SECURITY: fix local file inclusion with register globals
Ignore-this: ce01faedc6c3d9370362b0e1e39ded36 This fixes a security hole when register_globals is enabled. An exploit is in the wild: http://www.milw0rm.com/exploits/8781 darcs-hash:20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz
This commit is contained in:
parent
7715e68ec4
commit
ccaeaa85e8
|
@ -10,6 +10,9 @@
|
|||
}
|
||||
define('DOKU_START_TIME', delta_time());
|
||||
|
||||
global $config_cascade;
|
||||
$config_cascade = '';
|
||||
|
||||
// if available load a preload config file
|
||||
$preload = fullpath(dirname(__FILE__)).'/preload.php';
|
||||
if (@file_exists($preload)) include($preload);
|
||||
|
@ -42,7 +45,6 @@
|
|||
global $cache_metadata; $cache_metadata = array();
|
||||
|
||||
//set the configuration cascade - but only if its not already been set in preload.php
|
||||
global $config_cascade;
|
||||
if (empty($config_cascade)) {
|
||||
$config_cascade = array(
|
||||
'main' => array(
|
||||
|
|
Loading…
Reference in New Issue