Security fix to my last commit.

[fa-stable.git] / frontaccounting.php

diff --git a/frontaccounting.php b/frontaccounting.php
index df1ff02cfdcdb15bd5ada726c72b18b3aa2534fd..7e2201882a74b9f954ca64cfa97c8f69c5df83c4 100644 (file)
--- a/frontaccounting.php
+++ b/frontaccounting.php
@@ -9,6 +9,8 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
+if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
+       die("Restricted access");
        include_once($path_to_root . '/applications/application.php');
        include_once($path_to_root . '/applications/customers.php');
        include_once($path_to_root . '/applications/suppliers.php');