? files
? register_globals_check-D5.patch
? register_globals_check-D5_0.patch
? sites/default/themes
Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.69.2.9
diff -u -p -r1.69.2.9 system.install
--- modules/system/system.install 10 Jan 2008 22:14:24 -0000 1.69.2.9
+++ modules/system/system.install 16 Jan 2008 17:48:45 -0000
@@ -39,9 +39,24 @@ function system_requirements($phase) {
$requirements['php']['description'] = $t('Your PHP installation is too old. Drupal requires at least PHP %version.', array('%version' => DRUPAL_MINIMUM_PHP));
$requirements['php']['severity'] = REQUIREMENT_ERROR;
}
- if (ini_get('register_globals')) {
- $requirements['php']['description'] = $t('register_globals is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when register_globals is enabled. The PHP manual has instructions for how to change configuration settings.');
- $requirements['php']['severity'] = REQUIREMENT_ERROR;
+
+ // Test PHP register_globals setting.
+ $requirements['php_register_globals'] = array(
+ 'title' => $t('PHP register globals'),
+ );
+ $register_globals = ini_get('register_globals');
+ // Register globals is guaranteed to be off if the value is 'off', '', or 0.
+ // Due to the wide range of results returned by ini_get(), this test may
+ // result in false positives (for example if the ini_get() returns any
+ // string other than '' or 'off'), but it should never tell the user that
+ // their site is secure with register globals off, when it is in fact on.
+ if (!empty($register_globals) && strtolower($register_globals) != 'off') {
+ $requirements['php_register_globals']['description'] = $t('register_globals is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when register_globals is enabled. The PHP manual has instructions for how to change configuration settings.');
+ $requirements['php_register_globals']['severity'] = REQUIREMENT_ERROR;
+ $requirements['php_register_globals']['value'] = $t("Enabled ('@value')", array('@value' => $register_globals));
+ }
+ else {
+ $requirements['php_register_globals']['value'] = $t('Disabled');
}
// Test DB version