Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Improved register_globals paranoia checks

Browse source
This commit is contained in:
Brion Vibber 2006-10-11 18:14:27 +00:00
parent 6c8b27fae6
commit a898dff34e
2 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
RELEASE-NOTES
View file

@ -31,6 +31,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
* (bug 7139) Increasing the visual width of the edit summary field on larger * (bug 7139) Increasing the visual width of the edit summary field on larger
screen sizes, for the default monobook skin. screen sizes, for the default monobook skin.
* Fix PHP notice and estimates for dumpBackup.php and friends * Fix PHP notice and estimates for dumpBackup.php and friends
* Improved register_globals paranoia checks
== Languages updated == == Languages updated ==

23
includes/WebStart.php
View file

@ -10,7 +10,30 @@ if ( ini_get( 'register_globals' ) ) {
if ( isset( $_REQUEST['GLOBALS'] ) ) { if ( isset( $_REQUEST['GLOBALS'] ) ) {
die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>'); die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
} }
$verboten = array(
'GLOBALS',
'_SERVER',
'HTTP_SERVER_VARS',
'_GET',
'HTTP_GET_VARS',
'_POST',
'HTTP_POST_VARS',
'_COOKIE',
'HTTP_COOKIE_VARS',
'_FILES',
'HTTP_POST_FILES',
'_ENV',
'HTTP_ENV_VARS',
'_REQUEST',
'_SESSION',
'HTTP_SESSION_VARS'
);
foreach ( $_REQUEST as $name => $value ) { foreach ( $_REQUEST as $name => $value ) {
if( in_array( $name, $verboten ) ) {
header( "HTTP/1.x 500 Internal Server Error" );
echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
die( -1 );
}
unset( $GLOBALS[$name] ); unset( $GLOBALS[$name] );
} }
} }