From: moodler <moodler>
Date: Fri, 9 May 2003 02:02:27 +0000 (+0000)
Subject: IMPORTANT SECURITY FIX - this makes sure $CFG can not be overridden
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=3d9f0f81d6e14d56a5ef07915b352b615a6cdf32;p=moodle.git

IMPORTANT SECURITY FIX - this makes sure $CFG can not be overridden
---

diff --git a/config-dist.php b/config-dist.php
index 4a4b0733a2..0093b62f28 100644
--- a/config-dist.php
+++ b/config-dist.php
@@ -28,6 +28,7 @@
 //                                                                       //
 ///////////////////////////////////////////////////////////////////////////
 
+unset($CFG);  // Ignore this line
 
 //=========================================================================
 // 1. DATABASE SETUP
@@ -48,6 +49,9 @@ $CFG->dbname    = "moodle";      // database name, eg moodle
 $CFG->dbuser    = "username";    // your database username
 $CFG->dbpass    = "password";    // your database password
 
+$CFG->dbpersist = true;          // Use persistent database connection? 
+                                 // (should be 'true' for 99% of sites)
+
 $CFG->prefix    = "mdl_";        // Prefix to use for all table names
 
 
diff --git a/lib/setup.php b/lib/setup.php
index 134c774ce4..34b8875a5a 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -140,6 +140,9 @@
 /// Eventually I'll go through and upgrade all the code to make this unnecessary
 
     if (isset($_REQUEST)) {
+        if (isset($_REQUEST['CFG'])) {
+            unset($_REQUEST['CFG']);  // We don't want to overwrite $CFG!
+        }
         extract($_REQUEST);
     }
     if (isset($_SERVER)) {