diff --git a/htdocs/alumni/admin/about.php b/htdocs/alumni/admin/about.php index 134384f5a..906eb5ebb 100644 --- a/htdocs/alumni/admin/about.php +++ b/htdocs/alumni/admin/about.php @@ -26,7 +26,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/alumni/admin/setup.php b/htdocs/alumni/admin/setup.php index 7d90d9972..5e35e3958 100644 --- a/htdocs/alumni/admin/setup.php +++ b/htdocs/alumni/admin/setup.php @@ -26,7 +26,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/alumni/admin/survey_extrafields.php b/htdocs/alumni/admin/survey_extrafields.php index f392aaa0d..6b7de6493 100644 --- a/htdocs/alumni/admin/survey_extrafields.php +++ b/htdocs/alumni/admin/survey_extrafields.php @@ -30,7 +30,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/alumni/alumniindex.php b/htdocs/alumni/alumniindex.php index 1c4e88fd9..fc3b3783e 100644 --- a/htdocs/alumni/alumniindex.php +++ b/htdocs/alumni/alumniindex.php @@ -28,7 +28,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/alumni/survey_agenda.php b/htdocs/alumni/survey_agenda.php index 8c1bcf3db..12bdb1c28 100644 --- a/htdocs/alumni/survey_agenda.php +++ b/htdocs/alumni/survey_agenda.php @@ -45,7 +45,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/alumni/survey_card.php b/htdocs/alumni/survey_card.php index 3fc68762e..8e7e08502 100644 --- a/htdocs/alumni/survey_card.php +++ b/htdocs/alumni/survey_card.php @@ -49,7 +49,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/alumni/survey_document.php b/htdocs/alumni/survey_document.php index 5e77c07b6..12340f5f4 100644 --- a/htdocs/alumni/survey_document.php +++ b/htdocs/alumni/survey_document.php @@ -47,7 +47,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/alumni/survey_list.php b/htdocs/alumni/survey_list.php index 7c49866b2..a2eb91441 100644 --- a/htdocs/alumni/survey_list.php +++ b/htdocs/alumni/survey_list.php @@ -48,7 +48,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/alumni/survey_note.php b/htdocs/alumni/survey_note.php index e9bec9dcf..28850243c 100644 --- a/htdocs/alumni/survey_note.php +++ b/htdocs/alumni/survey_note.php @@ -48,7 +48,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/awstats/admin/about.php b/htdocs/awstats/admin/about.php index 77d48d35c..3dd3a00c9 100644 --- a/htdocs/awstats/admin/about.php +++ b/htdocs/awstats/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/awstats/admin/awstats.php b/htdocs/awstats/admin/awstats.php index 6ee885fca..501367b4b 100644 --- a/htdocs/awstats/admin/awstats.php +++ b/htdocs/awstats/admin/awstats.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/awstats/index.php b/htdocs/awstats/index.php index 78ee19d22..55a8413fc 100644 --- a/htdocs/awstats/index.php +++ b/htdocs/awstats/index.php @@ -21,7 +21,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/billedonorders/admin/about.php b/htdocs/billedonorders/admin/about.php index aed9e3e02..918046175 100644 --- a/htdocs/billedonorders/admin/about.php +++ b/htdocs/billedonorders/admin/about.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/billedonorders/admin/billedonorders.php b/htdocs/billedonorders/admin/billedonorders.php index eacefbde0..3ebacf82f 100755 --- a/htdocs/billedonorders/admin/billedonorders.php +++ b/htdocs/billedonorders/admin/billedonorders.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/captureserver/admin/about.php b/htdocs/captureserver/admin/about.php index 89e86559e..4277d8fcf 100644 --- a/htdocs/captureserver/admin/about.php +++ b/htdocs/captureserver/admin/about.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/captureserver/admin/setup.php b/htdocs/captureserver/admin/setup.php index 8dc7b4a27..f4797a601 100644 --- a/htdocs/captureserver/admin/setup.php +++ b/htdocs/captureserver/admin/setup.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/captureserver/captureserver_card.php b/htdocs/captureserver/captureserver_card.php index 16c57e409..55f75c669 100644 --- a/htdocs/captureserver/captureserver_card.php +++ b/htdocs/captureserver/captureserver_card.php @@ -45,7 +45,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/captureserver/captureserver_list.php b/htdocs/captureserver/captureserver_list.php index 420fb7668..9f4e4a765 100644 --- a/htdocs/captureserver/captureserver_list.php +++ b/htdocs/captureserver/captureserver_list.php @@ -44,7 +44,7 @@ $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/captureserver/index.php b/htdocs/captureserver/index.php index e64b681bd..e0bddaf56 100644 --- a/htdocs/captureserver/index.php +++ b/htdocs/captureserver/index.