From fcb1f79278684f02ee59130dc0304bd063d9d6d7 Mon Sep 17 00:00:00 2001
From: Daniel Neto <me@danielneto.com>
Date: Thu, 28 Mar 2024 11:44:23 -0300
Subject: [PATCH] Security update

---
 install/checkConfiguration.php   | 6 ++++--
 plugin/WWBNIndex/submitIndex.php | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/install/checkConfiguration.php b/install/checkConfiguration.php
index 91e2576d4fab..f604087279d4 100644
--- a/install/checkConfiguration.php
+++ b/install/checkConfiguration.php
@@ -260,8 +260,10 @@
 /*
 FOR WWBNIndex Plugin
 */
-if (file_exists($_POST['systemRootPath'] . "plugin/WWBNIndex/submitIndex.php")) {
-    include ($_POST['systemRootPath'] . "plugin/WWBNIndex/submitIndex.php");
+$systemRootPath = __DIR__ . DIRECTORY_SEPARATOR . '../';
+$file = "{$systemRootPath}plugin/WWBNIndex/submitIndex.php";
+if (file_exists($file)) {
+    include $file;
 }
 error_log("Installation: ".__LINE__);
 $obj->success = true;
diff --git a/plugin/WWBNIndex/submitIndex.php b/plugin/WWBNIndex/submitIndex.php
index bec192e210a3..38dd477932f3 100644
--- a/plugin/WWBNIndex/submitIndex.php
+++ b/plugin/WWBNIndex/submitIndex.php
@@ -2,8 +2,8 @@
 ini_set('display_errors', 1);
 ini_set('display_startup_errors', 1);
 error_reporting(E_ALL);
-
-require_once ($_POST['systemRootPath'] . "plugin/WWBNIndex/WWBNIndex.php");
+$systemRootPath = __DIR__ . DIRECTORY_SEPARATOR . '../../';
+require_once ($systemRootPath . "plugin/WWBNIndex/WWBNIndex.php");
 $wwbnIndex = new WWBNIndex();
 
 // if (!_mysql_is_open()) {