From 8ae77a8d495735897e346fb03d310f1bdde49d9e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Fri, 2 May 2008 21:22:37 +0000
Subject: [PATCH] Sec: Remove security hole

---
 .../fckeditor/editor/filemanager/connectors/php/config.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/htdocs/includes/fckeditor/editor/filemanager/connectors/php/config.php b/htdocs/includes/fckeditor/editor/filemanager/connectors/php/config.php
index 8a02755a62e..952326af0d7 100644
--- a/htdocs/includes/fckeditor/editor/filemanager/connectors/php/config.php
+++ b/htdocs/includes/fckeditor/editor/filemanager/connectors/php/config.php
@@ -24,8 +24,11 @@
 
 global $Config ;
 
-//require_once("../../../../../../master.inc.php");
-require_once("../../../../../../conf/conf.php"); // ajouté car include master.inc.php ne marche pas
+// We must include the main because this page is
+// a web page that require security controls and
+// is a security hole if anybody can access without
+// being an authenticated user.
+require_once("../../../../../../main.inc.php");	
 $uri=eregi_replace('^http(s?)://','',$dolibarr_main_url_root);
 $pos = strstr ($uri, '/');      // $pos contient alors url sans nom domaine
 if ($pos == '/') $pos = '';     // si $pos vaut /, on le met a ''