Permalink
Browse files

MDL-17789 prevent potential XSS problems through PHP_SELF; backported…

… from HEAD
  • Loading branch information...
1 parent 82fbdcd commit 51dcac7ccc45f17459348edb2ce76929a065817d skodak committed Jan 6, 2009
Showing with 8 additions and 0 deletions.
  1. +8 −0 lib/setup.php
View
@@ -403,6 +403,14 @@ function addslashes_deep($value) {
}
}
+/// neutralise nasty chars in PHP_SELF
+ if (isset($_SERVER['PHP_SELF'])) {
+ $phppos = strpos($_SERVER['PHP_SELF'], '.php');
+ if ($phppos !== false) {
+ $_SERVER['PHP_SELF'] = substr($_SERVER['PHP_SELF'], 0, $phppos+4);
+ }
+ unset($phppos);
+ }
/// The following code can emulate "register globals" if required.
/// This hack is no longer being applied as of Moodle 1.6 unless you really

0 comments on commit 51dcac7

Please sign in to comment.