From df062369513ce7af46358c0e963b4ce5cb8aef58 Mon Sep 17 00:00:00 2001
From: anonymoususer72041
 <247563575+anonymoususer72041@users.noreply.github.com>
Date: Thu, 4 Jun 2026 13:14:00 +0200
Subject: [PATCH] Bootstrap direct AJAX endpoints safely

---
 ajax/bootstrap.php                            | 19 +++++++++++++++++++
 ajax/deleteActivity.php                       |  2 ++
 ajax/editActivity.php                         |  2 ++
 ajax/getCandidateIdByEmail.php                |  2 ++
 ajax/getCandidateIdByPhone.php                |  2 ++
 ajax/getCompanyContacts.php                   |  2 ++
 ajax/getCompanyLocation.php                   |  2 ++
 ajax/getCompanyLocationAndDepartments.php     |  2 ++
 ajax/getCompanyNames.php                      |  2 ++
 ajax/getDataGridPager.php                     |  2 ++
 ajax/getDataItemJobOrders.php                 |  2 ++
 ajax/getParsedAddress.php                     |  2 ++
 ajax/getPipelineDetails.php                   |  2 ++
 ajax/getPipelineJobOrder.php                  |  2 ++
 ajax/replaceTemplateTags.php                  | 10 ++++++----
 ajax/setCandidateJobOrderRating.php           |  2 ++
 ajax/setColumnWidth.php                       |  2 ++
 ajax/showTemplate.php                         |  8 +++++---
 ajax/testEmailSettings.php                    |  2 ++
 ajax/zipLookup.php                            |  2 ++
 lib/ACL.php                                   |  2 +-
 lib/CATSUtility.php                           |  2 +-
 lib/Companies.php                             |  2 +-
 lib/JobOrders.php                             |  2 +-
 lib/Mailer.php                                |  2 +-
 lib/TemplateUtility.php                       |  2 +-
 modules/candidates/Show.tpl                   |  2 +-
 modules/companies/Show.tpl                    |  2 +-
 modules/contacts/Show.tpl                     |  2 +-
 modules/import/ajax/processMassImportItem.php |  2 ++
 modules/install/ajax/attachmentsReindex.php   |  4 +++-
 .../ajax/attachmentsToThreeDirectory.php      |  4 +++-
 modules/install/ajax/ui.php                   |  4 +++-
 modules/joborders/Show.tpl                    |  2 +-
 modules/lists/ajax/addToLists.php             |  2 ++
 modules/lists/ajax/deleteList.php             |  2 ++
 modules/lists/ajax/editListName.php           |  2 ++
 modules/lists/ajax/newList.php                |  2 ++
 modules/settings/ajax/backup.php              |  2 ++
 39 files changed, 95 insertions(+), 20 deletions(-)
 create mode 100644 ajax/bootstrap.php

diff --git a/ajax/bootstrap.php b/ajax/bootstrap.php
new file mode 100644
index 000000000..6c0cb9c7b
--- /dev/null
+++ b/ajax/bootstrap.php
@@ -0,0 +1,19 @@
+<?php
+/*
+ * Shared bootstrap for directly requested AJAX endpoint scripts.
+ */
+
+$rootDirectory = dirname(__DIR__);
+
+if (!defined('LEGACY_ROOT'))
+{
+    define('LEGACY_ROOT', $rootDirectory);
+}
+
+include_once($rootDirectory . '/config.php');
+include_once(LEGACY_ROOT . '/constants.php');
+include_once(LEGACY_ROOT . '/lib/DatabaseConnection.php');
+include_once(LEGACY_ROOT . '/lib/Session.php');
+include_once(LEGACY_ROOT . '/lib/AJAXInterface.php');
+
+?>
diff --git a/ajax/deleteActivity.php b/ajax/deleteActivity.php
index c10d4e47e..286aaa773 100755
--- a/ajax/deleteActivity.php
+++ b/ajax/deleteActivity.php
@@ -27,6 +27,8 @@
  * $Id: deleteActivity.php 1479 2007-01-17 00:22:21Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/ActivityEntries.php');
 
