From 0ccb4c40d147d222d081aa2528ee891701efd8b2 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Thu, 3 Jul 2008 06:23:22 +0000
Subject: - Patch #258200 by pwolanin, dropcube: fixed access by-pass due to
 test framework.

---
 install.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/install.php b/install.php
index 649e608bc..e66ddff86 100644
--- a/install.php
+++ b/install.php
@@ -20,6 +20,14 @@ define('MAINTENANCE_MODE', 'install');
  *   The installation phase we should proceed to.
  */
 function install_main() {
+  // The user agent header is used to pass a database prefix in the request when
+  // running tests.  However, for security reasons, it is imperative that no
+  // installation be permitted using such a prefix.
+  if (preg_match("/^simpletest\d+$/", $_SERVER['HTTP_USER_AGENT'])) {
+    header('HTTP/1.1 403 Forbidden');
+    exit;
+  }  
+    
   require_once './includes/bootstrap.inc';
   drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION);
 
-- 
cgit v1.2.3