Browse files

MDL-17274 security: register globals not supported- now we are preven…

…ting upgrades and installs too; backported from HEAD
  • Loading branch information...
1 parent 7d14562 commit d4e98fcfbd3653086171648ac0ab6019b71d5837 skodak committed Nov 19, 2008
Showing with 13 additions and 3 deletions.
  1. +13 −3 install.php
View
16 install.php
@@ -772,6 +772,8 @@ function print_object($object) {
function form_table($nextstage = WELCOME, $formaction = "install.php") {
global $INSTALL, $db;
+ $enablenext = true;
+
/// Print the standard form if we aren't in the DOWNLOADLANG page
/// because it has its own form.
if ($nextstage != DOWNLOADLANG) {
@@ -806,12 +808,16 @@ function form_table($nextstage = WELCOME, $formaction = "install.php") {
/// Check that PHP is of a sufficient version
print_compatibility_row(inst_check_php_version(), get_string('phpversion', 'install'), get_string('phpversionerror', 'install'), 'phpversionhelp');
+ $enablenext = $enablenext && inst_check_php_version();
/// Check session auto start
print_compatibility_row(!ini_get_bool('session.auto_start'), get_string('sessionautostart', 'install'), get_string('sessionautostarterror', 'install'), 'sessionautostarthelp');
+ $enablenext = $enablenext && !ini_get_bool('session.auto_start');
/// Check magic quotes
print_compatibility_row(!ini_get_bool('magic_quotes_runtime'), get_string('magicquotesruntime', 'install'), get_string('magicquotesruntimeerror', 'install'), 'magicquotesruntimehelp');
+ $enablenext = $enablenext && !ini_get_bool('magic_quotes_runtime');
/// Check unsupported PHP configuration
- print_compatibility_row(ini_get_bool('magic_quotes_gpc') || (!ini_get_bool('register_globals')), get_string('globalsquotes', 'install'), get_string('globalsquoteserror', 'install'), 'globalsquoteshelp');
+ print_compatibility_row(!ini_get_bool('register_globals'), get_string('globalsquotes', 'install'), get_string('globalswarning', 'install'));
+ $enablenext = $enablenext && !ini_get_bool('register_globals');
/// Check safe mode
print_compatibility_row(!ini_get_bool('safe_mode'), get_string('safemode', 'install'), get_string('safemodeerror', 'install'), 'safemodehelp', true);
/// Check file uploads
@@ -990,9 +996,11 @@ function form_table($nextstage = WELCOME, $formaction = "install.php") {
<input type="hidden" name="stage" value="<?php echo $nextstage ?>" />
<?php
}
+
+ $disabled = $enablenext ? '' : 'disabled="disabled"';
?>
- <?php echo ($nextstage < SAVE) ? "<input type=\"submit\" name=\"next\" value=\"".get_string('next')." &raquo;\" style=\"float: right\"/>\n" : "&nbsp;\n" ?>
+ <?php echo ($nextstage < SAVE) ? "<input $disabled type=\"submit\" name=\"next\" value=\"".get_string('next')." &raquo;\" style=\"float: right\"/>\n" : "&nbsp;\n" ?>
<?php echo ($nextstage > WELCOME) ? "<input type=\"submit\" name=\"prev\" value=\"&laquo; ".get_string('previous')."\" style=\"float: left\"/>\n" : "&nbsp;\n" ?>
<?php
@@ -1036,7 +1044,9 @@ function print_compatibility_row($success, $testtext, $errormessage, $helpfield=
echo "</p></td>\n";
echo "<td valign=\"top\">";
echo "<p>$errormessage ";
- install_helpbutton("install.php?help=$helpfield");
+ if ($helpfield !== '') {
+ install_helpbutton("install.php?help=$helpfield");
+ }
echo "</p></td>\n";
}
echo "</tr>\n";

0 comments on commit d4e98fc

Please sign in to comment.