From: garvinhicking <garvinhicking>
Date: Thu, 30 Nov 2006 21:34:33 +0000 (+0000)
Subject: Ensure to not be able to call s9y files under circumstances where .htaccess does... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=e01bcdcdc5beb0064d962daa45d293981c031d40;p=s9y.git

Ensure to not be able to call s9y files under circumstances where .htaccess does not deny request AND register_globals is turned on
---

diff --git a/docs/NEWS b/docs/NEWS
index c964b60..7ad63e8 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -1,5 +1,12 @@
 +# $Id$
 
+Version 1.0.4 ()
+------------------------------------------------------------------------
+
+   * Fix local file inclusion bug on systems with two conditions:
+     register_globals=on AND missing .htaccess for restricting access to
+    .inc.php files. (garvinhicking)
+             
 Version 1.0.3 (November 7th, 2006)
 ------------------------------------------------------------------------
 
diff --git a/include/admin/configuration.inc.php b/include/admin/configuration.inc.php
index a4af5e2..4ecb2cf 100644
--- a/include/admin/configuration.inc.php
+++ b/include/admin/configuration.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 umask(0000);
 $umask = 0775;
 @define('IN_installer', true);
@@ -47,7 +51,7 @@ switch ($_POST['installAction'] && serendipity_checkFormToken()) {
                         $permalinkNew[] = $serendipity[$permitem['var']];
                     }
                 }
-            }            
+            }
 
             if (serendipity_checkPermission('siteConfiguration') && serialize($permalinkOld) != serialize($permalinkNew)) {
                 printf(ATTEMPT_WRITE_FILE, $serendipity['serendipityPath'] . '.htaccess');
diff --git a/include/admin/installer.inc.php b/include/admin/installer.inc.php
index 36ddc05..438aa35 100644
--- a/include/admin/installer.inc.php
+++ b/include/admin/installer.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 umask(0000);
 $umask = 0775;
 @define('IN_installer', true);
diff --git a/include/compat.inc.php b/include/compat.inc.php
index 5b95d91..a71769e 100644
--- a/include/compat.inc.php
+++ b/include/compat.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 $serendipity = array();
 @ini_set('magic_quotes_runtime', 'off');
 
@@ -33,11 +37,11 @@ function memSnap($tshow = '') {
     static $avail    = null;
     static $show     = true;
     static $memUsage = 0;
-    
+
     if (!$show) {
         return false;
     }
-    
+
     if ($avail === false) {
         return true;
     } elseif ($avail === null) {
@@ -48,11 +52,11 @@ function memSnap($tshow = '') {
             return false;
         }
     }
-    
+
     if ($memUsage === 0) {
         $memUsage = $avail;
     }
-    
+
     $current = memory_get_usage();
     echo '[' . date('d.m.Y H:i') . '] ' . number_format($current - $memUsage, 2, ',', '.') . ' label "' . $tshow . '", totalling ' . number_format($current, 2, ',', '.') . '<br />' . "\n";
     $memUsage = $current;
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 0401053..dc21e36 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 $serendipity['imageList'] = array();
 include_once(S9Y_INCLUDE_PATH . "include/db/db.inc.php");
 include_once(S9Y_INCLUDE_PATH . "include/compat.inc.php");
diff --git a/include/functions_calendars.inc.php b/include/functions_calendars.inc.php
index e347b5f..7ba735a 100644
--- a/include/functions_calendars.inc.php
+++ b/include/functions_calendars.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 /**
  * Gregorian to Jalali Convertor
  *
@@ -15,42 +19,42 @@
 function g2j($g_y, $g_m, $g_d){
     $g_days_in_month = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
     $j_days_in_month = array(31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29);
-    
+
     $gy = $g_y-1600;
     $gm = $g_m-1;
     $gd = $g_d-1;
-    
+
     $g_day_no = 365*$gy+floor(($gy+3)/4)-floor(($gy+99)/100)+floor(($gy+399)/400);
-    
+
     for ($i=0; $i < $gm; ++$i){
         $g_day_no += $g_days_in_month[$i];
     }
-        
+
     if ($gm>1 && (($gy%4==0 && $gy%100!=0) || ($gy%400==0))){
         /* leap and after Feb */
         ++$g_day_no;
     }
-        
+
     $g_day_no += $gd;
     $j_day_no = $g_day_no-79;
     $j_np = floor($j_day_no/12053);
     $j_day_no %= 12053;
     $jy = 979+33*$j_np+4*floor($j_day_no/1461);
     $j_day_no %= 1461;
-    
+
     if ($j_day_no >= 366) {
         $jy += floor(($j_day_no-1)/365);
         $j_day_no = ($j_day_no-1)%365;
     }
     $j_all_days = $j_day_no+1;
-    
+
     for ($i = 0; $i < 11 && $j_day_no >= $j_days_in_month[$i]; ++$i) {
         $j_day_no -= $j_days_in_month[$i];
     }
-    
+
     $jm = $i+1;
     $jd = $j_day_no+1;
-    
+
     return array($jy, $jm, $jd, $j_all_days);
 }
 
