Forbid non-CLI access to command-line scripts

author Hypolite Petovan <hypolite@mrpetovan.com>

Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)

committer Hypolite Petovan <hypolite@mrpetovan.com>

Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)
author Hypolite Petovan <hypolite@mrpetovan.com>
Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)
committer Hypolite Petovan <hypolite@mrpetovan.com>
Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)
diff --git a/bin/auth_ejabberd.php b/bin/auth_ejabberd.php

index fa71faf263915b45c334ca4ce0694f3f41485b9b..e9218291633cfb5f1d597e6166dd2f27417aee69 100755 (executable)
--- a/bin/auth_ejabberd.php
+++ b/bin/auth_ejabberd.php
@@ -51,6 +51,11 @@
   *
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
+
  use Dice\Dice;
  use Friendica\App\Mode;
  use Friendica\Util\ExAuth;
diff --git a/bin/console.php b/bin/console.php

index 27522d8554762bb0a607f21fb38d3020394cb0d4..4d5b4c79c2894f679239bf039dda6655c711036c 100755 (executable)
--- a/bin/console.php
+++ b/bin/console.php
@@ -20,6 +20,11 @@
   *
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
+
  use Dice\Dice;
  use Psr\Log\LoggerInterface;
  
diff --git a/bin/daemon.php b/bin/daemon.php

index 596f4de56fe5bbcf687aae313b6206f4d46f3494..3fe803d6fc772eaaf5f105a128630b36dc3e6047 100755 (executable)
--- a/bin/daemon.php
+++ b/bin/daemon.php
@@ -23,6 +23,11 @@
   * This script was taken from http://php.net/manual/en/function.pcntl-fork.php
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
+
  use Dice\Dice;
  use Friendica\Core\Logger;
  use Friendica\Core\Worker;
diff --git a/bin/testargs.php b/bin/testargs.php

index b7d7125f7a0fb6081ac0426b1d75449d376f4ae1..9aed353037701676329844e3ea775ca94bb8e51a 100644 (file)
--- a/bin/testargs.php
+++ b/bin/testargs.php
@@ -26,6 +26,10 @@
   *
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
  
  if (($_SERVER["argc"] > 1) && isset($_SERVER["argv"][1])) {
         echo $_SERVER["argv"][1];
diff --git a/bin/wait-for-connection b/bin/wait-for-connection

index b6c03a6705df9ef52f386e25fd2ff651f18fdd47..de860e9849f59d62df7553d3eb68886201335419 100755 (executable)
--- a/bin/wait-for-connection
+++ b/bin/wait-for-connection
@@ -24,6 +24,11 @@
   * Usage: php bin/wait-for-connection {HOST} {PORT} [{TIMEOUT}]
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
+
  $timeout = 60;
  switch ($argc) {
         case 4:
diff --git a/bin/worker.php b/bin/worker.php

index 1b70a2095544a2d26b15160b230ddb9f733c4f21..833e5b00207ef06b84026611f8ce602dfba0de9c 100755 (executable)
--- a/bin/worker.php
+++ b/bin/worker.php
@@ -21,6 +21,11 @@
   * Starts the background processing
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
+
  use Dice\Dice;
  use Friendica\App;
  use Friendica\Core\Update;
author	Hypolite Petovan <hypolite@mrpetovan.com>
	Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)
committer	Hypolite Petovan <hypolite@mrpetovan.com>
	Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)
bin/auth_ejabberd.php		patch \| blob \| history
bin/console.php		patch \| blob \| history
bin/daemon.php		patch \| blob \| history
bin/testargs.php		patch \| blob \| history
bin/wait-for-connection		patch \| blob \| history
bin/worker.php		patch \| blob \| history