r97330 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r97329‎ \| r97330 \| r97331 >
Date:	20:31, 16 September 2011
Author:	sean_colombo
Status:	ok
Tags:
Comment:	Additional register_globals vulnerability check. Merged in from big Wikia merge: http://www.mediawiki.org/wiki/Wikia_code
Modified paths:	/trunk/phase3/includes/WebStart.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/WebStart.php
—	—	@@ -26,7 +26,7 @@
27	27	# Protect against register_globals
28	28	# This must be done before any globals are set by the code
29	29	if ( ini_get( 'register_globals' ) ) {
30		~~- if ( isset( $_REQUEST['GLOBALS'] ) ) {~~
	30	+ if ( isset( $_REQUEST['GLOBALS'] ) \|\| isset( $_FILES['GLOBALS'] ) ) {
31	31	die( '<a href="http://www.hardened-php.net/globals-problem">$GLOBALS overwrite vulnerability</a>');
32	32	}
33	33	$verboten = array(

23:37, 8 November 2011 Aaron Schulz (talk | contribs) changed the status of r97330 [removed: new added: ok]