These files were still vulnerable. Fixed.

author Joe Hunt <joe.hunt.consulting@gmail.com>

Mon, 1 Oct 2007 13:00:47 +0000 (13:00 +0000)

committer Joe Hunt <joe.hunt.consulting@gmail.com>

Mon, 1 Oct 2007 13:00:47 +0000 (13:00 +0000)
author Joe Hunt <joe.hunt.consulting@gmail.com>
Mon, 1 Oct 2007 13:00:47 +0000 (13:00 +0000)
committer Joe Hunt <joe.hunt.consulting@gmail.com>
Mon, 1 Oct 2007 13:00:47 +0000 (13:00 +0000)
diff --git a/access/login.php b/access/login.php

index 408af0e25d0ed1f290535103ddb87aacd7afdc48..12989497d906ceb75c656d6b87a50afecef167e6 100644 (file)
--- a/access/login.php
+++ b/access/login.php
@@ -1,4 +1,6 @@
  <?php
+       if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
+               die("Restricted access");
         include_once($path_to_root . "/includes/ui/ui_view.inc");
         // Display demo user name and password within login form if "$allow_demo_mode" is true
         $demo_text = "";
diff --git a/includes/lang/language.php b/includes/lang/language.php

index 1bde610c7a332e8f757eb6b6ede06e1b19a5344b..bd7e2082d4d2e29f68d202e6d109f5b9133f5692 100644 (file)
--- a/includes/lang/language.php
+++ b/includes/lang/language.php
@@ -1,5 +1,7 @@
  <?php
  
+if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
+       die("Restricted access");
  include_once($path_to_root . "/lang/installed_languages.inc");
  include_once($path_to_root . "/includes/lang/gettext.php");
author	Joe Hunt <joe.hunt.consulting@gmail.com>
	Mon, 1 Oct 2007 13:00:47 +0000 (13:00 +0000)
committer	Joe Hunt <joe.hunt.consulting@gmail.com>
	Mon, 1 Oct 2007 13:00:47 +0000 (13:00 +0000)
access/login.php		patch \| blob \| history
includes/lang/language.php		patch \| blob \| history