Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-17274 security: register globals not supported- now we are preven…

…ting upgrades and installs too; backported from HEAD

note: remind Eloy to run the install langs script with stringnames from 1.9
  • Loading branch information...
commit 7f43d9852e33f82e4b95139e066f1ed4053d0c14 1 parent 3af8b37
skodak authored
Showing with 14 additions and 3 deletions.
  1. +13 −3 install.php
  2. +1 −0  install/lang/en_utf8/installer.php
View
16 install.php
@@ -658,6 +658,8 @@ function print_object($object) {
function form_table($nextstage = WELCOME, $formaction = "install.php") {
global $INSTALL, $db;
+ $enablenext = true;
+
/// Print the standard form if we aren't in the DOWNLOADLANG page
/// because it has its own form.
if ($nextstage != DOWNLOADLANG) {
@@ -692,12 +694,16 @@ function form_table($nextstage = WELCOME, $formaction = "install.php") {
/// Check that PHP is of a sufficient version
print_compatibility_row(inst_check_php_version(), get_string('phpversion', 'install'), get_string('phpversionerror', 'install'), 'phpversionhelp');
+ $enablenext = $enablenext && inst_check_php_version();
/// Check session auto start
print_compatibility_row(!ini_get_bool('session.auto_start'), get_string('sessionautostart', 'install'), get_string('sessionautostarterror', 'install'), 'sessionautostarthelp');
+ $enablenext = $enablenext && !ini_get_bool('session.auto_start');
/// Check magic quotes
print_compatibility_row(!ini_get_bool('magic_quotes_runtime'), get_string('magicquotesruntime', 'install'), get_string('magicquotesruntimeerror', 'install'), 'magicquotesruntimehelp');
+ $enablenext = $enablenext && !ini_get_bool('magic_quotes_runtime');
/// Check unsupported PHP configuration
- print_compatibility_row(ini_get_bool('magic_quotes_gpc') || (!ini_get_bool('register_globals')), get_string('globalsquotes', 'install'), get_string('globalsquoteserror', 'install'), 'globalsquoteshelp');
+ print_compatibility_row(!ini_get_bool('register_globals'), get_string('globalsquotes', 'install'), get_string('globalswarning', 'install'));
+ $enablenext = $enablenext && !ini_get_bool('register_globals');
/// Check safe mode
print_compatibility_row(!ini_get_bool('safe_mode'), get_string('safemode', 'install'), get_string('safemodeerror', 'install'), 'safemodehelp', true);
/// Check file uploads
@@ -870,9 +876,11 @@ function form_table($nextstage = WELCOME, $formaction = "install.php") {
<input type="hidden" name="stage" value="<?php echo $nextstage ?>" />
<?php
}
+
+ $disabled = $enablenext ? '' : 'disabled="disabled"';
?>
- <?php echo ($nextstage < SAVE) ? "<input type=\"submit\" name=\"next\" value=\"".get_string('next')." &raquo;\" style=\"float: right\"/>\n" : "&nbsp;\n" ?>
+ <?php echo ($nextstage < SAVE) ? "<input $disabled type=\"submit\" name=\"next\" value=\"".get_string('next')." &raquo;\" style=\"float: right\"/>\n" : "&nbsp;\n" ?>
<?php echo ($nextstage > WELCOME) ? "<input type=\"submit\" name=\"prev\" value=\"&laquo; ".get_string('previous')."\" style=\"float: left\"/>\n" : "&nbsp;\n" ?>
<?php
@@ -916,7 +924,9 @@ function print_compatibility_row($success, $testtext, $errormessage, $helpfield=
echo "</p></td>\n";
echo "<td valign=\"top\">";
echo "<p>$errormessage ";
- install_helpbutton("install.php?help=$helpfield");
+ if ($helpfield !== '') {
+ install_helpbutton("install.php?help=$helpfield");
+ }
echo "</p></td>\n";
}
echo "</tr>\n";
View
1  install/lang/en_utf8/installer.php
@@ -119,6 +119,7 @@
<p>Under Windows you can usually edit php.ini and uncomment the line referencing libgd.dll.</p>';
$string['globalsquotes'] = 'Insecure Handling of Globals';
$string['globalsquoteserror'] = 'Fix your PHP settings: disable register_globals and/or enable magic_quotes_gpc';
+$string['globalswarning'] = '<p><strong>SECURITY WARNING!</strong></p><p> To operate properly, Moodle requires <br />that you make certain changes to your current PHP settings.</p><p>You <em>must</em> set <code>register_globals=off</code>.</p><p>This setting is controlled by editing your <code>php.ini</code>, Apache/IIS <br />configuration or <code>.htaccess</code> file.</p>';
$string['help'] = 'Help';
$string['iconvrecommended'] = 'Installing the optional ICONV library is highly recommended in order to improve site performance, particularly if your site is supporting non-latin languages.';
$string['info'] = 'Information';
Please sign in to comment.
Something went wrong with that request. Please try again.