Permalink
Browse files

MDL-17789 prevent potential XSS problems through PHP_SELF; backported…

… from HEAD
  • Loading branch information...
1 parent 5a5731d commit 0260923ace89573a3f5d1947b53292899c7b7356 skodak committed Jan 6, 2009
Showing with 8 additions and 0 deletions.
  1. +8 −0 lib/setup.php
View
@@ -371,6 +371,14 @@ function addslashes_deep($value) {
}
}
+/// neutralise nasty chars in PHP_SELF
+ if (isset($_SERVER['PHP_SELF'])) {
+ $phppos = strpos($_SERVER['PHP_SELF'], '.php');
+ if ($phppos !== false) {
+ $_SERVER['PHP_SELF'] = substr($_SERVER['PHP_SELF'], 0, $phppos+4);
+ }
+ unset($phppos);
+ }
/// The following code can emulate "register globals" if required.
/// This hack is no longer being applied as of Moodle 1.6 unless you really

0 comments on commit 0260923

Please sign in to comment.