lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: A local file inclusion vulnerability can be exploited to include arbitrary files.

Browse Source
This commit is contained in:
Laurent Destailleur 2011-04-27 17:05:05 +00:00
parent 5b4ec9e316
commit 77f44797bb
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/main.inc.php
View File

@ -673,7 +673,6 @@ if (! defined('NOLOGIN'))
else $conf->use_javascript_ajax=0;
}
if (! defined('NOREQUIRETRAN'))
{
if (! GETPOST('lang')) // If language was not forced on URL
@ -691,14 +690,14 @@ if (! defined('NOREQUIRETRAN'))
}
else // If language was forced on URL
{
$langs->setDefaultLang(GETPOST('lang'));
$langs->setDefaultLang(GETPOST('lang','alpha',1));
}
}
// Case forcing style from url
if (GETPOST('theme'))
{
$conf->theme=GETPOST('theme');
$conf->theme=GETPOST('theme','alpha',1);
$conf->css = "/theme/".$conf->theme."/style.css.php";
}