If you are running trixbox CE 2.4, copy the following text below and then follow the following directions:
Log into your system with putty or other ssh client
nano fixindex.sh
paste contents into file
ctrl-o
ctrl-x
chmod +x fixindex.sh
./fixindex.sh
#!/bin/sh
clear
echo "This will fix the security problem with the index.php"
echo "files in maint and user. This should only be ran on"
echo "trixbox version: 2.4, use yum update for trixbox 2.6"
echo "This script will make backup copies of"
echo "/var/www/html/user/index.php"
echo "and"
echo "/var/www/html/maint/index.php"
echo ""
echo ""
echo -n "Do you wish to continue? [y/n]"
read answer
case $answer in
"n" | "N" )
echo "Exiting."
exit 0
;;
"y" | "Y" )
echo "Checking trixbox version"
if [ "`cat /etc/trixbox/trixbox-version`" = "2.4.0" ]
then
echo "correct version"
echo "Making backup copies"
cp /var/www/html/user/index.php /root/user-index.php.bak
cp /var/www/html/maint/index.php /root/maint-index.php.bak
echo "copies are now in /root/"
echo ""
echo "Clearing all cache files and template_c files"
rm -rf /tmp/sess_*
rm -rf /var/www/html/user/cache/sessionsFile.txt
rm -rf /var/www/html/user/templates_c/*
rm -rf /var/www/html/maint/cache/sessionsFile.txt
rm -rf /var/www/html/maint/templates_c/*
echo "Please make sure to clear cookies from your webbrowser!!"
cat > /var/www/html/user/index.php <<\EOF
<?php
// Copyright (C) 2007 Fonality Inc. (fonality.com)
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
$langArray = array('english','estonian','french','portuguese','spanish','swedish','turkish');
if (isset($_POST['langChoice'])) {
$_POST['langChoice'] = (in_array($_POST['langChoice'],$langArray)) ? $_POST['langChoice']:"english";
}
session_start();
require 'includes/smartysetup.php';
require_once("includes/xajax.inc.php");
include "includes/tbversion.php"; // Grabs version of TrixBox from file /etc/trixbox/trixbox-version
$smarty->assign("tbversion",tbversion());
$smarty->assign("title","trixbox - User Mode");
$smarty->assign("main_tab",$tabsArray["main_tab"]);
$smarty->assign("module_name",$tabsArray["module_name"]);
$smarty->assign("module_folder",$tabsArray["module_folder"]);
$smarty->assign("tab_text",$tabsArray["tab_text"]);
$smarty->assign("module_folder",$tabsArray["module_folder"]);
$smarty->assign("tab_text_constant",$tabsArray["tab_text_constant"]);
$smarty->assign("mouseover_title",$tabsArray["mouseover_title"]);
$smarty->assign("tab_image",$tabsArray["tab_image"]);
$smarty->assign("hidden_tab",$tabsArray["hidden_tab"]);
$smarty->assign("version_num",$tabsArray["version_num"]);
foreach($tabsArray["tab_url"] as $key => $value){
$tabsArray["tab_url"][$key] = $_SERVER['PHP_SELF'].$value;
}
$smarty->assign("tab_url",$tabsArray["tab_url"]);
$smarty->assign("newwindow_url",$tabsArray["newwindow_url"]);
$smarty->assign("template",$tabsArray["template"]);
$smarty->assign("config_file",$tabsArray["config_file"]);
$smarty->assign("innerVar",$tabsArray["innerVar"]);
$smarty->assign("new_window",$tabsArray["new_window"]);
$smarty->assign("description",$tabsArray["description"]);
$smarty->assign("site_url",$tabsArray["site_url"]);
$smarty->assign("site_description",$tabsArray["site_description"]);
$smarty->assign("contact",$tabsArray["contact"]);
// Include configModules file in the appropriate module folder depending upon the tab that is chosen
$getVariable = "";
foreach($tabsArray['innerVar'] as $key => $value){
if(isset($_GET[$value])){
$getVariable = $_GET[$value];
include('modules/'.$tabsArray['module_folder'][$key].'/'.$tabsArray['config_file'][$key]);
break;
}elseif((count($_GET)==0)){
include('modules/'.$tabsArray['module_folder'][0].'/'.$tabsArray['config_file'][0]);
break;
}
}
//include('modules/configModules.php');
include_once('includes/application_top.php');
$browser = detectBrowser();
$smarty->assign("browser", $browser);
foreach($tabsArray["module_folder"] as $key => $value){
if(file_exists('modules/'.$value.'/language/'.$language.'.php')){
