Merge commit from fork

SECURITY: Make 'unittest' mode only work during tests
jpatokal · Aug 22, 2024 · 17273e9 · 17273e9
2 parents 3ada5ee + a1f83e1
commit 17273e9
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 2 deletions.
diff --git a/help/resetpw.php b/help/resetpw.php
@@ -68,7 +68,7 @@
 Cheers,
 OpenFlights.org";
 
-        if (isset($_POST["unittest"])) {
+        if (defined(UNIT_TEST_MODE) && UNIT_TEST_MODE && isset($_POST["unittest"])) {
             echo $link . "***" .  $row['challenge'];
             exit(0);
         }

diff --git a/php/apsearch.php b/php/apsearch.php
@@ -238,7 +238,7 @@
 TXT;
 
 
-    if (isset($_POST["unittest"])) {
+    if (defined(UNIT_TEST_MODE) && UNIT_TEST_MODE && isset($_POST["unittest"])) {
         echo $title . "\n\n" . $body;
         exit;
     }

diff --git a/php/config.php.sample b/php/config.php.sample
@@ -1,4 +1,7 @@
 <?php
+
+const UNIT_TEST_MODE = false;
+
 $host = "localhost";
 $dbname = "flightdb2";
 $user = "openflights";

diff --git a/test/server/config.php b/test/server/config.php
@@ -9,6 +9,8 @@
 // Path to OpenFlights upload directory
 $uploadDir = '../../import/';
 
+const UNIT_TEST_MODE = true;
+
 // Database configuration
 $dbhost = "localhost";
 $dbuser = "openflights";