php deny code execution for included files

2019-12-23 18:50:43 +01:00 · 2019-12-23 18:50:43 +01:00 · 56281b0f34
commit 56281b0f34
parent 2cdb68ce7e
9 changed files with 10 additions and 0 deletions
--- a/app/ajax.class.php
+++ b/app/ajax.class.php
@ -1,4 +1,5 @@
 <?php
+defined('PROJECT_PATH') OR exit('No direct script access allowed');

 class Ajax
 {
--- a/app/config.class.php
+++ b/app/config.class.php
@ -1,4 +1,5 @@
 <?php
+defined('PROJECT_PATH') OR exit('No direct script access allowed');

 class Config
 {
--- a/app/db.class.php
+++ b/app/db.class.php
@ -1,4 +1,5 @@
 <?php
+defined('PROJECT_PATH') OR exit('No direct script access allowed');

 // v3.43 (+ query counter)
 class DB
--- a/app/image.class.php
+++ b/app/image.class.php
@ -1,4 +1,5 @@
 <?php
+defined('PROJECT_PATH') OR exit('No direct script access allowed');

 class Image
 {
--- a/app/lang.class.php
+++ b/app/lang.class.php
@ -1,4 +1,5 @@
 <?php
+defined('PROJECT_PATH') OR exit('No direct script access allowed');

 class Lang
 {
--- a/app/log.class.php
+++ b/app/log.class.php
@ -1,4 +1,5 @@
 <?php
+defined('PROJECT_PATH') OR exit('No direct script access allowed');

 class Log
 {
--- a/app/post.class.php
+++ b/app/post.class.php
@ -1,4 +1,5 @@
 <?php
+defined('PROJECT_PATH') OR exit('No direct script access allowed');

 class Post
 {
--- a/app/splclassloader.class.php
+++ b/app/splclassloader.class.php
@ -1,4 +1,6 @@
 <?php
+defined('PROJECT_PATH') OR exit('No direct script access allowed');
+
 /**
 * SplClassLoader implementation that implements the technical interoperability
 * standards for PHP 5.3 namespaces and class names.
--- a/app/user.class.php
+++ b/app/user.class.php
@ -1,4 +1,5 @@
 <?php
+defined('PROJECT_PATH') OR exit('No direct script access allowed');

 class user
 {