Permalink
Browse files

Amended php_self to stop spoofing

  • Loading branch information...
1 parent 12ae222 commit b858db106b69c2c1866837e51eac627bd81ac8f1 @gburton gburton committed with haraldpdl Jul 17, 2010
Showing with 1 addition and 1 deletion.
  1. +1 −1 catalog/admin/includes/application_top.php
@@ -34,7 +34,7 @@
require(DIR_WS_FUNCTIONS . 'compatibility.php');
// set php_self in the local scope
- $PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']);
+ $PHP_SELF = $_SERVER['SCRIPT_FILENAME'];
// Used in the "Backup Manager" to compress backups
define('LOCAL_EXE_GZIP', 'gzip');

0 comments on commit b858db1

Please sign in to comment.