Talk:Manual security hack in 1.6 and 1.7

From ClaroDevel

Le fichier README du patch 17501

CLAROLINE PATCH 17501

This patch fixes security holes on the following files :

claroline/auth/extauth/casProcess.inc.php
claroline/auth/extauth/driver/*.inc.php
claroline/exercice/answer_admin.inc.php
claroline/exercice/exercise_admin.inc.php
claroline/exercice/question_admin.inc.php
claroline/exercice/question_list_admin.inc.php
claroline/exercice/statement_admin.inc.php
claroline/inc/claro_init_local.inc.php
claroline/inc/conf/auth.conf.php.dist
claroline/inc/lib/add_course.lib.inc.php
claroline/inc/lib/event/init_event_manager.inc.php
claroline/inc/lib/export_exe_tracking.class.php

HOW TO APPLY THE PATCH

- uncompress the zip archive file 'claroline.patch17501.zip'. 

- Copy the 'claroline' directory found inside that archive 
  on the 'claroline' directory already available on your web 
  server.

- You need to fix a security hole manually
  o edit the script /claroline/inc/conf/auth.conf.php
  o add in the second line : 
    if ((bool) stristr($_SERVER['PHP_SELF'], basename(__FILE__))) die('---');

CLAROLINE PATCH 16401

This patch fixes security holes on the following files :

claroline/auth/extauth/driver/*.inc.php
claroline/exercice/answer_admin.inc.php
claroline/exercice/exercise_admin.inc.php
claroline/exercice/question_admin.inc.php
claroline/exercice/question_list_admin.inc.php
claroline/exercice/statement_admin.inc.php
claroline/inc/claro_init_local.inc.php
claroline/inc/conf/auth.conf.php.dist
claroline/inc/lib/add_course.lib.inc.php

HOW TO APPLY THE PATCH

- uncompress the zip archive file 'claroline.patch17501.zip'. 

- Copy the 'claroline' directory found inside that archive 
  on the 'claroline' directory already available on your web 
  server.

- You need to fix a security hole manually
  o edit the script /claroline/inc/conf/auth.conf.php
  o add in the second line : 
    if ((bool) stristr($_SERVER['PHP_SELF'], basename(__FILE__))) die('---');