diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2008-10-14 12:55:45 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2008-10-14 12:55:45 +0000 |
| commit | 7007fbda4b2d1bb623250ae3d8e3f2f2e7357101 (patch) | |
| tree | 7d9a40eeb619a666d75435d6b4a6c10fea32734c /roundcubemail/installer/index.php | |
| parent | 7910737fa73d507097920fa9ef4c8b5ea6c7939c (diff) | |
Secure new config merging feature + remove full path disclosure
git-svn-id: https://svn.roundcube.net/trunk@1979 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/installer/index.php')
| -rw-r--r-- | roundcubemail/installer/index.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/roundcubemail/installer/index.php b/roundcubemail/installer/index.php index 6ece82385..c7f69e3f5 100644 --- a/roundcubemail/installer/index.php +++ b/roundcubemail/installer/index.php @@ -45,7 +45,8 @@ if (isset($_GET['_getfile']) && in_array($_GET['_getfile'], array('main', 'db')) } } -if (isset($_GET['_mergeconfig']) && in_array($_GET['_mergeconfig'], array('main', 'db'))) { +if ($RCI->configured && ($RCI->getprop('enable_installer') || $_SESSION['allowinstaller']) && + isset($_GET['_mergeconfig']) && in_array($_GET['_mergeconfig'], array('main', 'db'))) { $filename = $_GET['_mergeconfig'] . '.inc.php'; header('Content-type: text/plain'); @@ -93,7 +94,7 @@ if ($RCI->configured && empty($_REQUEST['_step'])) { if ($RCI->configured && !$RCI->getprop('enable_installer') && !$_SESSION['allowinstaller']) { // header("HTTP/1.0 404 Not Found"); echo '<h2 class="error">The installer is disabled!</h2>'; - echo '<p>To enable it again, set <tt>$rcmail_config[\'enable_installer\'] = true;</tt> in '.RCMAIL_CONFIG_DIR.'/main.inc.php</p>'; + echo '<p>To enable it again, set <tt>$rcmail_config[\'enable_installer\'] = true;</tt> in RCMAIL_CONFIG_DIR/main.inc.php</p>'; echo '</div></body></html>'; exit; } |