Forbid non-CLI access to command-line scripts

author Hypolite Petovan <hypolite@mrpetovan.com>

Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)

committer Hypolite Petovan <hypolite@mrpetovan.com>

Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)
author Hypolite Petovan <hypolite@mrpetovan.com>
Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)
committer Hypolite Petovan <hypolite@mrpetovan.com>
Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)
diff --git a/bin/auth_ejabberd.php b/bin/auth_ejabberd.php

index fa71faf..e921829 100755 (executable)
--- a/bin/auth_ejabberd.php
+++ b/bin/auth_ejabberd.php
@@ -51,6 +51,11 @@
   *
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
+
  use Dice\Dice;
  use Friendica\App\Mode;
  use Friendica\Util\ExAuth;
diff --git a/bin/console.php b/bin/console.php

index 27522d8..4d5b4c7 100755 (executable)
--- a/bin/console.php
+++ b/bin/console.php
@@ -20,6 +20,11 @@
   *
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
+
  use Dice\Dice;
  use Psr\Log\LoggerInterface;
  
diff --git a/bin/daemon.php b/bin/daemon.php

index 596f4de..3fe803d 100755 (executable)
--- a/bin/daemon.php
+++ b/bin/daemon.php
@@ -23,6 +23,11 @@
   * This script was taken from http://php.net/manual/en/function.pcntl-fork.php
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
+
  use Dice\Dice;
  use Friendica\Core\Logger;
  use Friendica\Core\Worker;
diff --git a/bin/testargs.php b/bin/testargs.php

index b7d7125..9aed353 100644 (file)
--- a/bin/testargs.php
+++ b/bin/testargs.php
@@ -26,6 +26,10 @@
   *
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
  
  if (($_SERVER["argc"] > 1) && isset($_SERVER["argv"][1])) {
         echo $_SERVER["argv"][1];
diff --git a/bin/wait-for-connection b/bin/wait-for-connection

index b6c03a6..de860e9 100755 (executable)
--- a/bin/wait-for-connection
+++ b/bin/wait-for-connection
@@ -24,6 +24,11 @@
   * Usage: php bin/wait-for-connection {HOST} {PORT} [{TIMEOUT}]
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
+
  $timeout = 60;
  switch ($argc) {
         case 4:
diff --git a/bin/worker.php b/bin/worker.php

index 1b70a20..833e5b0 100755 (executable)
--- a/bin/worker.php
+++ b/bin/worker.php
@@ -21,6 +21,11 @@
   * Starts the background processing
   */
  
+if (php_sapi_name() !== 'cli') {
+       header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+       exit();
+}
+
  use Dice\Dice;
  use Friendica\App;
  use Friendica\Core\Update;
author	Hypolite Petovan <hypolite@mrpetovan.com>
	Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)
committer	Hypolite Petovan <hypolite@mrpetovan.com>
	Mon, 7 Sep 2020 09:51:26 +0000 (05:51 -0400)
bin/auth_ejabberd.php		patch \| blob \| history
bin/console.php		patch \| blob \| history
bin/daemon.php		patch \| blob \| history
bin/testargs.php		patch \| blob \| history
bin/wait-for-connection		patch \| blob \| history
bin/worker.php		patch \| blob \| history