From ccaeaa85e8fff0543640725f880d41cf96f55d19 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 26 May 2009 16:50:30 +0200
Subject: SECURITY: fix local file inclusion with register globals

Ignore-this: ce01faedc6c3d9370362b0e1e39ded36

This fixes a security hole when register_globals is enabled. An exploit is
in the wild: http://www.milw0rm.com/exploits/8781

darcs-hash:20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz
---
 inc/init.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'inc/init.php')

diff --git a/inc/init.php b/inc/init.php
index b64a6611a..f642c8dcf 100644
--- a/inc/init.php
+++ b/inc/init.php
@@ -10,6 +10,9 @@
   }
   define('DOKU_START_TIME', delta_time());
 
+  global $config_cascade;
+  $config_cascade = '';
+
   // if available load a preload config file
   $preload = fullpath(dirname(__FILE__)).'/preload.php';
   if (@file_exists($preload)) include($preload);
@@ -42,7 +45,6 @@
   global $cache_metadata; $cache_metadata = array();
 
   //set the configuration cascade - but only if its not already been set in preload.php
-  global $config_cascade;
   if (empty($config_cascade)) {
     $config_cascade = array(
       'main' => array(
-- 
cgit v1.2.3