From 96c67a8e8fd9de6dba4377bea4ede4e33f8620db Mon Sep 17 00:00:00 2001 From: margau Date: Tue, 17 Apr 2018 19:33:58 +0200 Subject: [PATCH 1/4] Added notice (see #172) --- includes/config.inc.php-dist | 1 + 1 file changed, 1 insertion(+) diff --git a/includes/config.inc.php-dist b/includes/config.inc.php-dist index 8991b81..14321a6 100644 --- a/includes/config.inc.php-dist +++ b/includes/config.inc.php-dist @@ -24,6 +24,7 @@ $logsdirectory = "../etc"; #$adminapiips = array(); #$adminapikey = 'thisshouldbequitealongstring,youknow'; +# Location of user-database. Make sure its writeable and not served by the webserver! $authdb = "../etc/pdns.users.sqlite3"; # Set a random generated secret to enable auto-login and long living csrf tokens From e403e396bc3a268155518b49941955a4db416048 Mon Sep 17 00:00:00 2001 From: margau Date: Tue, 17 Apr 2018 19:37:38 +0200 Subject: [PATCH 2/4] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ec2d1cf..2b0d27a 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ Installing * Copy ```includes/config.inc.php-dist``` to ```includes/config.inc.php``` and edit config.inc.php to your needs. -* By default, nsedit writes its user database to ../etc/pdns.users.sqlite3. Be sure that your webserver can create that directory and write to it. +* By default, nsedit writes its user database to ../etc/pdns.users.sqlite3. Be sure that your webserver can create that directory and write to it. Make sure the Webserver doesn't serve this file/folder to the public! * Visit http(s):///nsedit/ and login with admin/admin (Don't forget to update your password!) From 39cf7138efb379f385074f4bd7225b13374dee0c Mon Sep 17 00:00:00 2001 From: margau Date: Tue, 17 Apr 2018 19:41:33 +0200 Subject: [PATCH 3/4] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2b0d27a..7469540 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ Installing * Copy ```includes/config.inc.php-dist``` to ```includes/config.inc.php``` and edit config.inc.php to your needs. -* By default, nsedit writes its user database to ../etc/pdns.users.sqlite3. Be sure that your webserver can create that directory and write to it. Make sure the Webserver doesn't serve this file/folder to the public! +* By default, nsedit writes its user database to ../etc/pdns.users.sqlite3. Be sure that your webserver can create that directory and write to it. **Make sure the Webserver doesn't serve this file/folder to the public!** * Visit http(s):///nsedit/ and login with admin/admin (Don't forget to update your password!) From 523fc1849d157ca6a1d70fad1dfa57e66c1c77a0 Mon Sep 17 00:00:00 2001 From: Mark Schouten Date: Wed, 22 Aug 2018 16:43:19 +0200 Subject: [PATCH 4/4] Test if we can download the from the browser. Alert, annoyingly, that the user should fix this --- index.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/index.php b/index.php index 65b3436..9a4aaf3 100644 --- a/index.php +++ b/index.php @@ -4,6 +4,9 @@ include_once('includes/config.inc.php'); include_once('includes/session.inc.php'); include_once('includes/misc.inc.php'); +$testpath = str_replace(basename($_SERVER['REQUEST_URI']), $authdb, $_SERVER['REQUEST_URI']); +$testurl = $_SERVER['REQUEST_SCHEME']."://".$_SERVER['HTTP_HOST'].$testpath; + global $errormsg, $blocklogin; if (isset($_GET['logout']) or isset($_POST['logout'])) { @@ -33,6 +36,24 @@ if (is_logged_in() and isset($_POST['formname']) and $_POST['formname'] === "cha NSEdit! +