* ------------------
*/
-define('_ECRAN_SECURITE', '1.3.11'); // 2019-04-08
+define('_ECRAN_SECURITE', '1.4.1'); // 2021-03-12
/*
* Documentation : http://www.spip.net/fr_article4200.html
if (isset($_GET['test_ecran_securite']))
$ecran_securite_raison = 'test '._ECRAN_SECURITE;
+if (file_exists($f = __DIR__ . DIRECTORY_SEPARATOR . 'ecran_securite_options.php')) {
+ include ($f);
+}
+
/*
* Monitoring
* var_isbot=0 peut etre utilise par un bot de monitoring pour surveiller la disponibilite d'un site vu par les users
if (!defined('_IS_BOT_FRIEND')){
define('_IS_BOT_FRIEND',
isset($_SERVER['HTTP_USER_AGENT'])
- and preg_match(',' . implode ('|', array(
- 'facebookexternalhit',
- 'flipboardproxy',
- 'wordpress'
- )) . ',i',
- (string)$_SERVER['HTTP_USER_AGENT'])
+ and preg_match(
+ ',' . implode('|', array(
+ 'facebookexternalhit',
+ 'twitterbot',
+ 'flipboardproxy',
+ 'wordpress'
+ )) . ',i',
+ (string)$_SERVER['HTTP_USER_AGENT']
+ )
);
}
}
}
}
+if (isset($_REQUEST['action'])
+and $_REQUEST['action'] == 'ordonner_liens_documents'
+and isset($_REQUEST['ordre'])
+and is_string($_REQUEST['ordre'])){
+ $ecran_securite_raison = "ordre a la chaine";
+}
+
/*
* Bloque les requêtes contenant %00 (manipulation d'include)
and $_REQUEST['reinstall'] == 'oui')
$ecran_securite_raison = 'reinstall=oui';
+/*
+ * Pas d'action pendant l'install
+ */
+if (isset($_REQUEST['exec']) and $_REQUEST['exec'] === 'install' and isset($_REQUEST['action'])) {
+ $ecran_securite_raison = 'install&action impossibles';
+}
+
/*
* Échappement xss referer
*/
$_SERVER['HTTP_X_FORWARDED_HOST'] = strtr($_SERVER['HTTP_X_FORWARDED_HOST'], "<>?\"\{\}\$'` \r\n", '____________');
+/*
+ * Pas d'erreur dans l'erreur
+ */
+if (isset($_REQUEST['var_erreur']) and isset($_REQUEST['page']) and $_REQUEST['page'] === 'login') {
+ if (strlen($_REQUEST['var_erreur']) !== strcspn($_REQUEST['var_erreur'], '<>'))
+ $ecran_securite_raison = 'var_erreur incorrecte';
+}
+
+
/*
* Réinjection des clés en html dans l'admin r19561
*/
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: text/html");
+ header("Connection: close");
die("<html><title>Error 403: Forbidden</title><body><h1>Error 403</h1><p>You are not authorized to view this page ($ecran_securite_raison)</p></body></html>");
}
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: text/html");
+ header("Connection: close");
die("<html><title>Status 429: Too Many Requests</title><body><h1>Status 429</h1><p>Too Many Requests (try again soon)</p></body></html>");
}