@@ -102,10 +106,10 @@ function j2g($j_y, $j_m, $j_d){
     }
     $gm = $i+1;
     $gd = $g_day_no+1;
-        
+
     return array($gy, $gm, $gd);
 }
-    
+
 /**
  * Format a string according to Jalali calendar (UTF)
  *
@@ -116,7 +120,7 @@ function j2g($j_y, $j_m, $j_d){
  * @return  string  Formatted local time/date according to locale settings
  */
 function jalali_strftime_utf($format, $timestamp) {
-    
+
     $g_d=date('j', $timestamp);
     $g_m=date('n', $timestamp);
     $g_y=date('Y', $timestamp);
@@ -146,12 +150,12 @@ function jalali_strftime_utf($format, $timestamp) {
                            'Wed' => '5',
                            'Thu' => '6',
                            'Fri' => '7');
-    
+
     // calculate string
     $output_str='';
-    
+
     for ($i=0; $i<strlen($format); $i++){
-        
+
         if($format[$i]=='%'){
             $i++;
             switch($format[$i]){
@@ -247,7 +251,7 @@ function jalali_strftime_utf($format, $timestamp) {
             $output_str.=$format[$i];
         }
     }
-    
+
     return $output_str;
 }
 
@@ -261,16 +265,16 @@ function jalali_strftime_utf($format, $timestamp) {
  * @return  string  Formatted local time/date
  */
 function jalali_date_utf($format, $timestamp) {
-    
+
     $g_d=date('j', $timestamp);
     $g_m=date('n', $timestamp);
     $g_y=date('Y', $timestamp);
-    
+
     list($jy, $jm, $jd, $j_all_days) = g2j($g_y, $g_m, $g_d);
-    
+
     $j_days_in_month = array(0, 31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29);
     if(($g_y % 4) == 3) $j_days_in_month[12]++;
-    
+
     $j_month_name = array('', 'فروردین', 'اردیبهشت', 'خرداد', 'تیر',
             'مرداد', 'شهریور', 'مهر', 'آبان', 'آذر', 'دی', 'بهمن', 'اسفند');
     $j_week_name = array('Saturday' => 'شنبه',
@@ -294,12 +298,12 @@ function jalali_date_utf($format, $timestamp) {
                            'Wed' => '5',
                            'Thu' => '6',
                            'Fri' => '7');
-    
+
     // calculate string
     $output_str='';
-    
+
     for ($i=0; $i<strlen($format); $i++){
-        
+
         if($format[$i]!='\\'){
             switch($format[$i]){
                 case 'd':
@@ -398,7 +402,7 @@ function jalali_date_utf($format, $timestamp) {
             $output_str.=$format[$i];
         }
     }
-    
+
     return $output_str;
 }
 
diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php
index b8d58e8..dae3690 100644
--- a/include/functions_comments.inc.php
+++ b/include/functions_comments.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 /**
  * Store the personal details of a commenting user in a cookie (or delete that cookie)
  *
diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php
index 34509e0..30a13ab 100644
--- a/include/functions_config.inc.php
+++ b/include/functions_config.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 /**
  * Adds a new author account
  *
diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php
index 0b69b6f..5bdba64 100644
--- a/include/functions_entries.inc.php
+++ b/include/functions_entries.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 /**
  * Delete a category or range of categories
  *
diff --git a/include/functions_entries_admin.inc.php b/include/functions_entries_admin.inc.php
index 1bbea8b..4b8c2dc 100644
--- a/include/functions_entries_admin.inc.php
+++ b/include/functions_entries_admin.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 include_once(S9Y_INCLUDE_PATH . "include/functions_trackbacks.inc.php");
 