 
diff --git a/ajax/editActivity.php b/ajax/editActivity.php
index cf27067ea..6c2641987 100755
--- a/ajax/editActivity.php
+++ b/ajax/editActivity.php
@@ -27,6 +27,8 @@
  * $Id: editActivity.php 2883 2007-08-14 15:25:26Z brian $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 
 include_once(LEGACY_ROOT . '/lib/ActivityEntries.php');
 
diff --git a/ajax/getCandidateIdByEmail.php b/ajax/getCandidateIdByEmail.php
index 90b44b6b2..998da38d0 100755
--- a/ajax/getCandidateIdByEmail.php
+++ b/ajax/getCandidateIdByEmail.php
@@ -27,6 +27,8 @@
  * $Id: getCandidateIdByEmail.php 3078 2007-09-21 20:25:28Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 $interface = new SecureAJAXInterface();
 
 include (LEGACY_ROOT . '/lib/Candidates.php');
diff --git a/ajax/getCandidateIdByPhone.php b/ajax/getCandidateIdByPhone.php
index 43c69d0ba..4f6ee559a 100644
--- a/ajax/getCandidateIdByPhone.php
+++ b/ajax/getCandidateIdByPhone.php
@@ -27,6 +27,8 @@
 * $Id: getCandidateIdByPhone.php 3078 2007-09-21 20:25:28Z will $
 */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 $interface = new SecureAJAXInterface();
 
 include (LEGACY_ROOT . '/lib/Candidates.php');
diff --git a/ajax/getCompanyContacts.php b/ajax/getCompanyContacts.php
index 01fa82df5..ea32a3cef 100755
--- a/ajax/getCompanyContacts.php
+++ b/ajax/getCompanyContacts.php
@@ -27,6 +27,8 @@
  * $Id: getCompanyContacts.php 1892 2007-02-20 06:44:04Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/Companies.php');
 
 
diff --git a/ajax/getCompanyLocation.php b/ajax/getCompanyLocation.php
index a0cce48f0..201138a55 100755
--- a/ajax/getCompanyLocation.php
+++ b/ajax/getCompanyLocation.php
@@ -27,6 +27,8 @@
  * $Id: getCompanyLocation.php 2359 2007-04-21 22:49:17Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/Companies.php');
 
 
diff --git a/ajax/getCompanyLocationAndDepartments.php b/ajax/getCompanyLocationAndDepartments.php
index 25abb2023..d8174488b 100755
--- a/ajax/getCompanyLocationAndDepartments.php
+++ b/ajax/getCompanyLocationAndDepartments.php
@@ -27,6 +27,8 @@
  * $Id: getCompanyLocationAndDepartments.php 2359 2007-04-21 22:49:17Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/Companies.php');
 
 
diff --git a/ajax/getCompanyNames.php b/ajax/getCompanyNames.php
index 83c3a1eeb..15b129933 100755
--- a/ajax/getCompanyNames.php
+++ b/ajax/getCompanyNames.php
@@ -27,6 +27,8 @@
  * $Id: getCompanyNames.php 2367 2007-04-23 23:24:05Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/Companies.php');
 include_once(LEGACY_ROOT . '/lib/Search.php');
 
diff --git a/ajax/getDataGridPager.php b/ajax/getDataGridPager.php
index a8075290b..98c0d69c4 100755
--- a/ajax/getDataGridPager.php
+++ b/ajax/getDataGridPager.php
@@ -27,6 +27,8 @@
  * $Id: getDataGridPager.php 3078 2007-09-21 20:25:28Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/CATSUtility.php');
 include_once(LEGACY_ROOT . '/lib/TemplateUtility.php');
 include_once(LEGACY_ROOT . '/lib/DataGrid.php');
diff --git a/ajax/getDataItemJobOrders.php b/ajax/getDataItemJobOrders.php
index 837f7a3b8..64448aa79 100755
--- a/ajax/getDataItemJobOrders.php
+++ b/ajax/getDataItemJobOrders.php
@@ -27,6 +27,8 @@
  * $Id: getDataItemJobOrders.php 1892 2007-02-20 06:44:04Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 $interface = new SecureAJAXInterface();
 
