Additional register_globals vulnerability check. Merged in from big Wikia merge:...

diff --git a/includes/WebStart.php b/includes/WebStart.php
index 6cfb472..17f8216 100644 (file)
--- a/includes/WebStart.php
+++ b/includes/WebStart.php
@@ -26,7 +26,7 @@
 # Protect against register_globals
 # This must be done before any globals are set by the code
 if ( ini_get( 'register_globals' ) ) {
-       if ( isset( $_REQUEST['GLOBALS'] ) ) {
+       if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] ) ) {
                die( '<a href="http://www.hardened-php.net/globals-problem">$GLOBALS overwrite vulnerability</a>');
        }
        $verboten = array(