diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-07-22 04:45:35 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-07-22 04:45:35 +0000 |
| commit | 3a29ee48f82eed3adfd2a90d0eae63a5903149fa (patch) | |
| tree | c0de7a472a7db4dff57dd9b89c25d5e084c79ca8 /includes/database/database.inc | |
| parent | 4ddecc05c9d2054568300d25748569dcd34fec7d (diff) | |
| download | brdo-3a29ee48f82eed3adfd2a90d0eae63a5903149fa.tar.gz brdo-3a29ee48f82eed3adfd2a90d0eae63a5903149fa.tar.bz2 | |
- Patch #3518404 by bopombatower: lock down DB config based on simpletest UA headers.
Diffstat (limited to 'includes/database/database.inc')
| -rw-r--r-- | includes/database/database.inc | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/includes/database/database.inc b/includes/database/database.inc index 69f84a446..c18aec2f5 100644 --- a/includes/database/database.inc +++ b/includes/database/database.inc @@ -1347,9 +1347,10 @@ abstract class Database { } // We need to pass around the simpletest database prefix in the request - // and we put that in the user_agent header. - if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^simpletest\d+$/", $_SERVER['HTTP_USER_AGENT'])) { - $db_prefix .= $_SERVER['HTTP_USER_AGENT']; + // and we put that in the user_agent header. The header HMAC was already + // validated in bootstrap.inc. + if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^(simpletest\d+);/", $_SERVER['HTTP_USER_AGENT'], $matches)) { + $db_prefix .= $matches[1]; } return $new_connection; } |