 /**
diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php
index 2287881..018ebe4 100644
--- a/include/functions_images.inc.php
+++ b/include/functions_images.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 /**
  * Check if an uploaded file is "evil"
  *
diff --git a/include/functions_installer.inc.php b/include/functions_installer.inc.php
index f0553b4..49d9119 100644
--- a/include/functions_installer.inc.php
+++ b/include/functions_installer.inc.php
@@ -2,6 +2,9 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
 
 /**
  * Convert a PHP Ini setting to a boolean flag
@@ -764,7 +767,6 @@ function serendipity_installFiles($serendipity_core = '') {
         $htaccess_cgi = '';
     }
 
-
     /* Detect comptability with php_value directives */
     if ($htaccess_cgi == '') {
         $response = '';
diff --git a/include/functions_permalinks.inc.php b/include/functions_permalinks.inc.php
index b97dd05..324c3cd 100644
--- a/include/functions_permalinks.inc.php
+++ b/include/functions_permalinks.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 /**
  * Converts a string into a filename that can be used safely in HTTP URLs
  *
@@ -131,7 +135,7 @@ function serendipity_makeFilename($str, $stripDots = false) {
 
     // Remove excess separators
     $str = trim($str, $to[0]);
-    
+
     if (empty($str)) {
         if (isset($GLOBALS['i18n_unknown'])) {
             $str = $GLOBALS['i18n_unknown'];
@@ -155,67 +159,67 @@ function serendipity_initPermalinks() {
     if (!isset($serendipity['permalinkStructure'])) {
         $serendipity['permalinkStructure'] = 'archives/%id%-%title%.html';
     }
-    
+
     if (!isset($serendipity['permalinkFeedAuthorStructure'])) {
         $serendipity['permalinkFeedAuthorStructure'] = 'feeds/authors/%id%-%realname%.rss';
     }
-    
+
     if (!isset($serendipity['permalinkFeedCategoryStructure'])) {
         $serendipity['permalinkFeedCategoryStructure'] = 'feeds/categories/%id%-%name%.rss';
     }
-    
+
     if (!isset($serendipity['permalinkCategoryStructure'])) {
         $serendipity['permalinkCategoryStructure'] = 'categories/%id%-%name%';
     }
-    
+
     if (!isset($serendipity['permalinkAuthorStructure'])) {
         $serendipity['permalinkAuthorStructure'] = 'authors/%id%-%realname%';
     }
-    
+
     if (!isset($serendipity['permalinkArchivesPath'])) {
         $serendipity['permalinkArchivesPath'] = 'archives';
     }
-    
+
     if (!isset($serendipity['permalinkArchivePath'])) {
         $serendipity['permalinkArchivePath'] = 'archive';
     }
-    
+
     if (!isset($serendipity['permalinkCategoriesPath'])) {
         $serendipity['permalinkCategoriesPath'] = 'categories';
     }
-    
+
     if (!isset($serendipity['permalinkAuthorsPath'])) {
         $serendipity['permalinkAuthorsPath'] = 'authors';
     }
-    
+
     if (!isset($serendipity['permalinkUnsubscribePath'])) {
         $serendipity['permalinkUnsubscribePath'] = 'unsubscribe';
     }
-    
+
     if (!isset($serendipity['permalinkDeletePath'])) {
         $serendipity['permalinkDeletePath'] = 'delete';
     }
-    
+
     if (!isset($serendipity['permalinkApprovePath'])) {
         $serendipity['permalinkApprovePath'] = 'approve';
     }
-    
+
     if (!isset($serendipity['permalinkFeedsPath'])) {
         $serendipity['permalinkFeedsPath'] = 'feeds';
     }
-    
+
     if (!isset($serendipity['permalinkPluginPath'])) {
         $serendipity['permalinkPluginPath'] = 'plugin';
     }
-    
+
     if (!isset($serendipity['permalinkAdminPath'])) {
         $serendipity['permalinkAdminPath'] = 'admin';
     }
-    
+
     if (!isset($serendipity['permalinkSearchPath'])) {
         $serendipity['permalinkSearchPath'] = 'search';
     }
-    
+
     /* URI paths
      * These could be defined in the language headers, except that would break
      * backwards URL compatibility
@@ -230,7 +234,7 @@ function serendipity_initPermalinks() {
     @define('PATH_PLUGIN',      $serendipity['permalinkPluginPath']);
     @define('PATH_ADMIN',       $serendipity['permalinkAdminPath']);
     @define('PATH_SEARCH',      $serendipity['permalinkSearchPath']);
-    
+
     /* URI patterns
      * Note that it's important to use @ as the pattern delimiter. DO NOT use shortcuts
      * like \d or \s, since mod_rewrite will use the regexps as well and chokes on them.
@@ -254,7 +258,7 @@ function serendipity_initPermalinks() {
  */
 function &serendipity_permalinkPatterns($return = false) {
     global $serendipity;
-    
+
     $PAT = array();
 