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/captureserver/public/index.php b/htdocs/captureserver/public/index.php index 16b33d2b4..4bbd43d35 100644 --- a/htdocs/captureserver/public/index.php +++ b/htdocs/captureserver/public/index.php @@ -43,7 +43,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/concatpdf/admin/about.php b/htdocs/concatpdf/admin/about.php index cc5a4e726..2ec5bf1a0 100644 --- a/htdocs/concatpdf/admin/about.php +++ b/htdocs/concatpdf/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/concatpdf/admin/concatpdf.php b/htdocs/concatpdf/admin/concatpdf.php index d5b365542..0c306e363 100755 --- a/htdocs/concatpdf/admin/concatpdf.php +++ b/htdocs/concatpdf/admin/concatpdf.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/discussion/admin/about.php b/htdocs/discussion/admin/about.php index d06ccaf1e..8727ecece 100644 --- a/htdocs/discussion/admin/about.php +++ b/htdocs/discussion/admin/about.php @@ -26,7 +26,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/admin/channel_extrafields.php b/htdocs/discussion/admin/channel_extrafields.php index 657224655..1694f9cfb 100644 --- a/htdocs/discussion/admin/channel_extrafields.php +++ b/htdocs/discussion/admin/channel_extrafields.php @@ -30,7 +30,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/admin/message_extrafields.php b/htdocs/discussion/admin/message_extrafields.php index 744ddb4ae..f96fdf65b 100644 --- a/htdocs/discussion/admin/message_extrafields.php +++ b/htdocs/discussion/admin/message_extrafields.php @@ -30,7 +30,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/admin/setup.php b/htdocs/discussion/admin/setup.php index 9c3baa246..d6041085e 100644 --- a/htdocs/discussion/admin/setup.php +++ b/htdocs/discussion/admin/setup.php @@ -26,7 +26,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/ajax/channel_messagemanager.php b/htdocs/discussion/ajax/channel_messagemanager.php index 87cbe064d..bcb9fac3d 100644 --- a/htdocs/discussion/ajax/channel_messagemanager.php +++ b/htdocs/discussion/ajax/channel_messagemanager.php @@ -44,7 +44,7 @@ // Try main.inc.php using relative path $res = 0; if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME diff --git a/htdocs/discussion/ajax/channelevent_source.php b/htdocs/discussion/ajax/channelevent_source.php index 99c1b3ca0..29ec54fda 100644 --- a/htdocs/discussion/ajax/channelevent_source.php +++ b/htdocs/discussion/ajax/channelevent_source.php @@ -49,7 +49,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/discussion/channel_agenda.php b/htdocs/discussion/channel_agenda.php index 5ce8b35a7..4bf686410 100644 --- a/htdocs/discussion/channel_agenda.php +++ b/htdocs/discussion/channel_agenda.php @@ -45,7 +45,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/channel_card.php b/htdocs/discussion/channel_card.php index d251b9d76..0aceae608 100644 --- a/htdocs/discussion/channel_card.php +++ b/htdocs/discussion/channel_card.php @@ -49,7 +49,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/channel_contact.php b/htdocs/discussion/channel_contact.php index 3b49d1c9a..b0fa8f8c2 100644 --- a/htdocs/discussion/channel_contact.php +++ b/htdocs/discussion/channel_contact.php @@ -26,7 +26,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/channel_document.php b/htdocs/discussion/channel_document.php index 8c59d171a..7f8804f69 100644 --- a/htdocs/discussion/channel_document.php +++ b/htdocs/discussion/channel_document.php @@ -47,7 +47,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/channel_list.php b/htdocs/discussion/channel_list.php index d19c00e7f..0f05cbc70 100644 --- a/htdocs/discussion/channel_list.php +++ b/htdocs/discussion/channel_list.php @@ -49,7 +49,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/channel_messages.php b/htdocs/discussion/channel_messages.php index 57f011a83..73094f015 100644 --- a/htdocs/discussion/channel_messages.php +++ b/htdocs/discussion/channel_messages.php @@ -47,7 +47,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/channel_note.php b/htdocs/discussion/channel_note.php index fdf3e5553..f72a694b2 100644 --- a/htdocs/discussion/channel_note.php +++ b/htdocs/discussion/channel_note.php @@ -48,7 +48,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/discussionindex.php b/htdocs/discussion/discussionindex.php index 69b05b0b4..40ccf9c53 100644 --- a/htdocs/discussion/discussionindex.php +++ b/htdocs/discussion/discussionindex.php @@ -28,7 +28,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/message_card.php b/htdocs/discussion/message_card.php index 14f622f6f..3c0c7059b 100644 --- a/htdocs/discussion/message_card.php +++ b/htdocs/discussion/message_card.php @@ -49,7 +49,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/message_document.php b/htdocs/discussion/message_document.php index 83c16a779..3cc3f7708 100644 --- a/htdocs/discussion/message_document.php +++ b/htdocs/discussion/message_document.php @@ -47,7 +47,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/discussion/message_list.php b/htdocs/discussion/message_list.php index 242bf05d4..76bfdd93d 100644 --- a/htdocs/discussion/message_list.php +++ b/htdocs/discussion/message_list.php @@ -50,7 +50,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/dolicloud/scripts/statsemailings.php b/htdocs/dolicloud/scripts/statsemailings.php index 69b2db5a6..e7cf525b8 100644 --- a/htdocs/dolicloud/scripts/statsemailings.php +++ b/htdocs/dolicloud/scripts/statsemailings.php @@ -12,7 +12,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ecotaxdeee/admin/about.php b/htdocs/ecotaxdeee/admin/about.php index 440065aed..edccad1a2 100644 --- a/htdocs/ecotaxdeee/admin/about.php +++ b/htdocs/ecotaxdeee/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ecotaxdeee/admin/index.php b/htdocs/ecotaxdeee/admin/index.php index f86632699..972dd53fb 100644 --- a/htdocs/ecotaxdeee/admin/index.php +++ b/htdocs/ecotaxdeee/admin/index.php @@ -11,7 +11,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ecotaxdeee/admin/setup.php b/htdocs/ecotaxdeee/admin/setup.php index f974d03ad..782cb35e6 100644 --- a/htdocs/ecotaxdeee/admin/setup.php +++ b/htdocs/ecotaxdeee/admin/setup.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/externalbackup/admin/about.php b/htdocs/externalbackup/admin/about.php index e39f39197..8b8468f6e 100644 --- a/htdocs/externalbackup/admin/about.php +++ b/htdocs/externalbackup/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/externalbackup/admin/externalbackup.php b/htdocs/externalbackup/admin/externalbackup.php index 770f93eec..36c552beb 100755 --- a/htdocs/externalbackup/admin/externalbackup.php +++ b/htdocs/externalbackup/admin/externalbackup.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/facturxutil/admin/about.php b/htdocs/facturxutil/admin/about.php index 9f5c2040f..06c431511 100644 --- a/htdocs/facturxutil/admin/about.php +++ b/htdocs/facturxutil/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/facturxutil/admin/setup.php b/htdocs/facturxutil/admin/setup.php index 5368bb756..64957c45a 100644 --- a/htdocs/facturxutil/admin/setup.php +++ b/htdocs/facturxutil/admin/setup.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/facturxutil/facturxutilindex.php b/htdocs/facturxutil/facturxutilindex.php index 4cb67a081..db04b2c68 100644 --- a/htdocs/facturxutil/facturxutilindex.php +++ b/htdocs/facturxutil/facturxutilindex.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/facturxutil/index.php b/htdocs/facturxutil/index.php index 229c23b62..098440442 100644 --- a/htdocs/facturxutil/index.php +++ b/htdocs/facturxutil/index.php @@ -2,7 +2,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/filemanager/admin/about.php b/htdocs/filemanager/admin/about.php index 623ec5452..fc5b27e04 100644 --- a/htdocs/filemanager/admin/about.php +++ b/htdocs/filemanager/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/filemanager/admin/filemanager.php b/htdocs/filemanager/admin/filemanager.php index e6d03bcac..ba3e4f610 100644 --- a/htdocs/filemanager/admin/filemanager.php +++ b/htdocs/filemanager/admin/filemanager.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/filemanager/ajaxFileTree.php b/htdocs/filemanager/ajaxFileTree.php index 3884b7b37..017be0426 100644 --- a/htdocs/filemanager/ajaxFileTree.php +++ b/htdocs/filemanager/ajaxFileTree.php @@ -40,7 +40,7 @@ function llxHeader() // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/filemanager/ajaxfileactions.php b/htdocs/filemanager/ajaxfileactions.php index d84464992..8eddba0e1 100644 --- a/htdocs/filemanager/ajaxfileactions.php +++ b/htdocs/filemanager/ajaxfileactions.php @@ -38,7 +38,7 @@ function llxHeader() // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/filemanager/ajaxfileuploader.php b/htdocs/filemanager/ajaxfileuploader.php index 9b62faa7a..92f25d4d8 100644 --- a/htdocs/filemanager/ajaxfileuploader.php +++ b/htdocs/filemanager/ajaxfileuploader.php @@ -36,7 +36,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/filemanager/ajaxshowpreview.php b/htdocs/filemanager/ajaxshowpreview.php index db028e781..eaf35fe6d 100644 --- a/htdocs/filemanager/ajaxshowpreview.php +++ b/htdocs/filemanager/ajaxshowpreview.php @@ -39,7 +39,7 @@ function llxHeader() // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/filemanager/css/filemanager.css.php b/htdocs/filemanager/css/filemanager.css.php index f55351574..8f063cd79 100644 --- a/htdocs/filemanager/css/filemanager.css.php +++ b/htdocs/filemanager/css/filemanager.css.php @@ -15,7 +15,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/filemanager/document.php b/htdocs/filemanager/document.php index a6849c77b..93b7807cc 100755 --- a/htdocs/filemanager/document.php +++ b/htdocs/filemanager/document.php @@ -45,7 +45,7 @@ function llxHeader() // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/filemanager/index.php b/htdocs/filemanager/index.php index 7c315a26a..e26f3c1be 100644 --- a/htdocs/filemanager/index.php +++ b/htdocs/filemanager/index.php @@ -96,7 +96,7 @@ function llxHeader($head = '', $title = '', $help_url = '', $target = '', $disab // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/filemanager/viewimage.php b/htdocs/filemanager/viewimage.php index d1034ff74..bc764d6b5 100644 --- a/htdocs/filemanager/viewimage.php +++ b/htdocs/filemanager/viewimage.php @@ -48,7 +48,7 @@ function llxHeader() // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/admin/about.php b/htdocs/google/admin/about.php index 2521e0ff3..f64cc205b 100644 --- a/htdocs/google/admin/about.php +++ b/htdocs/google/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/admin/google.php b/htdocs/google/admin/google.php index 7095b4cad..abfe93a9e 100644 --- a/htdocs/google/admin/google.php +++ b/htdocs/google/admin/google.php @@ -11,7 +11,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/admin/google_ad.php b/htdocs/google/admin/google_ad.php index 10cae2577..7116b5d1f 100755 --- a/htdocs/google/admin/google_ad.php +++ b/htdocs/google/admin/google_ad.php @@ -11,7 +11,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/admin/google_an.php b/htdocs/google/admin/google_an.php index 90ea44639..d46bbcb3f 100755 --- a/htdocs/google/admin/google_an.php +++ b/htdocs/google/admin/google_an.php @@ -11,7 +11,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/admin/google_calsync.php b/htdocs/google/admin/google_calsync.php index fceb10a69..efeea4848 100755 --- a/htdocs/google/admin/google_calsync.php +++ b/htdocs/google/admin/google_calsync.php @@ -28,7 +28,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/admin/google_calsync_user.php b/htdocs/google/admin/google_calsync_user.php index 35df7bd66..717bc5c0a 100644 --- a/htdocs/google/admin/google_calsync_user.php +++ b/htdocs/google/admin/google_calsync_user.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/admin/google_contactsync.php b/htdocs/google/admin/google_contactsync.php index c486c3dd9..6a740d730 100755 --- a/htdocs/google/admin/google_contactsync.php +++ b/htdocs/google/admin/google_contactsync.php @@ -28,7 +28,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/admin/google_gmaps.php b/htdocs/google/admin/google_gmaps.php index b1d3f404e..9e825a4a6 100755 --- a/htdocs/google/admin/google_gmaps.php +++ b/htdocs/google/admin/google_gmaps.php @@ -11,7 +11,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/admin/google_other.php b/htdocs/google/admin/google_other.php index e5aacf443..940e14c4d 100644 --- a/htdocs/google/admin/google_other.php +++ b/htdocs/google/admin/google_other.php @@ -11,7 +11,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/admin/test.php b/htdocs/google/admin/test.php index d3688d326..7b9781425 100644 --- a/htdocs/google/admin/test.php +++ b/htdocs/google/admin/test.php @@ -3,7 +3,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/gmaps.php b/htdocs/google/gmaps.php index b062e6936..cb7fc90e4 100755 --- a/htdocs/google/gmaps.php +++ b/htdocs/google/gmaps.php @@ -15,7 +15,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/gmaps_all.php b/htdocs/google/gmaps_all.php index 78489c4eb..8ec7f3f0b 100644 --- a/htdocs/google/gmaps_all.php +++ b/htdocs/google/gmaps_all.php @@ -14,7 +14,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/index.php b/htdocs/google/index.php index e602b0ce5..9e58563fa 100644 --- a/htdocs/google/index.php +++ b/htdocs/google/index.php @@ -16,7 +16,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/google/oauth2callback.php b/htdocs/google/oauth2callback.php index 416e19aaa..e701e373b 100644 --- a/htdocs/google/oauth2callback.php +++ b/htdocs/google/oauth2callback.php @@ -6,7 +6,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ipphone/admin/setup.php b/htdocs/ipphone/admin/setup.php index d286557f9..2caafa2da 100644 --- a/htdocs/ipphone/admin/setup.php +++ b/htdocs/ipphone/admin/setup.php @@ -30,7 +30,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ipphone/public/service.php b/htdocs/ipphone/public/service.php index a8cbffee6..c5c64e42b 100644 --- a/htdocs/ipphone/public/service.php +++ b/htdocs/ipphone/public/service.php @@ -58,7 +58,7 @@ function llxFooterVierge() // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/mantis/admin/mantis.php b/htdocs/mantis/admin/mantis.php index ac434204e..0eb0c5cee 100755 --- a/htdocs/mantis/admin/mantis.php +++ b/htdocs/mantis/admin/mantis.php @@ -29,7 +29,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/mantis/mantis.php b/htdocs/mantis/mantis.php index 8f7428368..079bb015b 100755 --- a/htdocs/mantis/mantis.php +++ b/htdocs/mantis/mantis.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/mantis/mantistop.php b/htdocs/mantis/mantistop.php index 551e067b0..6b26e1710 100755 --- a/htdocs/mantis/mantistop.php +++ b/htdocs/mantis/mantistop.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/memcached/admin/about.php b/htdocs/memcached/admin/about.php index 4399f81c8..4086cc62d 100644 --- a/htdocs/memcached/admin/about.php +++ b/htdocs/memcached/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/memcached/admin/memcached.php b/htdocs/memcached/admin/memcached.php index 3ed082d76..c3f4b6b24 100755 --- a/htdocs/memcached/admin/memcached.php +++ b/htdocs/memcached/admin/memcached.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/memcached/admin/memcached_stats.php b/htdocs/memcached/admin/memcached_stats.php index d1e69f32e..f630044ab 100644 --- a/htdocs/memcached/admin/memcached_stats.php +++ b/htdocs/memcached/admin/memcached_stats.php @@ -23,7 +23,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/monitoring/admin/about.php b/htdocs/monitoring/admin/about.php index 7a5d687eb..5369812ae 100644 --- a/htdocs/monitoring/admin/about.php +++ b/htdocs/monitoring/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/monitoring/admin/monitoring.php b/htdocs/monitoring/admin/monitoring.php index 5caaa6ced..7448f1033 100755 --- a/htdocs/monitoring/admin/monitoring.php +++ b/htdocs/monitoring/admin/monitoring.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/monitoring/index.php b/htdocs/monitoring/index.php index 30db53f25..de9ca35ea 100755 --- a/htdocs/monitoring/index.php +++ b/htdocs/monitoring/index.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/monitoring/probes.php b/htdocs/monitoring/probes.php index 71ed22819..8ba509836 100755 --- a/htdocs/monitoring/probes.php +++ b/htdocs/monitoring/probes.php @@ -29,7 +29,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/moretemplates/admin/moretemplates.php b/htdocs/moretemplates/admin/moretemplates.php index 00c84f0bd..495d6f163 100644 --- a/htdocs/moretemplates/admin/moretemplates.php +++ b/htdocs/moretemplates/admin/moretemplates.php @@ -11,7 +11,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/mywidgets/admin/about.php b/htdocs/mywidgets/admin/about.php index 07504e473..743c8aefb 100644 --- a/htdocs/mywidgets/admin/about.php +++ b/htdocs/mywidgets/admin/about.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/mywidgets/admin/mywidgets.php b/htdocs/mywidgets/admin/mywidgets.php index dbdd4f6bc..d93d33484 100755 --- a/htdocs/mywidgets/admin/mywidgets.php +++ b/htdocs/mywidgets/admin/mywidgets.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/netatmo/admin/about.php b/htdocs/netatmo/admin/about.php index 9b9826b68..995b8fb10 100644 --- a/htdocs/netatmo/admin/about.php +++ b/htdocs/netatmo/admin/about.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/netatmo/admin/setup.php b/htdocs/netatmo/admin/setup.php index 1d69b08b0..f31467d1c 100644 --- a/htdocs/netatmo/admin/setup.php +++ b/htdocs/netatmo/admin/setup.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/netatmo/css/netatmo.css.php b/htdocs/netatmo/css/netatmo.css.php index 5af85d3df..3c494304c 100644 --- a/htdocs/netatmo/css/netatmo.css.php +++ b/htdocs/netatmo/css/netatmo.css.php @@ -35,7 +35,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/netatmo/js/netatmo.js.php b/htdocs/netatmo/js/netatmo.js.php index 731f9efed..55d8d1d9c 100644 --- a/htdocs/netatmo/js/netatmo.js.php +++ b/htdocs/netatmo/js/netatmo.js.php @@ -38,7 +38,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/netatmo/netatmoindex.php b/htdocs/netatmo/netatmoindex.php index 97d0e1aae..253e056ff 100644 --- a/htdocs/netatmo/netatmoindex.php +++ b/htdocs/netatmo/netatmoindex.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/netatmo/public/netatmo.php b/htdocs/netatmo/public/netatmo.php index 649fce6fa..bce5ec748 100644 --- a/htdocs/netatmo/public/netatmo.php +++ b/htdocs/netatmo/public/netatmo.php @@ -38,7 +38,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/numberwords/admin/about.php b/htdocs/numberwords/admin/about.php index a69d997c5..429b23637 100644 --- a/htdocs/numberwords/admin/about.php +++ b/htdocs/numberwords/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/numberwords/admin/numberwords.php b/htdocs/numberwords/admin/numberwords.php index 9b68948a6..3f8ad7607 100644 --- a/htdocs/numberwords/admin/numberwords.php +++ b/htdocs/numberwords/admin/numberwords.php @@ -28,7 +28,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/openstreetmap/admin/about.php b/htdocs/openstreetmap/admin/about.php index 481c83d43..a2a854b98 100644 --- a/htdocs/openstreetmap/admin/about.php +++ b/htdocs/openstreetmap/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/openstreetmap/admin/openstreetmap_maps.php b/htdocs/openstreetmap/admin/openstreetmap_maps.php index 80cebaea3..bc3ad6fe6 100755 --- a/htdocs/openstreetmap/admin/openstreetmap_maps.php +++ b/htdocs/openstreetmap/admin/openstreetmap_maps.php @@ -11,7 +11,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/openstreetmap/maps.php b/htdocs/openstreetmap/maps.php index 4bb07756d..313549379 100755 --- a/htdocs/openstreetmap/maps.php +++ b/htdocs/openstreetmap/maps.php @@ -15,7 +15,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/admin/about.php b/htdocs/ovh/admin/about.php index 329426d92..2452ad3d4 100644 --- a/htdocs/ovh/admin/about.php +++ b/htdocs/ovh/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/admin/ovh_click2dial.php b/htdocs/ovh/admin/ovh_click2dial.php index 4ce2222cd..7c4979667 100755 --- a/htdocs/ovh/admin/ovh_click2dial.php +++ b/htdocs/ovh/admin/ovh_click2dial.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/admin/ovh_importinvoice.php b/htdocs/ovh/admin/ovh_importinvoice.php index dd261c2c3..f7d47d1c9 100755 --- a/htdocs/ovh/admin/ovh_importinvoice.php +++ b/htdocs/ovh/admin/ovh_importinvoice.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/admin/ovh_other.php b/htdocs/ovh/admin/ovh_other.php index c36ca2e7a..9045b9a8d 100644 --- a/htdocs/ovh/admin/ovh_other.php +++ b/htdocs/ovh/admin/ovh_other.php @@ -11,7 +11,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/admin/ovh_setup.php b/htdocs/ovh/admin/ovh_setup.php index cf74158bc..980f053c5 100755 --- a/htdocs/ovh/admin/ovh_setup.php +++ b/htdocs/ovh/admin/ovh_setup.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/admin/ovh_sms_setup.php b/htdocs/ovh/admin/ovh_sms_setup.php index 536abd23f..9bac04d8b 100755 --- a/htdocs/ovh/admin/ovh_sms_setup.php +++ b/htdocs/ovh/admin/ovh_sms_setup.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/admin/ovh_smsrecap.php b/htdocs/ovh/admin/ovh_smsrecap.php index 5fa18e9cc..8fb3a4202 100755 --- a/htdocs/ovh/admin/ovh_smsrecap.php +++ b/htdocs/ovh/admin/ovh_smsrecap.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/importovhinvoice.php b/htdocs/ovh/importovhinvoice.php index c71b3a620..d3b60ceda 100755 --- a/htdocs/ovh/importovhinvoice.php +++ b/htdocs/ovh/importovhinvoice.php @@ -28,7 +28,7 @@ // Load Dolibarr environment $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"] . "/main.inc.php"; +if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"]) . "/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); diff --git a/htdocs/ovh/ovh_listinfoserver.php b/htdocs/ovh/ovh_listinfoserver.php index 3ddd073d3..ee2181763 100644 --- a/htdocs/ovh/ovh_listinfoserver.php +++ b/htdocs/ovh/ovh_listinfoserver.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/sms_member.php b/htdocs/ovh/sms_member.php index 902b959b9..de56bb775 100755 --- a/htdocs/ovh/sms_member.php +++ b/htdocs/ovh/sms_member.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/sms_thirdparty.php b/htdocs/ovh/sms_thirdparty.php index a97f60569..e6c386cb3 100755 --- a/htdocs/ovh/sms_thirdparty.php +++ b/htdocs/ovh/sms_thirdparty.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/ovh/wrapper.php b/htdocs/ovh/wrapper.php index 1ccc03585..4a76e2f0d 100644 --- a/htdocs/ovh/wrapper.php +++ b/htdocs/ovh/wrapper.php @@ -61,7 +61,7 @@ function llxFooter() // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/payplugdolicloud/admin/about.php b/htdocs/payplugdolicloud/admin/about.php index 971f1bce7..a0f5d3446 100644 --- a/htdocs/payplugdolicloud/admin/about.php +++ b/htdocs/payplugdolicloud/admin/about.php @@ -27,7 +27,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/payplugdolicloud/admin/setup.php b/htdocs/payplugdolicloud/admin/setup.php index 4945bbd6c..adaade4fa 100644 --- a/htdocs/payplugdolicloud/admin/setup.php +++ b/htdocs/payplugdolicloud/admin/setup.php @@ -25,7 +25,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/payplugdolicloud/payplugdolicloudindex.php b/htdocs/payplugdolicloud/payplugdolicloudindex.php index e78ce157f..285bdffa5 100644 --- a/htdocs/payplugdolicloud/payplugdolicloudindex.php +++ b/htdocs/payplugdolicloud/payplugdolicloudindex.php @@ -30,7 +30,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; diff --git a/htdocs/phpsysinfo/admin/about.php b/htdocs/phpsysinfo/admin/about.php index 7cd596f6a..0be359145 100644 --- a/htdocs/phpsysinfo/admin/about.php +++ b/htdocs/phpsysinfo/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/phpsysinfo/admin/phpsysinfo.php b/htdocs/phpsysinfo/admin/phpsysinfo.php index b56845f37..2cbbf7b57 100755 --- a/htdocs/phpsysinfo/admin/phpsysinfo.php +++ b/htdocs/phpsysinfo/admin/phpsysinfo.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/phpsysinfo/frames.php b/htdocs/phpsysinfo/frames.php index 78fad9478..8ad7e1aff 100644 --- a/htdocs/phpsysinfo/frames.php +++ b/htdocs/phpsysinfo/frames.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/phpsysinfo/frametop.php b/htdocs/phpsysinfo/frametop.php index a69941f42..485386c26 100644 --- a/htdocs/phpsysinfo/frametop.php +++ b/htdocs/phpsysinfo/frametop.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/phpsysinfo/index.php b/htdocs/phpsysinfo/index.php index 8dfaeca39..8419301a0 100644 --- a/htdocs/phpsysinfo/index.php +++ b/htdocs/phpsysinfo/index.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/prestashopget/admin/about.php b/htdocs/prestashopget/admin/about.php index 5120bd314..e83f87ed3 100644 --- a/htdocs/prestashopget/admin/about.php +++ b/htdocs/prestashopget/admin/about.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/prestashopget/admin/setup.php b/htdocs/prestashopget/admin/setup.php index f519ec77c..4a376bf3f 100644 --- a/htdocs/prestashopget/admin/setup.php +++ b/htdocs/prestashopget/admin/setup.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/prestashopget/index.php b/htdocs/prestashopget/index.php index 813747447..0da6ca795 100644 --- a/htdocs/prestashopget/index.php +++ b/htdocs/prestashopget/index.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/revertinvoice/admin/about.php b/htdocs/revertinvoice/admin/about.php index 04ed398b7..07d635ccc 100644 --- a/htdocs/revertinvoice/admin/about.php +++ b/htdocs/revertinvoice/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/revertinvoice/admin/setup.php b/htdocs/revertinvoice/admin/setup.php index 69329b5e2..07f28d88f 100644 --- a/htdocs/revertinvoice/admin/setup.php +++ b/htdocs/revertinvoice/admin/setup.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/revertinvoice/css/revertinvoice.css.php b/htdocs/revertinvoice/css/revertinvoice.css.php index 62452c613..0c8ab1ef2 100644 --- a/htdocs/revertinvoice/css/revertinvoice.css.php +++ b/htdocs/revertinvoice/css/revertinvoice.css.php @@ -35,7 +35,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/revertinvoice/js/revertinvoice.js.php b/htdocs/revertinvoice/js/revertinvoice.js.php index 6e9e79817..69badccb5 100644 --- a/htdocs/revertinvoice/js/revertinvoice.js.php +++ b/htdocs/revertinvoice/js/revertinvoice.js.php @@ -38,7 +38,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/scanner/admin/scannersetuppage.php b/htdocs/scanner/admin/scannersetuppage.php index 63c2da84a..e330bad32 100755 --- a/htdocs/scanner/admin/scannersetuppage.php +++ b/htdocs/scanner/admin/scannersetuppage.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/scanner/index.php b/htdocs/scanner/index.php index fce978baa..8907c92f3 100755 --- a/htdocs/scanner/index.php +++ b/htdocs/scanner/index.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/selectbank/admin/about.php b/htdocs/selectbank/admin/about.php index 53501244f..df90bc88c 100644 --- a/htdocs/selectbank/admin/about.php +++ b/htdocs/selectbank/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/selectbank/admin/selectbank.php b/htdocs/selectbank/admin/selectbank.php index fa1da9187..b5e487ba6 100755 --- a/htdocs/selectbank/admin/selectbank.php +++ b/htdocs/selectbank/admin/selectbank.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/sendgrid/admin/about.php b/htdocs/sendgrid/admin/about.php index c04910da5..bec6e3ed5 100644 --- a/htdocs/sendgrid/admin/about.php +++ b/htdocs/sendgrid/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/sendgrid/admin/importinvoice.php b/htdocs/sendgrid/admin/importinvoice.php index 3538713b6..4437d1c05 100755 --- a/htdocs/sendgrid/admin/importinvoice.php +++ b/htdocs/sendgrid/admin/importinvoice.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/sendgrid/admin/setup.php b/htdocs/sendgrid/admin/setup.php index 3094423be..88e28ba65 100755 --- a/htdocs/sendgrid/admin/setup.php +++ b/htdocs/sendgrid/admin/setup.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/sendgrid/css/sendgrid.css.php b/htdocs/sendgrid/css/sendgrid.css.php index f32569fb5..f38a8e6fb 100644 --- a/htdocs/sendgrid/css/sendgrid.css.php +++ b/htdocs/sendgrid/css/sendgrid.css.php @@ -15,7 +15,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/sendgrid/importinvoice.php b/htdocs/sendgrid/importinvoice.php index 3f6bd5b33..b2ddb0001 100755 --- a/htdocs/sendgrid/importinvoice.php +++ b/htdocs/sendgrid/importinvoice.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/skincoloreditor/admin/about.php b/htdocs/skincoloreditor/admin/about.php index 869f523e6..a055f4cb4 100644 --- a/htdocs/skincoloreditor/admin/about.php +++ b/htdocs/skincoloreditor/admin/about.php @@ -27,7 +27,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/skincoloreditor/admin/advancededitor.php b/htdocs/skincoloreditor/admin/advancededitor.php index d557b6052..e0e385bf2 100755 --- a/htdocs/skincoloreditor/admin/advancededitor.php +++ b/htdocs/skincoloreditor/admin/advancededitor.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/skincoloreditor/admin/quickeditor.php b/htdocs/skincoloreditor/admin/quickeditor.php index 368a56687..81740f526 100755 --- a/htdocs/skincoloreditor/admin/quickeditor.php +++ b/htdocs/skincoloreditor/admin/quickeditor.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/skincoloreditor/usercolors.php b/htdocs/skincoloreditor/usercolors.php index a2c4005d9..b46d39df5 100755 --- a/htdocs/skincoloreditor/usercolors.php +++ b/htdocs/skincoloreditor/usercolors.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/stancerdolicloud/admin/about.php b/htdocs/stancerdolicloud/admin/about.php index 957218159..7210651bc 100644 --- a/htdocs/stancerdolicloud/admin/about.php +++ b/htdocs/stancerdolicloud/admin/about.php @@ -26,7 +26,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/stancerdolicloud/admin/setup.php b/htdocs/stancerdolicloud/admin/setup.php index 0541fe075..4284c3862 100644 --- a/htdocs/stancerdolicloud/admin/setup.php +++ b/htdocs/stancerdolicloud/admin/setup.php @@ -25,7 +25,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/stancerdolicloud/stancerdolicloudindex.php b/htdocs/stancerdolicloud/stancerdolicloudindex.php index cecc88420..2adb8009d 100644 --- a/htdocs/stancerdolicloud/stancerdolicloudindex.php +++ b/htdocs/stancerdolicloud/stancerdolicloudindex.php @@ -28,7 +28,7 @@ $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; + $res = @include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; } // Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME $tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; diff --git a/htdocs/statistic/index.php b/htdocs/statistic/index.php index 84f5ba0b2..b8d490f26 100644 --- a/htdocs/statistic/index.php +++ b/htdocs/statistic/index.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/statistic/stock.php b/htdocs/statistic/stock.php index 7a7d44241..4a685f7ae 100644 --- a/htdocs/statistic/stock.php +++ b/htdocs/statistic/stock.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/submiteverywhere/admin/submiteverywheresetuppage.php b/htdocs/submiteverywhere/admin/submiteverywheresetuppage.php index b59b3be83..df595d6ad 100644 --- a/htdocs/submiteverywhere/admin/submiteverywheresetuppage.php +++ b/htdocs/submiteverywhere/admin/submiteverywheresetuppage.php @@ -29,7 +29,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/submiteverywhere/card.php b/htdocs/submiteverywhere/card.php index ba9d3a2ec..aa63f68d1 100755 --- a/htdocs/submiteverywhere/card.php +++ b/htdocs/submiteverywhere/card.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/submiteverywhere/index.php b/htdocs/submiteverywhere/index.php index 420156429..f091b9a0b 100755 --- a/htdocs/submiteverywhere/index.php +++ b/htdocs/submiteverywhere/index.php @@ -28,7 +28,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/submiteverywhere/list.php b/htdocs/submiteverywhere/list.php index 2ec4859ae..f23b9a001 100755 --- a/htdocs/submiteverywhere/list.php +++ b/htdocs/submiteverywhere/list.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/tawkto/admin/about.php b/htdocs/tawkto/admin/about.php index cc24159ce..039267f83 100644 --- a/htdocs/tawkto/admin/about.php +++ b/htdocs/tawkto/admin/about.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/tawkto/admin/setup.php b/htdocs/tawkto/admin/setup.php index f06196e5a..21f2d8f87 100755 --- a/htdocs/tawkto/admin/setup.php +++ b/htdocs/tawkto/admin/setup.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/tvacerfa/admin/tvacerfa.php b/htdocs/tvacerfa/admin/tvacerfa.php index 507fddd4c..3110cabec 100755 --- a/htdocs/tvacerfa/admin/tvacerfa.php +++ b/htdocs/tvacerfa/admin/tvacerfa.php @@ -24,7 +24,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/tvacerfa/quadri_detail.php b/htdocs/tvacerfa/quadri_detail.php index a4cb7711b..b99641b5e 100644 --- a/htdocs/tvacerfa/quadri_detail.php +++ b/htdocs/tvacerfa/quadri_detail.php @@ -28,7 +28,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/zipautofillfr/admin/about.php b/htdocs/zipautofillfr/admin/about.php index 06267290e..ef2b377a5 100644 --- a/htdocs/zipautofillfr/admin/about.php +++ b/htdocs/zipautofillfr/admin/about.php @@ -26,7 +26,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; } diff --git a/htdocs/zipautofillfr/admin/zipautofillfr.php b/htdocs/zipautofillfr/admin/zipautofillfr.php index 68112a628..d0b2573e7 100755 --- a/htdocs/zipautofillfr/admin/zipautofillfr.php +++ b/htdocs/zipautofillfr/admin/zipautofillfr.php @@ -25,7 +25,7 @@ // Load Dolibarr environment $res=0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; +if (! $res && ! empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res=@include str_replace("..", "", $_SERVER["CONTEXT_DOCUMENT_ROOT"])."/main.inc.php"; // Try main.inc.php into web root detected using web root caluclated from SCRIPT_FILENAME $tmp=empty($_SERVER['SCRIPT_FILENAME'])?'':$_SERVER['SCRIPT_FILENAME'];$tmp2=realpath(__FILE__); $i=strlen($tmp)-1; $j=strlen($tmp2)-1; while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i]==$tmp2[$j]) { $i--; $j--; }