From d9f061b558fd36e31322609ee5f378922122e21e Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 10 Jan 2013 03:42:40 -0500
Subject: [PATCH] Avoid direct execution of installer includes (#1488895)

---
 installer/config.php |    7 +++++++
 installer/check.php  |    7 +++++++
 installer/test.php   |    7 +++++++
 3 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/installer/check.php b/installer/check.php
index 886200b..14fc4f0 100644
--- a/installer/check.php
+++ b/installer/check.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+    die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
 <form action="index.php" method="get">
 <?php
 
diff --git a/installer/config.php b/installer/config.php
index 6897ffb..d6846ed 100644
--- a/installer/config.php
+++ b/installer/config.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+    die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
 <form action="index.php" method="post">
 <input type="hidden" name="_step" value="2" />
 <?php
diff --git a/installer/test.php b/installer/test.php
index e266bf0..b118924 100644
--- a/installer/test.php
+++ b/installer/test.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+    die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
 <form action="index.php?_step=3" method="post">
 
 <h3>Check config files</h3>

--
Gitblit v1.9.1