hi satanas.
It looks a better way.
It might be useful under the environment httpd set wrongly.
Anyway, removing mainfile.php to another place means that I should modify the advisory of Protector right now
Hi all,
There is another way to protect the mainfie.php is to extract the critical values and put them into a protected directory out of the apache directoy.
Here is the article explaining it and in that case the protector module is working..
there is the linkregards
hi Dave & Peter!
It's just my omission
Though get_included_files() looks good, I'll use easier way like just defining some constants.
I'll modify it soon.
This is how Protector 2.38 performs those checks in modules/protector/admin/advisory.php:
// patch to mainfile.php
echo "<dl><dt>'mainfile.php' : " ;
$lines = file( '../../../mainfile.php' ) ;
$pre_safe = false ;
$post_safe = false ;
foreach( $lines as $line ) {
if( preg_match( '?modules/protector/include/precheck.inc.php?' , $line ) ) $pre_safe = true ;
if( preg_match( '?modules/protector/include/postcheck.inc.php?' , $line ) ) $post_safe = true ;
}
Maybe a better way would be to call the function
get_included_files and see if those two files were included. .