Commit 0ccb4c40 authored by Dries's avatar Dries

- Patch #258200 by pwolanin, dropcube: fixed access by-pass due to test framework.

parent bd91faf6
......@@ -20,6 +20,14 @@
* The installation phase we should proceed to.
*/
function install_main() {
// The user agent header is used to pass a database prefix in the request when
// running tests. However, for security reasons, it is imperative that no
// installation be permitted using such a prefix.
if (preg_match("/^simpletest\d+$/", $_SERVER['HTTP_USER_AGENT'])) {
header('HTTP/1.1 403 Forbidden');
exit;
}
require_once './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment