From 82ace0fdff0f7a6a33bcfd05133dfe2eaceb5f25 Mon Sep 17 00:00:00 2001
From: Joe Hunt <joe.hunt.consulting@gmail.com>
Date: Thu, 13 Sep 2007 22:19:16 +0000
Subject: [PATCH] config.php has been vulnerable. Fixed.

---
 CHANGELOG.txt | 2 ++
 config.php    | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 44395e0..6fffa53 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -21,7 +21,9 @@ $ -> Affected files
 
 14-Sep-2007 Joe Hunt
  # We forgot to upload the PO file when installing new language. Used when GETTEXT is not installed on Server.
+ # config.php has been vulnerable. Fixed.
  $ /admin/inst_lang.php
+ $ config.php
  
 10-Sep-2007 Joe Hunt
  ! Changed Bank Address field from text to textarea (multirows)
diff --git a/config.php b/config.php
index 277d2cc..08aa993 100644
--- a/config.php
+++ b/config.php
@@ -23,7 +23,8 @@
 		session_save_path($session_save_path);
 		unset($session_save_path);
     }
-
+	if (!isset($path_to_root))
+		exit;
     include_once($path_to_root . "/config_db.php");
     include_once($path_to_root . "/includes/lang/language.php");
 
-- 
2.30.2