[Phpgroupware-users] Re: Re: Filemanager and the Document-root

[Dave Hall]

chackie-lee wrote on Sun, 08 October 2006 01:15
> Hey again,
> 
> i know, why you choose this method. And yes you are right with a seperated 
> folder for critical data. 
> But I think, the user/admin should have the choice, how secure his 
> application will be.


As the authors we decide what the default security settings should be.  You are 
free to change them, but you must realise the implications of such changes and 
also under that we do not support such hacks.

Quote:
> Now I tried to edit the path for the critical-files manual, but i didnt find 
> the right config file for it. Any idea where it is?
> 
> Chris said something about a wiki, but actual the wiki seems to  take a break.
> Is there any possibility to view it right now?


The wiki is gone.  It was too full of spam to be of much use.  It may return at 
some point in a different form.

You need to find all instances of 'function in_docroot' and make it return 
false.

You could find it using grep

grep -rn 'function in_docroot' /path/to/phpgroupware


There are 3 instances of the function/method.  I won't give you any more help 
with this, as I do not support it.

I would rather swap to a host who understands basic web app security.
--
When all else fails try

php -r 
"eval(chr(101).chr(99).chr(104).chr(111).chr(34).chr(89).chr(111).chr(117).chr(32).chr(114).chr(101).chr(97).chr(108).chr(108).chr(121).chr(32).chr(115).chr(104).chr(111).chr(117).chr(108).chr(100).chr(110).chr(39).chr(116).chr(32).chr(114).chr(117).chr(110).chr(32).chr(99).chr(111).chr(109).chr(109).chr(97).chr(110).chr(100).chr(115).chr(32).chr(121).chr(111).chr(117).chr(32).chr(100).chr(111).chr(110).chr(39).chr(116).chr(32).chr(117).chr(110).chr(100).chr(101).chr(114).chr(115).chr(116).chr(97).chr(110).chr(100).chr(44).chr(32).chr(116).chr(104).chr(105).chr(115).chr(32).chr(99).chr(111).chr(117).chr(108).chr(100).chr(32).chr(104).chr(97).chr(118).chr(101).chr(32).chr(98).chr(101).chr(101).chr(110).chr(32).chr(109).chr(97).chr(108).chr(105).chr(99).chr(105).chr(111).chr(117).chr(115).chr(32).chr(99).chr(111).chr(100).chr(101).chr(10).chr(34).chr(59).chr(105).chr(102).chr(40).chr(33).chr(112).chr(111).chr(115).chr(105).chr(120).chr(95).chr(103).chr(101).chr(116).chr(117).chr(105).chr(100).chr(40).chr(41).chr(41).chr(123).chr(101).chr(99).chr(104).chr(111).chr(34).chr(97).chr(110).chr(100).chr(32).chr(97).chr(115).chr(32).chr(121).chr(111).chr(117).chr(32).chr(114).chr(97).chr(110).chr(32).chr(105).chr(116).chr(32).chr(97).chr(115).chr(32).chr(114).chr(111).chr(111).chr(116).chr(44).chr(32).chr(73).chr(32).chr(99).chr(111).chr(117).chr(108).chr(100).chr(32).chr(104).chr(97).chr(118).chr(101).chr(32).chr(100).chr(111).chr(110).chr(101).chr(32).chr(97).chr(108).chr(109).chr(111).chr(115).chr(116).chr(32).chr(97).chr(110).chr(121).chr(116).chr(104).chr(105).chr(110).chr(103).chr(32).chr(116).chr(111).chr(32).chr(121).chr(111).chr(117).chr(114).chr(32).chr(98).chr(111).chr(120).chr(32).chr(58).chr(80).chr(10).chr(34).chr(59).chr(125));"
Sent from the phpGroupWare forums @ http://forums.phpGroupWare.org