From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Mon, 7 Sep 2020 09:51:26 +0000 (-0400)
Subject: Forbid non-CLI access to command-line scripts
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=06632536f3a93dbe33cdc2aa67d9daad191ac696;p=friendica.git

Forbid non-CLI access to command-line scripts
---

diff --git a/bin/auth_ejabberd.php b/bin/auth_ejabberd.php
index fa71faf263..e921829163 100755
--- a/bin/auth_ejabberd.php
+++ b/bin/auth_ejabberd.php
@@ -51,6 +51,11 @@
  *
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
+
 use Dice\Dice;
 use Friendica\App\Mode;
 use Friendica\Util\ExAuth;
diff --git a/bin/console.php b/bin/console.php
index 27522d8554..4d5b4c79c2 100755
--- a/bin/console.php
+++ b/bin/console.php
@@ -20,6 +20,11 @@
  *
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
+
 use Dice\Dice;
 use Psr\Log\LoggerInterface;
 
diff --git a/bin/daemon.php b/bin/daemon.php
index 596f4de56f..3fe803d6fc 100755
--- a/bin/daemon.php
+++ b/bin/daemon.php
@@ -23,6 +23,11 @@
  * This script was taken from http://php.net/manual/en/function.pcntl-fork.php
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
+
 use Dice\Dice;
 use Friendica\Core\Logger;
 use Friendica\Core\Worker;
diff --git a/bin/testargs.php b/bin/testargs.php
index b7d7125f7a..9aed353037 100644
--- a/bin/testargs.php
+++ b/bin/testargs.php
@@ -26,6 +26,10 @@
  *
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
 
 if (($_SERVER["argc"] > 1) && isset($_SERVER["argv"][1])) {
 	echo $_SERVER["argv"][1];
diff --git a/bin/wait-for-connection b/bin/wait-for-connection
index b6c03a6705..de860e9849 100755
--- a/bin/wait-for-connection
+++ b/bin/wait-for-connection
@@ -24,6 +24,11 @@
  * Usage: php bin/wait-for-connection {HOST} {PORT} [{TIMEOUT}]
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
+
 $timeout = 60;
 switch ($argc) {
 	case 4:
diff --git a/bin/worker.php b/bin/worker.php
index 1b70a20955..833e5b0020 100755
--- a/bin/worker.php
+++ b/bin/worker.php
@@ -21,6 +21,11 @@
  * Starts the background processing
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
+
 use Dice\Dice;
 use Friendica\App;
 use Friendica\Core\Update;