diff --git a/deployment-script.sh b/deployment-script.sh index d20b80e..ffe2e0c 100755 --- a/deployment-script.sh +++ b/deployment-script.sh @@ -5,6 +5,7 @@ echo "Deployment script for repository \"web-deployment\" echo -n "`find -name "*.php" -or -name "*.html" | sed 's/^/python variable_grabbler.py /;s/$/ variable_grabbler.pass0.json/'`" | bash - echo -n "`find -name "*.php" -or -name "*.html" | sed 's/^/python variable_grabbler.py /;s/$/ variable_grabbler.pass1.json/'`" | bash - +echo -n "`find -name "*.php" -or -name "*.html" | sed 's/^/python variable_grabbler.py /;s/$/ variable_grabbler.pass2.json/'`" | bash - echo "============================================================================== Done." diff --git a/variable_grabbler.pass0.json b/variable_grabbler.pass0.json index ca0f653..0967ef4 100644 --- a/variable_grabbler.pass0.json +++ b/variable_grabbler.pass0.json @@ -1,4 +1 @@ -{ -"LOGIN_LINK":"Log out\";} else { echo \"Log in\";} ?>", -"HOME_LINK":"\\\"My\";} else { echo \"\\\"Home\\\"/\";} ?>" -} +{} diff --git a/variable_grabbler.pass1.json b/variable_grabbler.pass1.json index e732ae4..ca0f653 100644 --- a/variable_grabbler.pass1.json +++ b/variable_grabbler.pass1.json @@ -1,4 +1,4 @@ { -"CONTENT_DIR":"/common/threadr", -"NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://lostcave.ddnss.de/common/threadr/login/?error=session\"); die();}}" +"LOGIN_LINK":"Log out\";} else { echo \"Log in\";} ?>", +"HOME_LINK":"\\\"My\";} else { echo \"\\\"Home\\\"/\";} ?>" } diff --git a/variable_grabbler.pass2.json b/variable_grabbler.pass2.json new file mode 100644 index 0000000..e732ae4 --- /dev/null +++ b/variable_grabbler.pass2.json @@ -0,0 +1,4 @@ +{ +"CONTENT_DIR":"/common/threadr", +"NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://lostcave.ddnss.de/common/threadr/login/?error=session\"); die();}}" +}