workaround for any current or future exploit of the $GLOBALS overwrite vulnerability

[lhc/web/wiklou.git] / thumb.php

diff --git a/thumb.php b/thumb.php
index 0183c3f..439b5b5 100644 (file)
--- a/thumb.php
+++ b/thumb.php
@@ -7,6 +7,10 @@
 
 define( 'MEDIAWIKI', true );
 unset( $IP );
+if ( isset( $_REQUEST['GLOBALS'] ) ) {
+       die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
+}
+
 $wgNoOutputBuffer = true;
 
 require_once( './includes/Defines.php' );