($handle); |
| $tab = explode (" ", $full_version); |
| $installed_version = $tab[0]; |
| # Choice of language |
| if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) |
| { |
| /web/acc/phpsysinfo/includes/xml/portail.php |
|---|
| 99,10 → 99,8 |
| global $XPath; |
| global $text; |
| exec ("sudo /usr/local/bin/alcasar-watchdog.sh -lt"); |
| $file_version = "/var/www/html/VERSION"; |
| $handle = fopen ($file_version, "r"); |
| $INSTALLEDVERSION = fread ($handle, filesize ($file_version)); |
| fclose ($handle); |
| // Get current version |
| $INSTALLEDVERSION = trim(exec("grep ^VERSION /usr/local/etc/alcasar.conf | cut -d'=' -f2")); |
| $VERSIONBL = date ("F d Y", filemtime ('/etc/dansguardian/lists/blacklists/README')); |
| $nbr_user = request ('user'); |
| $nbr_grp = request ('group'); |