config.php has been vulnerable. Fixed.

author Joe Hunt <joe.hunt.consulting@gmail.com>

Thu, 13 Sep 2007 22:19:16 +0000 (22:19 +0000)

committer Joe Hunt <joe.hunt.consulting@gmail.com>

Thu, 13 Sep 2007 22:19:16 +0000 (22:19 +0000)
author Joe Hunt <joe.hunt.consulting@gmail.com>
Thu, 13 Sep 2007 22:19:16 +0000 (22:19 +0000)
committer Joe Hunt <joe.hunt.consulting@gmail.com>
Thu, 13 Sep 2007 22:19:16 +0000 (22:19 +0000)
diff --git a/CHANGELOG.txt b/CHANGELOG.txt

index 44395e06e38a02d0a2881f54dbe941eec1a6d7a6..6fffa53e3f9c724d563097932657e1978af13066 100644 (file)
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -21,7 +21,9 @@ $ -> Affected files
  
  14-Sep-2007 Joe Hunt
   # We forgot to upload the PO file when installing new language. Used when GETTEXT is not installed on Server.
+ # config.php has been vulnerable. Fixed.
   $ /admin/inst_lang.php
+ $ config.php
   
  10-Sep-2007 Joe Hunt
   ! Changed Bank Address field from text to textarea (multirows)
diff --git a/config.php b/config.php

index 277d2ccf66af3db62f8b093d864923d381de298f..08aa993a2003e121cf9e5ac825354f79d8533828 100644 (file)
--- a/config.php
+++ b/config.php
@@ -23,7 +23,8 @@
                 session_save_path($session_save_path);
                 unset($session_save_path);
      }
-
+       if (!isset($path_to_root))
+               exit;
      include_once($path_to_root . "/config_db.php");
      include_once($path_to_root . "/includes/lang/language.php");
author	Joe Hunt <joe.hunt.consulting@gmail.com>
	Thu, 13 Sep 2007 22:19:16 +0000 (22:19 +0000)
committer	Joe Hunt <joe.hunt.consulting@gmail.com>
	Thu, 13 Sep 2007 22:19:16 +0000 (22:19 +0000)
CHANGELOG.txt		patch \| blob \| history
config.php		patch \| blob \| history