* Improved register_globals paranoia checks

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 119c6d7..92b9e42 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -31,6 +31,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 7139) Increasing the visual width of the edit summary field on larger
   screen sizes, for the default monobook skin.
 * Fix PHP notice and estimates for dumpBackup.php and friends
+* Improved register_globals paranoia checks
 
 
 == Languages updated ==

diff --git a/includes/WebStart.php b/includes/WebStart.php
index 9e45714..0c71ce5 100644 (file)
--- a/includes/WebStart.php
+++ b/includes/WebStart.php
@@ -10,7 +10,30 @@ if ( ini_get( 'register_globals' ) ) {
        if ( isset( $_REQUEST['GLOBALS'] ) ) {
                die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
        }
+       $verboten = array(
+               'GLOBALS',
+               '_SERVER',
+               'HTTP_SERVER_VARS',
+               '_GET',
+               'HTTP_GET_VARS',
+               '_POST',
+               'HTTP_POST_VARS',
+               '_COOKIE',
+               'HTTP_COOKIE_VARS',
+               '_FILES',
+               'HTTP_POST_FILES',
+               '_ENV',
+               'HTTP_ENV_VARS',
+               '_REQUEST',
+               '_SESSION',
+               'HTTP_SESSION_VARS'
+       );
        foreach ( $_REQUEST as $name => $value ) {
+               if( in_array( $name, $verboten ) ) {
+                       header( "HTTP/1.x 500 Internal Server Error" );
+                       echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
+                       die( -1 );
+               }
                unset( $GLOBALS[$name] );
        }
 }