diff options
| -rwxr-xr-x | LedgerSMB.pm | 10 | ||||
| -rwxr-xr-x | bin/admin.pl | 2 | ||||
| -rwxr-xr-x | bin/am.pl | 2 | ||||
| -rwxr-xr-x | bin/login.pl | 4 | ||||
| -rwxr-xr-x | bin/menu.pl | 2 | ||||
| -rw-r--r-- | images/ledgersmb.eps (renamed from images/ledger-smb.eps) | 0 | ||||
| -rw-r--r-- | images/ledgersmb.gif (renamed from images/ledger-smb.gif) | bin | 980 -> 980 bytes | |||
| -rw-r--r-- | images/ledgersmb.png (renamed from images/ledger-smb.png) | bin | 60297 -> 60297 bytes | |||
| -rw-r--r-- | images/ledgersmb_small.png (renamed from images/ledger-smb_small.png) | bin | 6507 -> 6507 bytes | |||
| -rwxr-xr-x | locale/html/splash.html | 2 |
10 files changed, 16 insertions, 6 deletions
diff --git a/LedgerSMB.pm b/LedgerSMB.pm index 3a06bacf..37fbe009 100755 --- a/LedgerSMB.pm +++ b/LedgerSMB.pm @@ -131,6 +131,16 @@ sub new { $self->{lynx} = 1; } + $self->{path} =~ s#\\#/#g; + if (($self->{path}) && ($self->{path} !~ m#^bin/#) + || ($self->{path} =~ m#(\w*/){2,}#)){ + $self->error("Access Denied"); + } + if (($self->{script} =~ m#(..|\\|/)#)){ + $self->error("Access Denied"); + } + + $self; } diff --git a/bin/admin.pl b/bin/admin.pl index e441b00e..a4c9ab9a 100755 --- a/bin/admin.pl +++ b/bin/admin.pl @@ -102,7 +102,7 @@ sub adminlogin { print qq| <body class="admin" onload="sf()"> <div align="center"> - <a href="http://www.ledgersmb.org/"><img src="images/ledger-smb.png" width="200" height="100" border="0" alt="LedgerSMB Logo" /></a> + <a href="http://www.ledgersmb.org/"><img src="images/ledgersmb.png" width="200" height="100" border="0" alt="LedgerSMB Logo" /></a> <h1 class="login">|.$locale->text('Version').qq| $form->{version} <br />|.$locale->text('Administration').qq|</h1> <form method="post" action="admin.pl" name="admin"> <table> @@ -2678,7 +2678,7 @@ sub company_logo { </pre> <center> -<a href="http://www.ledgersmb.org/" target="_blank"><img src="images/ledger-smb.png" width="200" height="100" border="0" alt="LedgerSMB Logo" /></a> +<a href="http://www.ledgersmb.org/" target="_blank"><img src="images/ledgersmb.png" width="200" height="100" border="0" alt="LedgerSMB Logo" /></a> <h1 class="login">|.$locale->text('Version').qq| $form->{version}</h1> <p> diff --git a/bin/login.pl b/bin/login.pl index bff94a10..67c882b2 100755 --- a/bin/login.pl +++ b/bin/login.pl @@ -126,7 +126,7 @@ sub login_screen { <table class="login" border="3" cellpadding="20"> <tr> <td class="login" align="center"> - <a href="http://www.ledgersmb.org/" target="_top"><img src="images/ledger-smb.png" width="200" heith="100" border="0" alt="LedgerSMB Logo" /></a> + <a href="http://www.ledgersmb.org/" target="_top"><img src="images/ledgersmb.png" width="200" heith="100" border="0" alt="LedgerSMB Logo" /></a> <h1 class="login" align="center">|.$locale->text('Version').qq| $form->{version}</h1> <p> <form method="post" action="$form->{script}" name="login"> @@ -180,7 +180,7 @@ sub selectdataset { <table class="login" border="3" cellpadding="20"> <tr> <td class="login" align="center"> - <a href="http://www.ledgersmb.org/" target="_top"><img src="images/ledger-smb.png" width="100" heith="100" border="0" alt="LedgerSMB Logo" /></a> + <a href="http://www.ledgersmb.org/" target="_top"><img src="images/ledgersmb.png" width="100" heith="100" border="0" alt="LedgerSMB Logo" /></a> <h1 class="login" align="center">|.$locale->text('Version').qq| $form->{version}</h1> <p> <form method="post" action="$form->{script}"> diff --git a/bin/menu.pl b/bin/menu.pl index 0fa9e234..9b426b5f 100755 --- a/bin/menu.pl +++ b/bin/menu.pl @@ -109,7 +109,7 @@ sub acc_menu { print q| <body class="menu"> - <img class="cornerlogo" src="images/ledger-smb_small.png" width="100" height="50" border="1" alt="ledger-smb" /> + <img class="cornerlogo" src="images/ledgersmb_small.png" width="100" height="50" border="1" alt="LedgerSMB" /> |; if ($form->{js}) { diff --git a/images/ledger-smb.eps b/images/ledgersmb.eps index da3c13c6..da3c13c6 100644 --- a/images/ledger-smb.eps +++ b/images/ledgersmb.eps diff --git a/images/ledger-smb.gif b/images/ledgersmb.gif Binary files differindex 768f2915..768f2915 100644 --- a/images/ledger-smb.gif +++ b/images/ledgersmb.gif diff --git a/images/ledger-smb.png b/images/ledgersmb.png Binary files differindex eae70d01..eae70d01 100644 --- a/images/ledger-smb.png +++ b/images/ledgersmb.png diff --git a/images/ledger-smb_small.png b/images/ledgersmb_small.png Binary files differindex d6b849ce..d6b849ce 100644 --- a/images/ledger-smb_small.png +++ b/images/ledgersmb_small.png diff --git a/locale/html/splash.html b/locale/html/splash.html index 3bcfff1e..ad37ab3a 100755 --- a/locale/html/splash.html +++ b/locale/html/splash.html @@ -14,7 +14,7 @@ <br /><br /><br /> <center> <a href="http://www.ledgersmb.org/" target="_blank"><img style="border: 1px - solid #000000;" src="../../images/ledger-smb.png" width="200" height="100" border="0" alt="LedgerSMB Logo" /></a> + solid #000000;" src="../../images/ledgersmb.png" width="200" height="100" border="0" alt="LedgerSMB Logo" /></a> <br /><br /><br /> <table width="80%" border="0" cellpadding="0" cellspacing="0"> <tr> |
