I’m posting this question here, rather than in third party scripts, because it seems to be an issue with a lot of security-aware scripts, rather than just a specific script issue.
I need to run my phpnuke site as php-cgi in order to have Gallery work. Both Gallery and single log-in is essential for this site. I would like to upgrade to PHPnuke Platinum but it uses the script_name variable which breaks in php-cgi.
Example:
if (!stristr($_SERVER['SCRIPT_NAME'], "modules.php")) {
die ("You can't access this file directly...");
}
Older, unpatched versions of the script use (Example):
if (!eregi("modules.php", $_SERVER[PHP_SELF])) {
die ("You can't access this file directly...");
}
I’ve read the Kbase article on this:
https://panel.dreamhost.com/kbase/index.cgi?area=2933
A possible fix for wordpress is posted there
[quote]In Wordpress, adding:
$_SERVER[‘SCRIPT_NAME’] = $_SERVER[‘SCRIPT_URL’];
at the second line of your wp-config.php file seems to help.[/quote]
I am wondering if there is a similar fix for nuke, a way of universally redirecting the variable? Having to manually fix all of the files would be pretty impossible plus, it might break the site and would make adding additional modules difficult. I’ve yet to find a solution to this at any nuke forums.
I can find my way around most scripts, but I am not a PHP programmer, so sorry if the solution to this is is obvious.
Thanks