This is how Protector 2.38 performs those checks in modules/protector/admin/advisory.php:
// patch to mainfile.php
echo "<dl><dt>'mainfile.php' : " ;
$lines = file( '../../../mainfile.php' ) ;
$pre_safe = false ;
$post_safe = false ;
foreach( $lines as $line ) {
if( preg_match( '?modules/protector/include/precheck.inc.php?' , $line ) ) $pre_safe = true ;
if( preg_match( '?modules/protector/include/postcheck.inc.php?' , $line ) ) $post_safe = true ;
}
Maybe a better way would be to call the function
get_included_files and see if those two files were included. .
hi Dave & Peter!
It's just my omission
Though get_included_files() looks good, I'll use easier way like just defining some constants.
I'll modify it soon.
Hi all,
There is another way to protect the mainfie.php is to extract the critical values and put them into a protected directory out of the apache directoy.
Here is the article explaining it and in that case the protector module is working..
there is the linkregards
hi satanas.
It looks a better way.
It might be useful under the environment httpd set wrongly.
Anyway, removing mainfile.php to another place means that I should modify the advisory of Protector right now