     $PAT['UNSUBSCRIBE']              = '@/'  . $serendipity['permalinkUnsubscribePath'].'/(.*)/([0-9]+)@';
@@ -318,7 +322,7 @@ function serendipity_searchPermalink($struct, $url, $default, $type = 'entry') {
         if (is_array($permalink)) {
             return $permalink['entry_id'];
         }
-    }    
+    }
 
     return $default;
 }
@@ -349,12 +353,12 @@ function serendipity_getPermalink(&$data, $type = 'entry') {
         case 'category':
             return serendipity_categoryURL($data, '', false);
             break;
-            
+
         case 'author':
             return serendipity_authorURL($data, '', false);
             break;
     }
-    
+
     return false;
 }
 
@@ -399,16 +403,16 @@ function serendipity_insertPermalink(&$data, $type = 'entry') {
         case 'entry':
             $idfield = 'id';
             break;
-            
+
         case 'author':
             $idfield = 'authorid';
             break;
-            
+
         case 'category':
             $idfield = 'categoryid';
             break;
     }
-    
+
     return(serendipity_db_query(sprintf("INSERT INTO {$serendipity['dbPrefix']}permalinks
                                                     (permalink, entry_id, type)
                                              VALUES ('%s', '%s', '%s')",
@@ -498,9 +502,9 @@ function serendipity_makePermalink($format, $data, $type = 'entry') {
                     $data['entry']['timestamp'] = time();
                 }
             }
-        
+
             $ts = serendipity_serverOffsetHour($data['entry']['timestamp']);
-        
+
             $replacements =
                 array(
                     (int)$data['id'],
@@ -511,7 +515,7 @@ function serendipity_makePermalink($format, $data, $type = 'entry') {
                 );
             return str_replace($entryKeys, $replacements, $format);
             break;
-            
+
         case 'author':
             $replacements =
                 array(
@@ -522,7 +526,7 @@ function serendipity_makePermalink($format, $data, $type = 'entry') {
                 );
             return str_replace($authorKeys, $replacements, $format);
             break;
-            
+
         case 'category':
             $replacements =
                 array(
diff --git a/include/functions_plugins_admin.inc.php b/include/functions_plugins_admin.inc.php
index 44fefff..22d6004 100644
--- a/include/functions_plugins_admin.inc.php
+++ b/include/functions_plugins_admin.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 /**
  * Returns the name of a usergroup.
  *
@@ -305,7 +309,7 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam
                 $value = $plugin->get_config($config_item, false, true);
             }
         }
-        
+
         if (isset($_POST['serendipity'][$postkey][$config_item])) {
             if (is_array($_POST['serendipity'][$postkey][$config_item])) {
                 $hvalue = $_POST['serendipity'][$postkey][$config_item];
@@ -343,7 +347,7 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam
                 } else {
                     $selected_options = array($hvalue => $hvalue);
                 }
-                
+
                 $pre_selected = (array)$cbag->get('select_preselected');
                 $select_size  = $cbag->get('select_size');
                 $select = $cbag->get('select_values');
@@ -494,7 +498,7 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam
             case 'hidden':
                 ?><tr><td colspan="2"><input class="direction_<?php echo $lang_direction; ?>" type="hidden" name="serendipity[<?php echo $postKey; ?>][<?php echo $config_item; ?>]" value="<?php echo $cbag->get('value'); ?>" /></td></tr><?php
                 break;
-            
+
             default:
                 // Unknown configuration key. Let the plugin handle it.
                 $addData = func_get_args();
@@ -517,8 +521,8 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam
 <br />
 <?php
     }
-    
-    if ($showSubmit) { 
+
+    if ($showSubmit) {
 ?>
     <div style="padding-left: 20px">
         <input type="submit" name="SAVECONF" value="<?php echo SAVE; ?>" class="serendipityPrettyButton" />
@@ -550,6 +554,6 @@ function serendipity_plugin_config(&$plugin, &$bag, &$name, &$desc, &$config_nam
 <?php
         }
     }
-    
+
     return true;
 }
diff --git a/include/functions_rss.inc.php b/include/functions_rss.inc.php
index af17010..09ff589 100644
--- a/include/functions_rss.inc.php
+++ b/include/functions_rss.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 /**
  * Parses entries to display them for RSS/Atom feeds to be passed on to generic Smarty templates
  *
@@ -78,7 +82,7 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f
                     $cat['feed_category_name'] = serendipity_utf8_encode(htmlspecialchars($cat['category_name']));
                 }
             }
-            
+
             // Prepare variables
             // 1. UTF8 encoding + htmlspecialchars.
             $entry['feed_title']     = serendipity_utf8_encode(htmlspecialchars($entry['title']));
@@ -101,28 +105,28 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f
                 case 'opml1.0':
                     $entry_hook = 'frontend_display:opml-1.0:per_entry';
                     break;
-            
+
                 case '0.91':
                     $entry_hook = 'frontend_display:rss-0.91:per_entry';
                     break;
-            
+
                 case '1.0':
                     $entry_hook = 'frontend_display:rss-1.0:per_entry';
                     break;
-            
+
                 case '2.0':
                     $entry_hook = 'frontend_display:rss-2.0:per_entry';
                     break;
-            
+
                 case 'atom0.3':
                     $entry_hook = 'frontend_display:atom-0.3:per_entry';
                     break;
-            
+
                 case 'atom1.0':
                     $entry_hook = 'frontend_display:atom-1.0:per_entry';
                     break;
             }
-            
+
             serendipity_plugin_api::hook_event($entry_hook, $entry);
             $entry['per_entry_display_dat'] = $entry['display_dat'];
         }
diff --git a/include/functions_smarty.inc.php b/include/functions_smarty.inc.php
index a327f3c..be74eb8 100644
--- a/include/functions_smarty.inc.php
+++ b/include/functions_smarty.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 /**
  * Fetch a list of trackbacks for an entry
  *
diff --git a/include/functions_trackbacks.inc.php b/include/functions_trackbacks.inc.php
index c14081b..3215057 100644
--- a/include/functions_trackbacks.inc.php
+++ b/include/functions_trackbacks.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 /**
  * Check a HTTP response if it is a valid XML trackback response
  *
diff --git a/include/functions_upgrader.inc.php b/include/functions_upgrader.inc.php
index 6045123..bc8880d 100644
--- a/include/functions_upgrader.inc.php
+++ b/include/functions_upgrader.inc.php
@@ -84,7 +84,7 @@ function serendipity_fixPlugins($case) {
                 'serendipity_event_searchhighlight',
                 'serendipity_event_textile'
             );
-            
+
             $elements = array(
                 'ENTRY_BODY',
                 'EXTENDED_BODY',
@@ -97,24 +97,24 @@ function serendipity_fixPlugins($case) {
                 $where[] = "name LIKE '$plugin:%'";
             }
 
