From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Fri, 27 Feb 2009 21:59:19 +0000 (+0000)
Subject: Security fix to my last commit.
X-Git-Tag: v2.4.2~19^2~1500
X-Git-Url: https://delta.frontaccounting.com/gitweb/?p=fa-stable.git;a=commitdiff_plain;h=f77944f5e2122d5b6e57d5e2718b4760519ec5d2

Security fix to my last commit.
---

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index df3c81f0..81911f1f 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,11 @@ Legend:
 ! -> Note
 $ -> Affected files
 
+27-Feb-2009 Janusz Dobrowolski
+# Security fix to my last commit.
+$ /frontaccounting.php
+  /includes/lang/language.php
+
 25-Feb-2009 Joe Hunt
 ! Improved layout
 $ /inventory/prices.php
diff --git a/frontaccounting.php b/frontaccounting.php
index df1ff02c..7e220188 100644
--- a/frontaccounting.php
+++ b/frontaccounting.php
@@ -9,6 +9,8 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
+if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
+	die("Restricted access");
 	include_once($path_to_root . '/applications/application.php');
 	include_once($path_to_root . '/applications/customers.php');
 	include_once($path_to_root . '/applications/suppliers.php');
diff --git a/includes/lang/language.php b/includes/lang/language.php
index 059901cf..0727222c 100644
--- a/includes/lang/language.php
+++ b/includes/lang/language.php
@@ -9,6 +9,9 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
+// Prevent register_globals vulnerability
+if (isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
+	die("Restricted access");
 include_once($path_to_root . "/lang/installed_languages.inc");
 include_once($path_to_root . "/includes/lang/gettext.php");