diff -Naur WebCalendar-1.2.4.orig/includes/classes/hKit/hcal.profile.php WebCalendar-1.2.4.new/includes/classes/hKit/hcal.profile.php --- WebCalendar-1.2.4.orig/includes/classes/hKit/hcal.profile.php 2007-08-06 04:28:33.000000000 +0200 +++ WebCalendar-1.2.4.new/includes/classes/hKit/hcal.profile.php 2011-09-30 18:19:06.397245502 +0200 @@ -2,6 +2,9 @@ // hcal profile for hkit // hacked together by Ray Jones 06/26/2006 + if (!isset($this)) // Prevent CVE-2011-3814. + die(); + $this->root_class = 'vevent'; $this->classes = array ( @@ -57,4 +60,4 @@ $vevent = array_change_key_case($vevent, CASE_UPPER); } -?> \ No newline at end of file +?> diff -Naur WebCalendar-1.2.4.orig/includes/common_admin_pref.php WebCalendar-1.2.4.new/includes/common_admin_pref.php --- WebCalendar-1.2.4.orig/includes/common_admin_pref.php 2007-07-28 21:21:57.000000000 +0200 +++ WebCalendar-1.2.4.new/includes/common_admin_pref.php 2011-09-30 18:19:06.417244020 +0200 @@ -2,6 +2,7 @@ /* Consolidating parts of admin.php and pref.php. * $Id: common_admin_pref.php,v 1.4 2007/07/28 19:21:57 bbannon Exp $ */ +function_exists('translate') or die('You cannot access this file directly!'); // . // Force the CSS cache to clear by incrementing webcalendar_csscache cookie. $webcalendar_csscache = 1; @@ -334,4 +335,4 @@ load_user_preferences (); } -?> \ No newline at end of file +?> diff -Naur WebCalendar-1.2.4.orig/includes/date_formats.php WebCalendar-1.2.4.new/includes/date_formats.php --- WebCalendar-1.2.4.orig/includes/date_formats.php 2007-08-06 04:28:32.000000000 +0200 +++ WebCalendar-1.2.4.new/includes/date_formats.php 2011-09-30 18:19:06.418243948 +0200 @@ -22,6 +22,7 @@ // . // This will force $LANGUAGE to the current value // and eliminate having to double click the 'SAVE' button. +function_exists('reset_language') or die('You cannot access this file directly!'); reset_language ( get_pref_setting ( $login, 'LANGUAGE' ) ); define_languages (); // Load the language list. reset ( $languages ); diff -Naur WebCalendar-1.2.4.orig/includes/help_list.php WebCalendar-1.2.4.new/includes/help_list.php --- WebCalendar-1.2.4.orig/includes/help_list.php 2008-02-12 20:08:52.000000000 +0100 +++ WebCalendar-1.2.4.new/includes/help_list.php 2011-09-30 18:19:06.418243948 +0200 @@ -5,7 +5,7 @@ * This should make it easier to add new help screens without having to * touch each file every time. */ -defined ( '_ISVALID' ) or ( 'You cannot access this file directly!' ); +defined ( '_ISVALID' ) or die( 'You cannot access this file directly!' ); // DO NOT DELETE translate ( 'Index' ) translate ( 'Documentation' ) $help_list = array (); $help_list['Index'] = 'help_index.php'; diff -Naur WebCalendar-1.2.4.orig/includes/js/visible.php WebCalendar-1.2.4.new/includes/js/visible.php --- WebCalendar-1.2.4.orig/includes/js/visible.php 2008-01-28 21:17:08.000000000 +0100 +++ WebCalendar-1.2.4.new/includes/js/visible.php 2011-09-30 18:19:06.418243948 +0200 @@ -183,7 +183,12 @@ colorCell.style.backgroundColor = "#000000"; input.select (); input.focus (); - alert ( '<?php etranslate ( 'Invalid Color', true ) ?>'); + alert ( '<?php + $m = 'Invalid Color'; + if (function_exists('etranslate')) // Prevent CVE-2011-3814. + etranslate($m, true); + else + echo $m; ?>'); } else { colorCell.style.backgroundColor = color; } diff -Naur WebCalendar-1.2.4.orig/ws/login.php WebCalendar-1.2.4.new/ws/login.php --- WebCalendar-1.2.4.orig/ws/login.php 2011-08-07 19:56:16.000000000 +0200 +++ WebCalendar-1.2.4.new/ws/login.php 2011-09-30 18:23:16.913819417 +0200 @@ -9,15 +9,13 @@ // relative to current working directory. define ( '__WC_INCLUDEDIR', '../includes' ); -include __WC_INCLUDEDIR . '/translate.php'; +foreach (array('config', 'dbi4php', 'formvars', 'functions', 'translate') as $i) + include_once __WC_INCLUDEDIR . '/' . $i . '.php'; + require_once __WC_INCLUDEDIR . '/classes/WebCalendar.class'; $WebCalendar = new WebCalendar ( __FILE__ ); -include __WC_INCLUDEDIR . '/config.php'; -include __WC_INCLUDEDIR . '/dbi4php.php'; -include __WC_INCLUDEDIR . '/functions.php'; - $WebCalendar->initializeFirstPhase (); include __WC_INCLUDEDIR . '/' .$user_inc; diff -Naur WebCalendar-1.2.4.orig/ws/ws.php WebCalendar-1.2.4.new/ws/ws.php --- WebCalendar-1.2.4.orig/ws/ws.php 2011-08-07 19:56:16.000000000 +0200 +++ WebCalendar-1.2.4.new/ws/ws.php 2011-09-30 18:26:27.827774230 +0200 @@ -19,23 +19,17 @@ // relative to current working directory. define ( '__WC_INCLUDEDIR', '../includes' ); - include_once __WC_INCLUDEDIR . '/translate.php'; - require_once __WC_INCLUDEDIR . '/classes/WebCalendar.class'; - require_once __WC_INCLUDEDIR . '/classes/Event.class'; - require_once __WC_INCLUDEDIR . '/classes/RptEvent.class'; + foreach(array('access', 'config', 'dbi4php', 'formvars', 'functions', + 'site_extras', 'translate', 'validate') as $i) + include_once __WC_INCLUDEDIR . '/' . $i . '.php'; - $WebCalendar = new WebCalendar ( __FILE__ ); - - include_once __WC_INCLUDEDIR . '/config.php'; - include_once __WC_INCLUDEDIR . '/dbi4php.php'; - include_once __WC_INCLUDEDIR . '/access.php'; - include_once __WC_INCLUDEDIR . '/functions.php'; + foreach(array('WebCalendar', 'Event', 'RptEvent') as $i) + include_once __WC_INCLUDEDIR . '/classes/' . $i . '.class'; + $WebCalendar = new WebCalendar ( __FILE__ ); $WebCalendar->initializeFirstPhase (); include_once __WC_INCLUDEDIR . '/' . $user_inc; - include_once __WC_INCLUDEDIR . '/validate.php'; - include_once __WC_INCLUDEDIR . '/site_extras.php'; $WebCalendar->initializeSecondPhase ();