include('modules/'.$value.'/language/'.$language.'.php');
if($tabsArray["module_name"][$key] == $MODULE_NAME){
$params = array('charString' => $TAB_NAME, 'language' => $_SESSION['trixbox_Language']);
$tabsArray["tab_text"][$key] = specialCharacterReplace($params, 1);
$params = array('charString' => $TAB_LABEL, 'language' => $_SESSION['trixbox_Language']);
$tabsArray["mouseover_title"][$key] = specialCharacterReplace($params, 1);
}
}
}
include('includes/functions/xajaxPackagesLink.php');
$xajax = new xajax();
$xajax->registerFunction("setSession_value");
$xajax->processRequests();
$smarty->assign('xajax_javascript', $xajax->getJavascript());
$smarty->assign("tab_text",$tabsArray["tab_text"]);
$smarty->assign("mouseover_title",$tabsArray["mouseover_title"]);
$smarty->register_function('translation', 'specialCharacterReplace');
$smarty->display('index.tpl');
EOF
cat > /var/www/html/maint/index.php <<\EOF2
<?php
/* Copyright (C) 2007 Fonality Inc. (fonality.com)
**
** This program is free software; you can redistribute it and/or
** modify it under the terms of the GNU General Public License
** as published by the Free Software Foundation; either version 2
** of the License, or (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
*/
$langArray = array('english','estonian','french','portuguese','spanish','swedish','turkish');
if (isset($_POST['langChoice'])) {
$_POST['langChoice'] = (in_array($_POST['langChoice'],$langArray)) ? $_POST['langChoice']:"english";
}
require_once("includes/classes/config.class.php");
$trixbox_config = new Config();
$trixbox_config->load('/etc/trixbox/trixbox.conf');
session_start();
require_once 'includes/smartysetup.php';
require_once("includes/xajax.inc.php");
include_once 'includes/functions/functions.php';
include_once "includes/tbversion.php"; // Grabs version of TrixBox from file /etc/trixbox/trixbox-version
//include('includes/functions/guidGen.php');
//$guid = guidGen();
//$smarty->assign("seeGuid",$guid);
//require('includes/classes/nusoap/lib/nusoap.php');
//include('includes/functions/captureSoapIP.php');
//include('includes/functions/captureSoapIPURLList.php');
$smarty->assign("tbversion",tbversion());
$smarty->assign("title","trixbox - Admin Mode");
$smarty->assign("main_tab",$tabsArray["main_tab"]);
$smarty->assign("module_name",$tabsArray["module_name"]);
$smarty->assign("module_folder",$tabsArray["module_folder"]);
//print_r($tabsArray["module_folder"]);
$smarty->assign("tab_image",$tabsArray["tab_image"]);
$smarty->assign("hidden_tab",$tabsArray["hidden_tab"]);
$smarty->assign("version_num",$tabsArray["version_num"]);
if(array_key_exists("module_version", $tabsArray)){
$smarty->assign("module_version",$tabsArray["module_version"]);
}
foreach($tabsArray["tab_url"] as $key => $value){
$tabsArray["tab_url"][$key] = $_SERVER['PHP_SELF'].$value;
}
$smarty->assign("tab_url",$tabsArray["tab_url"]);
$smarty->assign("newwindow_url",$tabsArray["newwindow_url"]);
$smarty->assign("template",$tabsArray["template"]);
$smarty->assign("config_file",$tabsArray["config_file"]);
$smarty->assign("innerVar",$tabsArray["innerVar"]);
$smarty->assign("new_window",$tabsArray["new_window"]);
$smarty->assign("description",$tabsArray["description"]);
$smarty->assign("site_url",$tabsArray["site_url"]);
$smarty->assign("site_description",$tabsArray["site_description"]);
$smarty->assign("contact",$tabsArray["contact"]);
include_once('includes/application_top.php');
$browser = detectBrowser();
$smarty->assign("browser", $browser);
// This is how we determine what main tabs have corrisponding drop down menus
$activeMainTab[]= "";
$i = 0;
foreach($tabsArray["main_tab"] as $value){
if(!array_search($value,$activeMainTab)){
$activeMainTab[$i] = $value;
$i++;
}
}
foreach($activeMainTab as $value){
if($value){
$activeMainTab_adj[] = $value;
}
}
//print_r($activeMainTab_adj);
//print_r($tabsArray["module_name"]);
//exit();
$smarty->assign("activeMainTab",$activeMainTab_adj);
