add security check on all relevant scripts

dweeves · dweeves · commit e59acdfc990b · 2015-11-04T01:03:24.000+01:00
diff --git a/magmi/web/magmi_cancel.php b/magmi/web/magmi_cancel.php
@@ -1,4 +1,5 @@
 <?php
+require_once("security.php");
 header('Pragma: public'); // required
 header('Expires: -1'); // no cache
 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
diff --git a/magmi/web/magmi_chooseprofile.php b/magmi/web/magmi_chooseprofile.php
@@ -1,4 +1,5 @@
 <?php
+require_once("security.php");
 require_once("../inc/magmi_config.php");
 
 $currentprofile = $_REQUEST["profile"];
diff --git a/magmi/web/magmi_config_setup.php b/magmi/web/magmi_config_setup.php
@@ -1,4 +1,5 @@
 <?php
+require_once("security.php");
 require_once("magmi_config.php");
 require_once("magmi_statemanager.php");
 require_once("dbhelper.class.php");
diff --git a/magmi/web/magmi_import_run.php b/magmi/web/magmi_import_run.php
@@ -1,4 +1,5 @@
 	<?php
+    require_once("security.php");
 ini_set('gpc_magic_quotes', 0);
     require_once("security.php");
 $profile = isset($_REQUEST["profile"]) ? strip_tags($_REQUEST["profile"]) : 'default';
diff --git a/magmi/web/magmi_profile_config.php b/magmi/web/magmi_profile_config.php
@@ -1,4 +1,5 @@
 <?php
+require_once("security.php");
 require_once("magmi_config.php");
 $conf = Magmi_Config::getInstance();
 $conf->load();
diff --git a/magmi/web/magmi_profile_panel.php b/magmi/web/magmi_profile_panel.php
@@ -1,4 +1,5 @@
 <?php
+require_once("security.php");
 if (isset($_REQUEST["profile"])) {
     $profile = strip_tags($_REQUEST["profile"]);
 } else {
diff --git a/magmi/web/magmi_progress.php b/magmi/web/magmi_progress.php
@@ -1,4 +1,5 @@
 <?php
+require_once("security.php");
 require_once("../inc/magmi_statemanager.php");
 require_once("progress_parser.php");
 
diff --git a/magmi/web/magmi_saveconfig.php b/magmi/web/magmi_saveconfig.php
@@ -1,4 +1,5 @@
 <?php
+require_once("security.php");
 require_once("../inc/magmi_config.php");
 $conf = Magmi_Config::getInstance();
 if ($conf->save($_POST)) {
diff --git a/magmi/web/magmi_saveprofile.php b/magmi/web/magmi_saveprofile.php
@@ -1,4 +1,5 @@
 <?php
+require_once("security.php");
 $profile = $_REQUEST["profile"];
 $dslist = $_REQUEST["PLUGINS_DATASOURCES:class"];
 $genlist = $_REQUEST["PLUGINS_GENERAL:classes"];
diff --git a/magmi/web/progress_details.php b/magmi/web/progress_details.php
@@ -1,4 +1,5 @@
 <?php
+require_once("security.php");
 session_start();
 $key = $_REQUEST["key"];
 $data = $_SESSION["log_$key"];
diff --git a/magmi/web/trace_details.php b/magmi/web/trace_details.php
@@ -1,4 +1,5 @@
 <?php
+require_once("security.php");
 require_once("../inc/magmi_statemanager.php");
 $tid = $_REQUEST["traceid"];
 $tracefile = Magmi_StateManager::getTraceFile();

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`<?php`
	`2`	`+require_once("security.php");`
`2`	`3`	`header('Pragma: public'); // required`
`3`	`4`	`header('Expires: -1'); // no cache`
`4`	`5`	`header('Cache-Control: must-revalidate, post-check=0, pre-check=0');`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`<?php`
	`2`	`+ require_once("security.php");`
`2`	`3`	`ini_set('gpc_magic_quotes', 0);`
`3`	`4`	`require_once("security.php");`
`4`	`5`	`$profile = isset($_REQUEST["profile"]) ? strip_tags($_REQUEST["profile"]) : 'default';`