From 91ff8abace57ddbba0441ecf047ac201ae721b81 Mon Sep 17 00:00:00 2001 From: Kevin Otte Date: Wed, 8 Jan 2020 20:25:46 -0500 Subject: [PATCH] Fix compromise detection Compromise detection has inverted logic handling response_code and did not honor the settingsFilename variable. --- modules/feature-firstrun.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/feature-firstrun.php b/modules/feature-firstrun.php index db64167..7c64d7c 100644 --- a/modules/feature-firstrun.php +++ b/modules/feature-firstrun.php @@ -49,11 +49,11 @@ register_module([ if(!$settings->disable_peppermint_access_check && php_sapi_name() !== "cli-server") { // The CLI server is single threaded, so it can't support loopback requests $request_url = full_url(); - $request_url = preg_replace("/\/(index.php)?\?.*$/", "/peppermint.json", $request_url); + $request_url = preg_replace("/\/(index.php)?\?.*$/", "/".$settingsFilename, $request_url); @file_get_contents($request_url); // $http_response_header is a global reserved variable. More information: https://devdocs.io/php/reserved.variables.httpresponseheader $response_code = intval(explode(" ", $http_response_header[0])[1]); - if($response_code >= 200 || $response_code < 300) { + if($response_code >= 200 && $response_code < 300) { file_put_contents("$settingsFilename.compromised", "compromised"); http_response_code(307); header("location: index.php");