// Include configModules file in the appropriate module folder depending upon the tab that is chosen
$getVariable = "";
foreach($tabsArray['innerVar'] as $key => $value){
if(isset($_GET[$value])){
$getVariable = $_GET[$value];
include('modules/'.$tabsArray['module_folder'][$key].'/'.$tabsArray['config_file'][$key]);
break;
}elseif((count($_GET)==0)){
include('modules/'.$tabsArray['module_folder'][0].'/'.$tabsArray['config_file'][0]);
break;
}
}
include_once('modules/configModules.php');
// Required for each module
include_once 'includes/functions/login_functions.php';
include_once 'includes/functions/xajaxPackagesLink.php';
include_once 'includes/functions/xajaxSysMaint.php';
$xajax = new xajax();
//$xajax->waitCursorOff();
//$xajax->debugOn();
//$xajax->statusMessagesOn();
$xajax->registerFunction("navDropMenu");
$xajax->registerFunction("menu");
$xajax->registerFunction("myFunction");
$xajax->registerFunction("processForm");
$xajax->registerFunction("processRegForm");
$xajax->registerFunction("submitLogout");
$xajax->registerFunction("installPackages");
$xajax->registerFunction("setSession_value");
$xajax->registerFunction("repoWarning");
$xajax->registerFunction("reboot");
$xajax->registerFunction("resetIdle");
$xajax->registerFunction("resetNow");
$xajax->registerFunction("resetSoon");
$xajax->registerFunction("shutdown");
$xajax->registerFunction("audittool");
// End module requirements
// translates tab to appropriate language if language file exists in module folder
foreach($tabsArray["module_folder"] as $key => $value){
if(file_exists('modules/'.$value.'/language/'.$language.'.php')){
include('modules/'.$value.'/language/'.$language.'.php');
if($tabsArray["module_name"][$key] == $MODULE_NAME){
$params = array('charString' => $TAB_NAME, 'language' => $_SESSION['trixbox_Language']);
$tabsArray["tab_text"][$key] = specialCharacterReplace($params, 1);
$params = array('charString' => $TAB_LABEL, 'language' => $_SESSION['trixbox_Language']);
$tabsArray["mouseover_title"][$key] = specialCharacterReplace($params, 1);
}
}
}
$smarty->assign("tab_text",$tabsArray["tab_text"]);
$smarty->assign("mouseover_title",$tabsArray["mouseover_title"]);
function specialCharacterReplace($params, $return = 0){
$charString = $params['charString'];
$language = $params['language'];
if($language == "swedish"){
$charStringTranslated = htmlspecialchars($charString);
}else{
$charStringTranslated = htmlentities($charString);
}
if($return != 0){
return $charStringTranslated;
}else{
echo $charStringTranslated;
}
}
$smarty->register_function('translation', 'specialCharacterReplace');
// ==== end experiment
// ====== Print version number in modules ==========
if(count($_GET) >= 1){
foreach($tabsArray["innerVar"] as $key => $value){
//echo "<br />".$key." => ".$value;
foreach($_GET as $getKey => $getValue){
if($getKey == $value){
//echo $getKey;
//echo $tabsArray["module_name"][$key];
$smarty->assign('moduleName4Version', $tabsArray["module_name"][$key]);
$smarty->assign('versionDescription', $tabsArray["description"][$key]);
if(array_key_exists("module_version", $tabsArray)){
$smarty->assign('versionNumber', $tabsArray["module_version"][$key]);
}
}
}
}
}else{
$smarty->assign('moduleName4Version', $tabsArray["module_name"][0]);
$smarty->assign('versionDescription', $tabsArray["description"][0]);
if(array_key_exists("module_version", $tabsArray)){
$smarty->assign('versionNumber', $tabsArray["module_version"][0]);
}
}
// ====== End version number in modules ============
$xajax->processRequests();
$smarty->assign('SomeArgument', $arg);
$smarty->assign('xajax_javascript', $xajax->getJavascript('includes'));
// End Soap check of registration
if(file_exists('/etc/trixbox/.regData')){
$_SESSION['trixbox_registration'] = 0;
}elseif(!file_exists('/etc/trixbox/.regData') && $_SESSION['trixbox_registration'] != 0){
$_SESSION['trixbox_registration'] = 1;
}
$smarty->display('index.tpl');
EOF2
else
echo "Wrong Version"
exit 0
fi
;;
* )
echo "Sorry, try again."
;;
esac