secure scripts which should not be called directly (install/update stuff); avoid url-manipulation

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

install/updatesql.php

@@ -17,6 +17,15 @@
  *
  */
 
+if (!defined('AREA')
+	|| (defined('AREA') && AREA != 'admin')
+	|| !isset($userinfo['loginname'])
+	|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
+) {
+	header('Location: ../index.php');
+	exit;
+}
+
 $updatelog = FroxlorLogger::getInstanceOf(array('loginname' => 'updater'));
 
 $updatelogfile = validateUpdateLogFile(makeCorrectFile(dirname(__FILE__).'/update.log'));