From f77944f5e2122d5b6e57d5e2718b4760519ec5d2 Mon Sep 17 00:00:00 2001 From: Janusz Dobrowolski Date: Fri, 27 Feb 2009 21:59:19 +0000 Subject: [PATCH] Security fix to my last commit. --- CHANGELOG.txt | 5 +++++ frontaccounting.php | 2 ++ includes/lang/language.php | 3 +++ 3 files changed, 10 insertions(+) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index df3c81f0..81911f1f 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -19,6 +19,11 @@ Legend: ! -> Note $ -> Affected files +27-Feb-2009 Janusz Dobrowolski +# Security fix to my last commit. +$ /frontaccounting.php + /includes/lang/language.php + 25-Feb-2009 Joe Hunt ! Improved layout $ /inventory/prices.php diff --git a/frontaccounting.php b/frontaccounting.php index df1ff02c..7e220188 100644 --- a/frontaccounting.php +++ b/frontaccounting.php @@ -9,6 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ +if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root'])) + die("Restricted access"); include_once($path_to_root . '/applications/application.php'); include_once($path_to_root . '/applications/customers.php'); include_once($path_to_root . '/applications/suppliers.php'); diff --git a/includes/lang/language.php b/includes/lang/language.php index 059901cf..0727222c 100644 --- a/includes/lang/language.php +++ b/includes/lang/language.php @@ -9,6 +9,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ +// Prevent register_globals vulnerability +if (isset($_GET['path_to_root']) || isset($_POST['path_to_root'])) + die("Restricted access"); include_once($path_to_root . "/lang/installed_languages.inc"); include_once($path_to_root . "/includes/lang/gettext.php"); -- 2.30.2