diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2009-05-26 16:50:30 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2009-05-26 16:50:30 +0200 |
| commit | ccaeaa85e8fff0543640725f880d41cf96f55d19 (patch) | |
| tree | f8388fb6c2078c6270bc86d1d543cbb1e0862821 | |
| parent | 7715e68ec462e8caf9cc8e3081493b355b6dc938 (diff) | |
| download | rpg-ccaeaa85e8fff0543640725f880d41cf96f55d19.tar.gz rpg-ccaeaa85e8fff0543640725f880d41cf96f55d19.tar.bz2 | |
SECURITY: fix local file inclusion with register globals
Ignore-this: ce01faedc6c3d9370362b0e1e39ded36
This fixes a security hole when register_globals is enabled. An exploit is
in the wild: http://www.milw0rm.com/exploits/8781
darcs-hash:20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz
| -rw-r--r-- | inc/init.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/inc/init.php b/inc/init.php index b64a6611a..f642c8dcf 100644 --- a/inc/init.php +++ b/inc/init.php @@ -10,6 +10,9 @@ } define('DOKU_START_TIME', delta_time()); + global $config_cascade; + $config_cascade = ''; + // if available load a preload config file $preload = fullpath(dirname(__FILE__)).'/preload.php'; if (@file_exists($preload)) include($preload); @@ -42,7 +45,6 @@ global $cache_metadata; $cache_metadata = array(); //set the configuration cascade - but only if its not already been set in preload.php - global $config_cascade; if (empty($config_cascade)) { $config_cascade = array( 'main' => array( |