-            $rows = serendipity_db_query("SELECT name, value, authorid 
-                                            FROM {$serendipity['dbPrefix']}config  
+            $rows = serendipity_db_query("SELECT name, value, authorid
+                                            FROM {$serendipity['dbPrefix']}config
                                            WHERE " . implode(' OR ', $where));
             if (!is_array($rows)) {
                 return false;
             }
-            
+
             foreach($rows AS $row) {
                 if (preg_match('@^(serendipity_event_.+):([a-z0-9]+)/(.+)@i', $row['name'], $plugin_data)) {
                     foreach($elements AS $element) {
                         if ($plugin_data[3] != constant($element)) {
                             continue;
                         }
-                        
+
                         $new = $plugin_data[1] . ':' . $plugin_data[2] . '/' . $element;
                         serendipity_db_query("UPDATE {$serendipity['dbPrefix']}config
                                                  SET name     = '$new'
-                                               WHERE name     = '{$row['name']}' 
+                                               WHERE name     = '{$row['name']}'
                                                  AND value    = '{$row['value']}'
                                                  AND authorid = '{$row['authorid']}'");
                     }
diff --git a/include/genpage.inc.php b/include/genpage.inc.php
index 9f9a187..84a3ac3 100644
--- a/include/genpage.inc.php
+++ b/include/genpage.inc.php
@@ -6,6 +6,10 @@ include_once('serendipity_config.inc.php');
 include_once(S9Y_INCLUDE_PATH . 'include/plugin_api.inc.php');
 include_once(S9Y_INCLUDE_PATH . 'include/plugin_internal.inc.php');
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 $uri_addData = array(
     'startpage' => false,
     'uriargs'   => implode('/', serendipity_getUriArguments($uri, true)),
diff --git a/include/lang.inc.php b/include/lang.inc.php
index 68d2b4f..ab1b170 100644
--- a/include/lang.inc.php
+++ b/include/lang.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 if (!defined('serendipity_LANG_LOADED') || serendipity_LANG_LOADED !== true) {
     // Try and include preferred language from the configurated setting
     if (@include(S9Y_INCLUDE_PATH . 'lang/' . $serendipity['charset'] . 'serendipity_lang_'. $serendipity['lang'] .'.inc.php') ) {
diff --git a/include/plugin_internal.inc.php b/include/plugin_internal.inc.php
index 902a224..c020387 100644
--- a/include/plugin_internal.inc.php
+++ b/include/plugin_internal.inc.php
@@ -2,6 +2,10 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+
 class serendipity_calendar_plugin extends serendipity_plugin {
     var $title = CALENDAR;
 
diff --git a/plugins/serendipity_event_xhtmlcleanup/UTF-8/lang_tn.inc.php b/plugins/serendipity_event_xhtmlcleanup/UTF-8/lang_tn.inc.php
index d07de6a..b3658e0 100644
--- a/plugins/serendipity_event_xhtmlcleanup/UTF-8/lang_tn.inc.php
+++ b/plugins/serendipity_event_xhtmlcleanup/UTF-8/lang_tn.inc.php
@@ -1,4 +1,4 @@
-<?php # $Id: $
+<?php # $Id: $
 ##########################################################################
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity    #
 # Developer Team) All rights reserved.  See LICENSE file for licensing   #
diff --git a/plugins/serendipity_event_xhtmlcleanup/lang_tn.inc.php b/plugins/serendipity_event_xhtmlcleanup/lang_tn.inc.php
index d07de6a..b3658e0 100644
--- a/plugins/serendipity_event_xhtmlcleanup/lang_tn.inc.php
+++ b/plugins/serendipity_event_xhtmlcleanup/lang_tn.inc.php
@@ -1,4 +1,4 @@
-<?php # $Id: $
+<?php # $Id: $
 ##########################################################################
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity    #
 # Developer Team) All rights reserved.  See LICENSE file for licensing   #
diff --git a/templates/kubrick/config.inc.php b/templates/kubrick/config.inc.php
index 091e22c..8d5978f 100644
--- a/templates/kubrick/config.inc.php
+++ b/templates/kubrick/config.inc.php
@@ -1,5 +1,9 @@
 <?php # $Id$
 
+if (IN_serendipity !== true) {
+    die ("Don't hack!");
+}
+    
 $probelang = dirname(__FILE__) . '/lang_' . $serendipity['lang'] . '.inc.php';
 if (file_exists($probelang)) {
     include $probelang;