diff options
author | Dries Buytaert <dries@buytaert.net> | 2008-07-03 06:23:22 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2008-07-03 06:23:22 +0000 |
commit | 0ccb4c40d147d222d081aa2528ee891701efd8b2 (patch) | |
tree | 15066ae5ed2de3a29e270ca9ca13c414209f1e85 /install.php | |
parent | bd91faf66c49d2b410f75f32df9442cb7a0f9bed (diff) | |
download | brdo-0ccb4c40d147d222d081aa2528ee891701efd8b2.tar.gz brdo-0ccb4c40d147d222d081aa2528ee891701efd8b2.tar.bz2 |
- Patch #258200 by pwolanin, dropcube: fixed access by-pass due to test framework.
Diffstat (limited to 'install.php')
-rw-r--r-- | install.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/install.php b/install.php index 649e608bc..e66ddff86 100644 --- a/install.php +++ b/install.php @@ -20,6 +20,14 @@ define('MAINTENANCE_MODE', 'install'); * The installation phase we should proceed to. */ function install_main() { + // The user agent header is used to pass a database prefix in the request when + // running tests. However, for security reasons, it is imperative that no + // installation be permitted using such a prefix. + if (preg_match("/^simpletest\d+$/", $_SERVER['HTTP_USER_AGENT'])) { + header('HTTP/1.1 403 Forbidden'); + exit; + } + require_once './includes/bootstrap.inc'; drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION); |