[dev] Horde admin patches.

Chris Bowlby excalibur at hub.org
Sat Jan 11 16:39:11 PST 2003 

Hi All,

 Had a need to disable the PHP Shell and SQL Shell options in the horde
administration menu, mainly for security reasons as people were attempting
to execute SQL queries against the database and such. I thought that
having it as an option might be useful, so I made some changes and here's
the diff's.

*** dev1/config/conf.php.dist   Sat Jan 11 19:40:28 2003
--- dev/config/conf.php.dist    Sat Jan 11 20:27:46 2003
***************
*** 419,424 ****
--- 419,438 ----
  $conf['menu']['display'] = true;

  /**
+  ** PHP Shell Settings
+  **/
+
+ // Should the PHP Shell feature be enabled?
+ $conf['menu']['php_shell'] = false;
+
+ /**
+  ** SQL Shell Settings
+  **/
+
+ // Should the SQL Shell feature be enabled?
+ $conf['menu']['sql_shell'] = false;
+
+ /**
   ** External programs
   **/


*** dev1/lib/api.php    Sat Jan 11 19:39:54 2003
--- dev/lib/api.php     Sat Jan 11 20:37:21 2003
***************
*** 12,36 ****

  function _horde_admin_list()
  {
!     return array('users' => array(
!                      'link' => '%application%/admin/user.php',
!                      'name' => _("Users"),
!                      'icon' => 'user.gif'),
!                  'groups' => array(
!                      'link' => '%application%/admin/groups.php',
!                      'name' => _("Groups"),
!                      'icon' => 'group.gif'),
!                  'perms' => array(
!                      'link' => '%application%/admin/perms.php',
!                      'name' => _("Permissions"),
!                      'icon' => 'perms.gif'),
!                  'phpshell' => array(
!                      'link' => '%application%/admin/phpshell.php',
!                      'name' => _("PHP Shell"),
!                      'icon' => 'shell.gif'),
!                  'sqlshell' => array(
!                      'link' => '%application%/admin/sqlshell.php',
!                      'name' => _("SQL Shell"),
!                      'icon' => 'sql.gif')
!                  );
  }
--- 12,48 ----

  function _horde_admin_list()
  {
!     global $conf;
!
!     $admin_menu = array('users' => array(
!                             'link' => '%application%/admin/user.php',
!                             'name' => _("Users"),
!                             'icon' => 'user.gif'),
!                         'groups' => array(
!                             'link' => '%application%/admin/groups.php',
!                             'name' => _("Groups"),
!                             'icon' => 'group.gif'),
!                         'perms' => array(
!                             'link' => '%application%/admin/perms.php',
!                             'name' => _("Permissions"),
!                             'icon' => 'perms.gif')
!                         );
!
!     // If the administrator has enabled the PHP Shell extensions,
!     // include it.
!     if ($conf['menu']['php_shell']) {
!      $admin_menu['phpshell'] = array('link' =>
'%application%/admin/phpshell.php',
!                                      'name' => _("PHP Shell"),
!                                      'icon' => 'shell.gif');
!     }
!
!     // If the administrator has enabled the SQL Shell extensions,
!     // include it.
!     if ($conf['menu']['sql_shell']) {
!      $admin_menu['sqlshell'] = array('link' =>
'%application%/admin/sqlshell.php',
!                                      'name' => _("SQL Shell"),
!                                      'icon' => 'sql.gif');
!     }
!
!     return $admin_menu;
  }



 Chris Bowlby,
 -----------------------------------------------------
 Manager of Information and Technology.
 excalibur at hub.org
 www.hub.org
 1-902-542-3657
 -----------------------------------------------------

More information about the dev mailing list