own stub for the phar to disallow access to anything but www/

2011-08-12 06:50:28 +02:00 · 2011-08-12 06:50:28 +02:00 · 160ef2d631
commit 160ef2d631
parent b73d18af88
2 changed files with 41 additions and 1 deletions
--- a/build.xml
+++ b/build.xml
@ -314,9 +314,11 @@
    <echo msg="Creating .phar for SemanticScuttle ${version}"/>
    <pharpackage basedir="." destfile="${pharfilepath}"
     alias="sc.phar"
+     stub="res/phar-stub.php">
+<!--
     webstub="www/index.php"
     clistub="www/index.php"
-    >
+    -->
     <metadata>
      <element name="version" value="${version}" />
      <element name="authors">
--- a/res/phar-stub.php
+++ b/res/phar-stub.php
@ -0,0 +1,38 @@
+<?php
+if (!in_array('phar', stream_get_wrappers())
+    || !class_exists('Phar', 0)
+) {
+    echo 'PHP Phar extension required';
+    exit;
+}
+
+//disallow access to everything except /www/
+$file = basename(__FILE__);
+$pos = strpos($_SERVER['REQUEST_URI'], $file);
+$following = substr($_SERVER['REQUEST_URI'], $pos + strlen($file), 5);
+
+if ($following != '/www/'
+    && $following !== false
+    && $following != '/'
+) {
+    header('403 Forbidden');
+    echo <<<HTM
+<html>
+ <head>
+  <title>Forbidden</title>
+ </head>
+ <body>
+  <h1>403 - Forbidden</h1>
+ </body>
+</html>
+HTM;
+    exit;
+}
+
+Phar::interceptFileFuncs();
+Phar::webPhar(
+    null,
+    'www/index.php'
+);
+
+__HALT_COMPILER(); ?>