Commit c0044277 authored by webchick's avatar webchick
Browse files

Issue #1816124 by Berdir, Damien Tournoud, David_Rothstein, pwolanin, chx:...

Issue #1816124 by Berdir, Damien Tournoud, David_Rothstein, pwolanin, chx: Fixed installer PHP code execution issues from SA-CORE-2012-003 (and backport anything to 7.x-dev as necessary).
parent d65270d4
......@@ -379,12 +379,11 @@ function install_begin_request(&$install_state) {
else {
$task = NULL;
// Since previous versions of Drupal stored database connection information
// in the 'db_url' variable, we should never let an installation proceed if
// this variable is defined and the settings file was not verified above
// (otherwise we risk installing over an existing site whose settings file
// has not yet been updated).
if (!empty($GLOBALS['db_url'])) {
// Do not install over a configured settings.php. Check the 'db_url'
// variable in addition to 'databases', since previous versions of Drupal
// used that (and we do not want to allow installations on an existing site
// whose settings file has not yet been updated).
if (!empty($GLOBALS['databases']) || !empty($GLOBALS['db_url'])) {
throw new Exception(install_already_done_error());
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment