From a898dff34ed01ba9cb15c8fb5a0e7d95476613ab Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Wed, 11 Oct 2006 18:14:27 +0000
Subject: [PATCH] * Improved register_globals paranoia checks

---
 RELEASE-NOTES         |  1 +
 includes/WebStart.php | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 119c6d7ce4..92b9e4228c 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -31,6 +31,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 7139) Increasing the visual width of the edit summary field on larger
   screen sizes, for the default monobook skin.
 * Fix PHP notice and estimates for dumpBackup.php and friends
+* Improved register_globals paranoia checks
 
 
 == Languages updated ==
diff --git a/includes/WebStart.php b/includes/WebStart.php
index 9e45714a19..0c71ce53da 100644
--- a/includes/WebStart.php
+++ b/includes/WebStart.php
@@ -10,7 +10,30 @@ if ( ini_get( 'register_globals' ) ) {
 	if ( isset( $_REQUEST['GLOBALS'] ) ) {
 		die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
 	}
+	$verboten = array(
+		'GLOBALS',
+		'_SERVER',
+		'HTTP_SERVER_VARS',
+		'_GET',
+		'HTTP_GET_VARS',
+		'_POST',
+		'HTTP_POST_VARS',
+		'_COOKIE',
+		'HTTP_COOKIE_VARS',
+		'_FILES',
+		'HTTP_POST_FILES',
+		'_ENV',
+		'HTTP_ENV_VARS',
+		'_REQUEST',
+		'_SESSION',
+		'HTTP_SESSION_VARS'
+	);
 	foreach ( $_REQUEST as $name => $value ) {
+		if( in_array( $name, $verboten ) ) {
+			header( "HTTP/1.x 500 Internal Server Error" );
+			echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
+			die( -1 );
+		}
 		unset( $GLOBALS[$name] );
 	}
 }
-- 
2.20.1