 if (!$interface->isRequiredIDValid('dataItemID'))
diff --git a/ajax/getParsedAddress.php b/ajax/getParsedAddress.php
index aea55ff64..ebdfdb686 100755
--- a/ajax/getParsedAddress.php
+++ b/ajax/getParsedAddress.php
@@ -27,6 +27,8 @@
  * $Id: getParsedAddress.php 2492 2007-05-25 21:12:47Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/StringUtility.php');
 include_once(LEGACY_ROOT . '/lib/AddressParser.php');
 include_once(LEGACY_ROOT . '/lib/ResultSetUtility.php');
diff --git a/ajax/getPipelineDetails.php b/ajax/getPipelineDetails.php
index 613892a37..8c1c91002 100755
--- a/ajax/getPipelineDetails.php
+++ b/ajax/getPipelineDetails.php
@@ -27,6 +27,8 @@
  * $Id: getPipelineDetails.php 2976 2007-08-30 18:18:48Z andrew $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/Pipelines.php');
 
 
diff --git a/ajax/getPipelineJobOrder.php b/ajax/getPipelineJobOrder.php
index f75f6c53f..df27a1755 100755
--- a/ajax/getPipelineJobOrder.php
+++ b/ajax/getPipelineJobOrder.php
@@ -27,6 +27,8 @@
  * $Id: getPipelineJobOrder.php 3814 2007-12-06 17:54:28Z brian $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/Pipelines.php');
 include_once(LEGACY_ROOT . '/lib/TemplateUtility.php');
 include_once(LEGACY_ROOT . '/lib/StringUtility.php');
diff --git a/ajax/replaceTemplateTags.php b/ajax/replaceTemplateTags.php
index eebcf379f..c3b82b03a 100644
--- a/ajax/replaceTemplateTags.php
+++ b/ajax/replaceTemplateTags.php
@@ -1,7 +1,9 @@
 <?php
-    include_once('./lib/EmailTemplates.php');
-    include_once('./lib/DateUtility.php');
-    include_once('./lib/Candidates.php');
+    include_once(__DIR__ . '/bootstrap.php');
+
+    include_once(LEGACY_ROOT . '/lib/EmailTemplates.php');
+    include_once(LEGACY_ROOT . '/lib/DateUtility.php');
+    include_once(LEGACY_ROOT . '/lib/Candidates.php');
     
     $interface = new SecureAJAXInterface();
 
@@ -53,4 +55,4 @@
         "</data>\n"
     );
 
-?>
\ No newline at end of file
+?>
diff --git a/ajax/setCandidateJobOrderRating.php b/ajax/setCandidateJobOrderRating.php
index 2d545c964..4edb06b2f 100755
--- a/ajax/setCandidateJobOrderRating.php
+++ b/ajax/setCandidateJobOrderRating.php
@@ -27,6 +27,8 @@
  * $Id: setCandidateJobOrderRating.php 1479 2007-01-17 00:22:21Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/Pipelines.php');
 
 
diff --git a/ajax/setColumnWidth.php b/ajax/setColumnWidth.php
index ca2bc7ce9..3f619f11e 100755
--- a/ajax/setColumnWidth.php
+++ b/ajax/setColumnWidth.php
@@ -27,6 +27,8 @@
  * $Id: setColumnWidth.php 2373 2007-04-24 21:57:28Z will $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 $interface = new SecureAJAXInterface();
 
 if ($_SERVER['REQUEST_METHOD'] !== 'POST')
diff --git a/ajax/showTemplate.php b/ajax/showTemplate.php
index 4a39c4e92..fd78c8563 100644
--- a/ajax/showTemplate.php
+++ b/ajax/showTemplate.php
@@ -1,6 +1,8 @@
 <?php
-    include_once('./lib/EmailTemplates.php');
-    include_once('./lib/DateUtility.php');
+    include_once(__DIR__ . '/bootstrap.php');
+
+    include_once(LEGACY_ROOT . '/lib/EmailTemplates.php');
+    include_once(LEGACY_ROOT . '/lib/DateUtility.php');
 
     $interface = new SecureAJAXInterface();
 
@@ -33,4 +35,4 @@
         "</data>\n"
     );
 
-?>
\ No newline at end of file
+?>
diff --git a/ajax/testEmailSettings.php b/ajax/testEmailSettings.php
index 7845f5281..c9ebd48cc 100755
--- a/ajax/testEmailSettings.php
+++ b/ajax/testEmailSettings.php
@@ -27,6 +27,8 @@
  * $Id: testEmailSettings.php 2101 2007-03-06 00:20:17Z brian $
  */
 
