* Improved register_globals paranoia checks

RELEASE-NOTES

@@ -31,6 +31,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 7139) Increasing the visual width of the edit summary field on larger
   screen sizes, for the default monobook skin.
 * Fix PHP notice and estimates for dumpBackup.php and friends
+* Improved register_globals paranoia checks
 
 
 == Languages updated ==

includes/WebStart.php

@@ -10,7 +10,30 @@ if ( ini_get( 'register_globals' ) ) {
 	if ( isset( $_REQUEST['GLOBALS'] ) ) {
 		die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
 	}
+	$verboten = array(
+		'GLOBALS',
+		'_SERVER',
+		'HTTP_SERVER_VARS',
+		'_GET',
+		'HTTP_GET_VARS',
+		'_POST',
+		'HTTP_POST_VARS',
+		'_COOKIE',
+		'HTTP_COOKIE_VARS',
+		'_FILES',
+		'HTTP_POST_FILES',
+		'_ENV',
+		'HTTP_ENV_VARS',
+		'_REQUEST',
+		'_SESSION',
+		'HTTP_SESSION_VARS'
+	);
 	foreach ( $_REQUEST as $name => $value ) {
+		if( in_array( $name, $verboten ) ) {
+			header( "HTTP/1.x 500 Internal Server Error" );
+			echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
+			die( -1 );
+		}
 		unset( $GLOBALS[$name] );
 	}
 }