Commit 0ccb4c40 authored by Dries's avatar Dries
Browse files

- Patch #258200 by pwolanin, dropcube: fixed access by-pass due to test framework.

parent bd91faf6
......@@ -20,6 +20,14 @@
* The installation phase we should proceed to.
function install_main() {
// The user agent header is used to pass a database prefix in the request when
// running tests. However, for security reasons, it is imperative that no
// installation be permitted using such a prefix.
if (preg_match("/^simpletest\d+$/", $_SERVER['HTTP_USER_AGENT'])) {
header('HTTP/1.1 403 Forbidden');
require_once './includes/';
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment