From 5845b2502787f6672e317bd271018e8cd778ec02 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 10 Jan 2013 03:43:22 -0500
Subject: [PATCH] Avoid direct execution of installer includes (#1488895)

---
 installer/config.php |    7 +++++++
 installer/check.php  |    7 +++++++
 installer/test.php   |    7 +++++++
 3 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/installer/check.php b/installer/check.php
index 5cb3022..514ec42 100644
--- a/installer/check.php
+++ b/installer/check.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+    die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
 <form action="index.php" method="get">
 <?php
 
diff --git a/installer/config.php b/installer/config.php
index bd676b1..41aa36e 100644
--- a/installer/config.php
+++ b/installer/config.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+    die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
 <form action="index.php" method="post">
 <input type="hidden" name="_step" value="2" />
 <?php
diff --git a/installer/test.php b/installer/test.php
index 2dd3305..b8b60cf 100644
--- a/installer/test.php
+++ b/installer/test.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+    die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
 <form action="index.php?_step=3" method="post">
 
 <h3>Check config files</h3>

--
Gitblit v1.9.1