Fix issue introduced previously whereby php_Self is now used unchecked.

introduced previously by john attempting to fix symlinks. Since we now use php 5.2, we can make use of filter_var.

This is a simpler version of what we were trying to do previously aka http://git.mantisforge.org/w/mantisbt.git?a=commitdiff;h=5ac1fdf32717d0c82cca7e7660dd4fd316a6a1b8

Depending on server/mantis config this can lead to XSS issues

config_defaults_inc.php

@@ -126,10 +126,20 @@
 		$t_host = 'localhost';
 	}
 
-	$t_path = str_replace( basename( $_SERVER['PHP_SELF'] ), '', $_SERVER['PHP_SELF'] );
+	if( isset( $_SERVER['SCRIPT_NAME'] ) ) {
+		$t_self = $_SERVER['SCRIPT_NAME'];
+	} else {
+		$t_self = $_SERVER['PHP_SELF'];
+	}
+
+	$t_self = filter_var($t_self, FILTER_SANITIZE_STRING);
+	$t_path = str_replace( basename( $t_self ), '', $t_self );
 	$t_path = basename( $t_path ) == "admin" ? rtrim( dirname( $t_path ), '/\\' ) . '/' : $t_path;
 	$t_path = basename( $t_path ) == "soap" ? rtrim( dirname( dirname( $t_path ) ), '/\\' ) . '/' : $t_path;
-
+	if( strpos( $t_path, '&#' ) ) {
+		echo 'Can not safely determine $g_path. Please set $g_path manually in config_inc.php';
+		die;
+	}
 	$t_url	= $t_protocol . '://' . $t_host . $t_path;
 
 } else {