From 8fdd30964e59f9f85e22aff2717132872b2038dc Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Fri, 21 Oct 2005 02:47:47 +0000
Subject: [PATCH] security fix

---
 ChangeLog                      | 1 +
 libraries/common.lib.php       | 4 ++++
 libraries/grab_globals.lib.php | 6 ++++++
 3 files changed, 11 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 9f886da74..ec433548a 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@ $Source$
 
 2005-10-20 Marc Delisle  <lem9@users.sourceforge.net>
     * server_databases.php: security fix
+    * libraries/common.lib.php, /grab_globals.lib.php: security fix
 
 2005-10-20 Alexander M. Turek  <me@derrabus.de>
     * libraries/mysql_charsets.lib.php:
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index d303c6bc7..1b358d153 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -47,6 +47,10 @@
  * - other functions, respecting dependencies
  */
 
+// grab_globals.lib.php should really go before common.lib.php
+// TODO: remove direct calling from elsewhere
+require_once('./libraries/grab_globals.lib.php');
+
 /**
  * Minimum inclusion? (i.e. for the stylesheet builder)
  */
diff --git a/libraries/grab_globals.lib.php b/libraries/grab_globals.lib.php
index 64b68579e..45328479d 100644
--- a/libraries/grab_globals.lib.php
+++ b/libraries/grab_globals.lib.php
@@ -11,6 +11,12 @@
  *
  * loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
  */
+ 
+// protect against older PHP versions' bug about GLOBALS overwrite
+// (no need to translate this one :) )
+if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
+    die("GLOBALS overwrite attempt");
+}
 
 require_once './libraries/session.inc.php';