From: Sean Colombo <sean_colombo@users.mediawiki.org>
Date: Fri, 16 Sep 2011 20:31:37 +0000 (+0000)
Subject: Additional register_globals vulnerability check. Merged in from big Wikia merge:... 
X-Git-Tag: 1.31.0-rc.0~27601
X-Git-Url: http://git.cyclocoop.org/fichier?a=commitdiff_plain;h=bf1f91244a23e80af109e0860af9a48d126213ec;p=lhc%2Fweb%2Fwiklou.git

Additional register_globals vulnerability check. Merged in from big Wikia merge: mediawiki.org/wiki/Wikia_code
---

diff --git a/includes/WebStart.php b/includes/WebStart.php
index 6cfb4722f9..17f8216bab 100644
--- a/includes/WebStart.php
+++ b/includes/WebStart.php
@@ -26,7 +26,7 @@
 # Protect against register_globals
 # This must be done before any globals are set by the code
 if ( ini_get( 'register_globals' ) ) {
-	if ( isset( $_REQUEST['GLOBALS'] ) ) {
+	if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] ) ) {
 		die( '<a href="http://www.hardened-php.net/globals-problem">$GLOBALS overwrite vulnerability</a>');
 	}
 	$verboten = array(