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/Mailer.php');
 
 
diff --git a/ajax/zipLookup.php b/ajax/zipLookup.php
index b87e166e9..e9912264e 100755
--- a/ajax/zipLookup.php
+++ b/ajax/zipLookup.php
@@ -3,6 +3,8 @@
  * OpenCATS
  * AJAX Street/City/State lookup via Zip Interface
  */
+include_once(__DIR__ . '/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/ZipLookup.php');
 include_once(LEGACY_ROOT . '/lib/StringUtility.php');
 
diff --git a/lib/ACL.php b/lib/ACL.php
index 493db067d..28b6767dd 100644
--- a/lib/ACL.php
+++ b/lib/ACL.php
@@ -7,7 +7,7 @@
  * @copyright (C) OpenCats
  */
 
-include_once("./config.php");
+include_once(LEGACY_ROOT . '/config.php');
 
 class ACL
 {
diff --git a/lib/CATSUtility.php b/lib/CATSUtility.php
index cfa53aa9d..f4450c411 100755
--- a/lib/CATSUtility.php
+++ b/lib/CATSUtility.php
@@ -31,7 +31,7 @@
  */
 
 // FIXME: Why is this being reincluded here?
-include_once('./config.php');
+include_once(LEGACY_ROOT . '/config.php');
 include_once(LEGACY_ROOT . '/lib/FileUtility.php');
 
 /**
diff --git a/lib/Companies.php b/lib/Companies.php
index 6f4c3330a..a8762cd7a 100755
--- a/lib/Companies.php
+++ b/lib/Companies.php
@@ -1,5 +1,5 @@
 <?php
-include_once('./vendor/autoload.php');
+include_once(LEGACY_ROOT . '/vendor/autoload.php');
 use OpenCATS\Entity\Company;
 use OpenCATS\Entity\CompanyRepository;
 
diff --git a/lib/JobOrders.php b/lib/JobOrders.php
index 6a4b0ff93..b977037c3 100755
--- a/lib/JobOrders.php
+++ b/lib/JobOrders.php
@@ -1,5 +1,5 @@
 <?php
-include_once('./vendor/autoload.php');
+include_once(LEGACY_ROOT . '/vendor/autoload.php');
 
 use OpenCATS\Entity\JobOrder;
 use OpenCATS\Entity\JobOrderRepository;
diff --git a/lib/Mailer.php b/lib/Mailer.php
index bba83b749..c3d2ab4c5 100644
--- a/lib/Mailer.php
+++ b/lib/Mailer.php
@@ -40,7 +40,7 @@
  use PHPMailer\PHPMailer\Exception;
 
  // Load Composer's autoloader
- require './vendor/autoload.php';
+ require LEGACY_ROOT . '/vendor/autoload.php';
 
 // FIXME: Remove this dependency! Bad bad bad!
 include_once(LEGACY_ROOT . '/lib/Pipelines.php');
diff --git a/lib/TemplateUtility.php b/lib/TemplateUtility.php
index 8c0c5406b..4817445a2 100755
--- a/lib/TemplateUtility.php
+++ b/lib/TemplateUtility.php
@@ -35,7 +35,7 @@
  * @version    $Id: TemplateUtility.php 3835 2007-12-12 19:08:38Z brian $
  */
 
-include_once('./vendor/autoload.php');
+include_once(LEGACY_ROOT . '/vendor/autoload.php');
 include_once(LEGACY_ROOT . '/lib/Candidates.php');
 include_once(LEGACY_ROOT . '/lib/DateUtility.php');
 include_once(LEGACY_ROOT . '/lib/SystemInfo.php');
diff --git a/modules/candidates/Show.tpl b/modules/candidates/Show.tpl
index 085fc2494..a435a0e36 100755
--- a/modules/candidates/Show.tpl
+++ b/modules/candidates/Show.tpl
@@ -1,5 +1,5 @@
 <?php /* $Id: Show.tpl 3814 2007-12-06 17:54:28Z brian $ */
-include_once('./vendor/autoload.php');
+include_once(LEGACY_ROOT . '/vendor/autoload.php');
 use OpenCATS\UI\CandidateQuickActionMenu;
 use OpenCATS\UI\CandidateDuplicateQuickActionMenu;
 ?>
diff --git a/modules/companies/Show.tpl b/modules/companies/Show.tpl
index e0fddbde3..025f0cc8a 100755
--- a/modules/companies/Show.tpl
+++ b/modules/companies/Show.tpl
@@ -1,5 +1,5 @@
 <?php /* $Id: Show.tpl 3582 2007-11-12 22:58:48Z brian $ */
-include_once('./vendor/autoload.php');
+include_once(LEGACY_ROOT . '/vendor/autoload.php');
 use OpenCATS\UI\QuickActionMenu;
 ?>
 <?php TemplateUtility::printHeader('Company - ' . $this->data['name'], array( 'js/activity.js', 'js/sorttable.js', 'js/attachment.js')); ?>
diff --git a/modules/contacts/Show.tpl b/modules/contacts/Show.tpl
index c0137ebbd..e90aad22d 100755
--- a/modules/contacts/Show.tpl
+++ b/modules/contacts/Show.tpl
@@ -1,6 +1,6 @@
 <?php /* $Id: Show.tpl 3444 2007-11-06 23:16:27Z will $
 */
-include_once('./vendor/autoload.php');
+include_once(LEGACY_ROOT . '/vendor/autoload.php');
 use OpenCATS\UI\QuickActionMenu;
 ?>
 <?php TemplateUtility::printHeader('Contact - ' . $this->data['firstName'] . ' ' . $this->data['lastName'], array( 'js/activity.js', 'js/attachment.js')); ?>
diff --git a/modules/import/ajax/processMassImportItem.php b/modules/import/ajax/processMassImportItem.php
index fe5a67193..1fe853f43 100755
--- a/modules/import/ajax/processMassImportItem.php
+++ b/modules/import/ajax/processMassImportItem.php
@@ -27,6 +27,8 @@
  * $Id: processMassImportItem.php 2359 2007-04-21 22:49:17Z will $
  */
 
+include_once(dirname(__DIR__, 3) . '/ajax/bootstrap.php');
+
 
 include_once(LEGACY_ROOT . '/lib/Attachments.php');
 
diff --git a/modules/install/ajax/attachmentsReindex.php b/modules/install/ajax/attachmentsReindex.php
index a23c97412..75240d639 100755
--- a/modules/install/ajax/attachmentsReindex.php
+++ b/modules/install/ajax/attachmentsReindex.php
@@ -25,6 +25,8 @@
  *
  */
 
+include_once(dirname(__DIR__, 3) . '/ajax/bootstrap.php');
+
 if ($_SERVER['REQUEST_METHOD'] !== 'POST')
 {
     header('Content-Type: text/html; charset=UTF-8');
@@ -43,7 +45,7 @@
     die();
 }
 
-include_once('./config.php');
+include_once(LEGACY_ROOT . '/config.php');
 include_once(LEGACY_ROOT . '/lib/DatabaseConnection.php');
 include_once(LEGACY_ROOT . '/lib/ModuleUtility.php');
 
diff --git a/modules/install/ajax/attachmentsToThreeDirectory.php b/modules/install/ajax/attachmentsToThreeDirectory.php
index 11329abb6..594106a5a 100755
--- a/modules/install/ajax/attachmentsToThreeDirectory.php
+++ b/modules/install/ajax/attachmentsToThreeDirectory.php
@@ -27,6 +27,8 @@
  * $Id: attachmentsToThreeDirectory.php 2336 2007-04-14 22:01:51Z will $
  */
 
+include_once(dirname(__DIR__, 3) . '/ajax/bootstrap.php');
+
 if ($_SERVER['REQUEST_METHOD'] !== 'POST')
 {
     header('Content-Type: text/html; charset=UTF-8');
@@ -45,7 +47,7 @@
     die();
 }
 
-include_once('./config.php');
+include_once(LEGACY_ROOT . '/config.php');
 include_once(LEGACY_ROOT . '/lib/DatabaseConnection.php');
 
 $interface = new SecureAJAXInterface();
diff --git a/modules/install/ajax/ui.php b/modules/install/ajax/ui.php
index cc601d92f..cc98056da 100755
--- a/modules/install/ajax/ui.php
+++ b/modules/install/ajax/ui.php
@@ -27,7 +27,9 @@
  * $Id: ui.php 3807 2007-12-05 01:47:41Z will $
  */
 
-include_once('./config.php');
+include_once(dirname(__DIR__, 3) . '/ajax/bootstrap.php');
+
+include_once(LEGACY_ROOT . '/config.php');
 include_once(LEGACY_ROOT . '/lib/InstallationTests.php');
 include_once(LEGACY_ROOT . '/lib/CATSUtility.php');
 
diff --git a/modules/joborders/Show.tpl b/modules/joborders/Show.tpl
index aa910759a..2b0ee3674 100755
--- a/modules/joborders/Show.tpl
+++ b/modules/joborders/Show.tpl
@@ -1,5 +1,5 @@
 <?php /* $Id: Show.tpl 3814 2007-12-06 17:54:28Z brian $ */
-include_once('./vendor/autoload.php');
+include_once(LEGACY_ROOT . '/vendor/autoload.php');
 use OpenCATS\UI\QuickActionMenu;
 ?>
 <?php if ($this->isPopup): ?>
diff --git a/modules/lists/ajax/addToLists.php b/modules/lists/ajax/addToLists.php
index 74be912a0..7cea0c555 100755
--- a/modules/lists/ajax/addToLists.php
+++ b/modules/lists/ajax/addToLists.php
@@ -27,6 +27,8 @@
  * $Id: addToLists.php 3198 2007-10-14 23:36:43Z will $
  */
 
+include_once(dirname(__DIR__, 3) . '/ajax/bootstrap.php');
+
 include_once(LEGACY_ROOT . '/lib/StringUtility.php');
 include_once(LEGACY_ROOT . '/lib/ActivityEntries.php');
 include_once(LEGACY_ROOT . '/lib/SavedLists.php');
diff --git a/modules/lists/ajax/deleteList.php b/modules/lists/ajax/deleteList.php
index 417c9150f..88ce705b8 100755
--- a/modules/lists/ajax/deleteList.php
+++ b/modules/lists/ajax/deleteList.php
@@ -27,6 +27,8 @@
  * $Id: deleteList.php 3198 2007-10-14 23:36:43Z will $
  */
 
+include_once(dirname(__DIR__, 3) . '/ajax/bootstrap.php');
+
 
 include_once(LEGACY_ROOT . '/lib/StringUtility.php');
 include_once(LEGACY_ROOT . '/lib/ActivityEntries.php');
diff --git a/modules/lists/ajax/editListName.php b/modules/lists/ajax/editListName.php
index e7b179a2b..faa7be575 100755
--- a/modules/lists/ajax/editListName.php
+++ b/modules/lists/ajax/editListName.php
@@ -27,6 +27,8 @@
  * $Id: editListName.php 3198 2007-10-14 23:36:43Z will $
  */
 
+include_once(dirname(__DIR__, 3) . '/ajax/bootstrap.php');
+
 
 include_once(LEGACY_ROOT . '/lib/StringUtility.php');
 include_once(LEGACY_ROOT . '/lib/ActivityEntries.php');
diff --git a/modules/lists/ajax/newList.php b/modules/lists/ajax/newList.php
index 7d5aa4855..4c202f8e9 100755
--- a/modules/lists/ajax/newList.php
+++ b/modules/lists/ajax/newList.php
@@ -27,6 +27,8 @@
  * $Id: newList.php 3198 2007-10-14 23:36:43Z will $
  */
 
+include_once(dirname(__DIR__, 3) . '/ajax/bootstrap.php');
+
 
 include_once(LEGACY_ROOT . '/lib/StringUtility.php');
 include_once(LEGACY_ROOT . '/lib/ActivityEntries.php');
diff --git a/modules/settings/ajax/backup.php b/modules/settings/ajax/backup.php
index 127fd2191..db6ed1200 100755
--- a/modules/settings/ajax/backup.php
+++ b/modules/settings/ajax/backup.php
@@ -27,6 +27,8 @@
  * $Id: backup.php 3402 2007-11-02 22:03:43Z brian $
  */
 
+include_once(dirname(__DIR__, 3) . '/ajax/bootstrap.php');
+
 @ini_set('memory_limit', '512M');
 
 include_once(LEGACY_ROOT . '/lib/Attachments.php');