diff options
author | Dries Buytaert <dries@buytaert.net> | 2009-07-22 04:45:35 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2009-07-22 04:45:35 +0000 |
commit | 3a29ee48f82eed3adfd2a90d0eae63a5903149fa (patch) | |
tree | c0de7a472a7db4dff57dd9b89c25d5e084c79ca8 /install.php | |
parent | 4ddecc05c9d2054568300d25748569dcd34fec7d (diff) | |
download | brdo-3a29ee48f82eed3adfd2a90d0eae63a5903149fa.tar.gz brdo-3a29ee48f82eed3adfd2a90d0eae63a5903149fa.tar.bz2 |
- Patch #3518404 by bopombatower: lock down DB config based on simpletest UA headers.
Diffstat (limited to 'install.php')
-rw-r--r-- | install.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/install.php b/install.php index 30c2de029..ce0b3c6dc 100644 --- a/install.php +++ b/install.php @@ -28,7 +28,7 @@ function install_main() { // The user agent header is used to pass a database prefix in the request when // running tests. However, for security reasons, it is imperative that no // installation be permitted using such a prefix. - if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^simpletest\d+$/", $_SERVER['HTTP_USER_AGENT'])) { + if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], "simpletest") !== FALSE) { header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); exit; } |