From a9f3bf65152087cbdad229cb52ddcfb312814270 Mon Sep 17 00:00:00 2001 From: Seamus Lee Date: Mon, 9 Nov 2020 20:11:24 +1100 Subject: [PATCH] security/core#97 Ensure that php scripts where applicable in sql and tools that should only be run in CLI can be run in CLI Use more portable check for cli and add in 404 header as per Rich's comments --- sql/GenerateData.php | 4 ++++ sql/GenerateGroups.php | 4 ++++ sql/GenerateMailing.php | 5 +++++ sql/GenerateReportData.php | 5 ++++- tools/bin/scripts/NormalizePhone.php | 5 ++++- tools/bin/scripts/ckeditorConfigScraper.php | 4 ++++ tools/bin/scripts/set-version.php | 5 ++++- tools/bin/scripts/testProcess.php | 4 ++++ 8 files changed, 33 insertions(+), 3 deletions(-) diff --git a/sql/GenerateData.php b/sql/GenerateData.php index 63c2b30b23..fe7b5b511d 100644 --- a/sql/GenerateData.php +++ b/sql/GenerateData.php @@ -69,6 +69,10 @@ * */ +if (php_sapi_name() == 'cli' || (is_numeric($_SERVER['argc']) && $_SERVER['argc'] > 0)) { + header("HTTP/1.0 404 Not Found"); + return; +} require_once '../civicrm.config.php'; CRM_Core_Config::singleton(); diff --git a/sql/GenerateGroups.php b/sql/GenerateGroups.php index 205b73d518..704b924f86 100644 --- a/sql/GenerateGroups.php +++ b/sql/GenerateGroups.php @@ -14,6 +14,10 @@ * @package CRM * @copyright CiviCRM LLC https://civicrm.org/licensing */ +if (php_sapi_name() == 'cli' || (is_numeric($_SERVER['argc']) && $_SERVER['argc'] > 0)) { + header("HTTP/1.0 404 Not Found"); + return; +} require_once '../civicrm.config.php'; diff --git a/sql/GenerateMailing.php b/sql/GenerateMailing.php index d9af5ca112..c70e51772d 100644 --- a/sql/GenerateMailing.php +++ b/sql/GenerateMailing.php @@ -14,6 +14,11 @@ * @package CRM * @copyright CiviCRM LLC https://civicrm.org/licensing */ +if (php_sapi_name() == 'cli' || (is_numeric($_SERVER['argc']) && $_SERVER['argc'] > 0)) { + header("HTTP/1.0 404 Not Found"); + + return; +} require_once '../civicrm.config.php'; diff --git a/sql/GenerateReportData.php b/sql/GenerateReportData.php index f415959c6a..dee5d43e4a 100644 --- a/sql/GenerateReportData.php +++ b/sql/GenerateReportData.php @@ -76,7 +76,10 @@ * php versions. * @todo look to remove this file completely. */ - +if (php_sapi_name() == 'cli' || (is_numeric($_SERVER['argc']) && $_SERVER['argc'] > 0)) { + header("HTTP/1.0 404 Not Found"); + return; +} require_once '../civicrm.config.php'; diff --git a/tools/bin/scripts/NormalizePhone.php b/tools/bin/scripts/NormalizePhone.php index 795f129629..35a6526f09 100644 --- a/tools/bin/scripts/NormalizePhone.php +++ b/tools/bin/scripts/NormalizePhone.php @@ -16,7 +16,10 @@ * issues * */ - +if (php_sapi_name() == 'cli' || (is_numeric($_SERVER['argc']) && $_SERVER['argc'] > 0)) { + header("HTTP/1.0 404 Not Found"); + return; +} define('THROTTLE_REQUESTS', 0); function run() { session_start(); diff --git a/tools/bin/scripts/ckeditorConfigScraper.php b/tools/bin/scripts/ckeditorConfigScraper.php index ba95cfb4a1..d98366e9d7 100644 --- a/tools/bin/scripts/ckeditorConfigScraper.php +++ b/tools/bin/scripts/ckeditorConfigScraper.php @@ -1,4 +1,8 @@ 0)) { + header("HTTP/1.0 404 Not Found"); + return; +} /** * Scrape all config options from the CKEditor documentation site. */ diff --git a/tools/bin/scripts/set-version.php b/tools/bin/scripts/set-version.php index 1918e4e4bb..c95606d019 100755 --- a/tools/bin/scripts/set-version.php +++ b/tools/bin/scripts/set-version.php @@ -10,7 +10,10 @@ /* *********************************************************************** */ /* Boot */ - +if (php_sapi_name() == 'cli' || (is_numeric($_SERVER['argc']) && $_SERVER['argc'] > 0)) { + header("HTTP/1.0 404 Not Found"); + return; +} $civicrm_root = dirname(dirname(dirname(__DIR__))); chdir($civicrm_root); diff --git a/tools/bin/scripts/testProcess.php b/tools/bin/scripts/testProcess.php index 8d2668c526..fc8e19a07e 100644 --- a/tools/bin/scripts/testProcess.php +++ b/tools/bin/scripts/testProcess.php @@ -1,4 +1,8 @@ 0)) { + header("HTTP/1.0 404 Not Found"); + return; +} require_once '../civicrm.config.php'; require_once 'CRM/Core/Config.php'; require_once 'CRM/Core/Error.php'; -- 2.25.1