[Mrbs-commits] SF.net Hg: hg-code [316e73eb000e]: Restricted server details to ...

Sat, 04 Mar 2017 02:01:59 -0800 

Changeset:
        316e73eb000e
        
https://sourceforge.net/p/mrbs/hg-code/ci/316e73eb000ed049f48e71a53419763eedc82349
Author:
        Campbell Morrison <[email protected]>
Date:
        Sat Mar 04 10:00:51 2017 +0000
Log message:

Restricted server details to admins, for security reasons

diffstat:

 web/help.php |  23 ++++++++++++++++-------
 1 files changed, 16 insertions(+), 7 deletions(-)

diffs (38 lines):

diff -r aa2cd6bd259a -r 316e73eb000e web/help.php
--- a/web/help.php      Sat Mar 04 09:50:03 2017 +0000
+++ b/web/help.php      Sat Mar 04 10:00:51 2017 +0000
@@ -7,18 +7,27 @@
 // Check the user is authorised for this page
 checkAuthorised();
 
+$user = getUserName();
+$is_admin = (authGetUserLevel($user) >= $max_level);
+
 print_header($day, $month, $year, $area, isset($room) ? $room : "");
 
 echo "<h3>" . get_vocab("about_mrbs") . "</h3>\n";
 echo "<table id=\"version_info\">\n";
 echo "<tr><td><a href=\"http://mrbs.sourceforge.net\";>" . get_vocab("mrbs") . 
"</a>:</td><td>" . get_mrbs_version() . "</td></tr>\n";
-echo "<tr><td>" . get_vocab("database") . ":</td><td>" . db()->version() . 
"</td></tr>\n";
-echo "<tr><td>" . get_vocab("system") . ":</td><td>" . php_uname() . 
"</td></tr>\n";
-echo "<tr><td>" . get_vocab("server_software") . ":</td><td>" . 
htmlspecialchars(get_server_software()) . "</td></tr>\n";
-echo "<tr><td>" . get_vocab("servertime") . ":</td><td>" .
-     utf8_strftime($strftime_format['datetime'], time()) .
-     "</td></tr>\n";
-echo "<tr><td>PHP:</td><td>" . phpversion() . "</td></tr>\n";
+
+if ($is_admin)
+{
+  // Restrict the server and configuration details to admins, for security 
reasons.
+  echo "<tr><td>" . get_vocab("database") . ":</td><td>" . db()->version() . 
"</td></tr>\n";
+  echo "<tr><td>" . get_vocab("system") . ":</td><td>" . php_uname() . 
"</td></tr>\n";
+  echo "<tr><td>" . get_vocab("server_software") . ":</td><td>" . 
htmlspecialchars(get_server_software()) . "</td></tr>\n";
+  echo "<tr><td>" . get_vocab("servertime") . ":</td><td>" .
+       utf8_strftime($strftime_format['datetime'], time()) .
+       "</td></tr>\n";
+  echo "<tr><td>PHP:</td><td>" . phpversion() . "</td></tr>\n";
+}
+
 echo "</table>\n";
 
 echo "<p>\n" . get_vocab("browserlang") .":\n";

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

Reply via email to