security fix

ChangeLog

@@ -7,6 +7,7 @@ $Source$
 
 2005-10-20 Marc Delisle  <lem9@users.sourceforge.net>
     * server_databases.php: security fix
+    * libraries/common.lib.php, /grab_globals.lib.php: security fix
 
 2005-10-20 Alexander M. Turek  <me@derrabus.de>
     * libraries/mysql_charsets.lib.php:

libraries/common.lib.php

@@ -47,6 +47,10 @@
  * - other functions, respecting dependencies
  */
 
+// grab_globals.lib.php should really go before common.lib.php
+// TODO: remove direct calling from elsewhere
+require_once('./libraries/grab_globals.lib.php');
+
 /**
  * Minimum inclusion? (i.e. for the stylesheet builder)
  */

libraries/grab_globals.lib.php

@@ -12,6 +12,12 @@
  * loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
  */
  
+// protect against older PHP versions' bug about GLOBALS overwrite
+// (no need to translate this one :) )
+if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
+    die("GLOBALS overwrite attempt");
+}
+
 require_once './libraries/session.inc.php';
 
 function PMA_gpc_extract($array, &$target, $sanitize = TRUE) {