Protect config file reads too

diff --git a/htaccess-htpasswd/edit_dir.cgi b/htaccess-htpasswd/edit_dir.cgi
index e1b119e..d55c40c 100755 (executable)
--- a/htaccess-htpasswd/edit_dir.cgi
+++ b/htaccess-htpasswd/edit_dir.cgi
@@ -82,8 +82,10 @@ else {
 
 # Authentication realm
 if (!$in{'new'}) {
+       &switch_user();
        $conf = &foreign_call($apachemod, "get_htaccess_config",
                              "$dir->[0]/$config{'htaccess'}");
+       &switch_back();
        $realm = &foreign_call($apachemod, "find_directive",
                               "AuthName", $conf, 1);
        }

diff --git a/htaccess-htpasswd/index.cgi b/htaccess-htpasswd/index.cgi
index 6f4d0d3..590bf8f 100755 (executable)
--- a/htaccess-htpasswd/index.cgi
+++ b/htaccess-htpasswd/index.cgi
@@ -58,6 +58,7 @@ if (@dirs) {
        print &ui_columns_start([ $can_create ? ( "" ) : ( ),
                                  $text{'index_dir'},
                                  $text{'index_usersgroups'} ], 100, 0, \@tds);
+       &switch_user();
        foreach $d (@dirs) {
                local @cols;
                if ($can_create) {
@@ -140,6 +141,7 @@ if (@dirs) {
                        print &ui_columns_row(\@cols, \@tds);
                        }
                }
+       &switch_back();
        print &ui_columns_end();
        if ($can_create) {
                print &ui_links_row(\@links);