From 062c4c55dd9d0fd1a9bbf381a4577b8bee43a4a9 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Sun, 3 Aug 2008 23:03:27 +0000
Subject: [PATCH] Fix: Security hole

---
 htdocs/dossier/client/fiche.php | 12 +++++----
 htdocs/dossier/client/image.php | 48 ---------------------------------
 2 files changed, 7 insertions(+), 53 deletions(-)
 delete mode 100644 htdocs/dossier/client/image.php

diff --git a/htdocs/dossier/client/fiche.php b/htdocs/dossier/client/fiche.php
index c1ea654eac0..4f16c62f58b 100644
--- a/htdocs/dossier/client/fiche.php
+++ b/htdocs/dossier/client/fiche.php
@@ -1,6 +1,6 @@
 <?PHP
 /* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2005 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -18,10 +18,12 @@
  */
 
 /**
-        \file       htdocs/dossier/client/fiche.php
-        \brief      Page des dossiers clients
-        \version    $Id$
-*/
+ *       \file       htdocs/dossier/client/fiche.php
+ *       \brief      Page des dossiers clients
+ *       \version    $Id$
+ *		\TODO	Remove dossier directory and link to it on code where a test
+ * 				is made on MAIN_MODULE_DOSSIER.
+ */
 
 require("./pre.inc.php");
 require_once(DOL_DOCUMENT_ROOT.'/client.class.php');
diff --git a/htdocs/dossier/client/image.php b/htdocs/dossier/client/image.php
deleted file mode 100644
index a512e67b072..00000000000
--- a/htdocs/dossier/client/image.php
+++ /dev/null
@@ -1,48 +0,0 @@
-<?PHP
-/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
- *
- */
-
-
-$handle = imagick_readimage( $_GET["file"] ) ;
-
-
-if ( imagick_iserror( $handle ) )
-{
-  $reason      = imagick_failedreason( $handle ) ;
-  $description = imagick_faileddescription( $handle ) ;
-  
-  print "handle failed!<BR>\nReason: $reason<BR>\nDescription: $description<BR>\n" ;
-  exit ;
-}
-
-if ( !( $image_data = imagick_image2blob( $handle ) ) )
-{
-  $reason      = imagick_failedreason( $handle ) ;
-  $description = imagick_faileddescription( $handle ) ;
-  
-  print "imagick_image2blob() failed<BR>\nReason: $reason<BR>\nDescription: $description<BR>\n" ;
-  exit ;
-}
-
-//header( "Content-type: " . imagick_getmimetype( $handle ) ) ;
-print $image_data ;
-
-?>