From: skodak <skodak>
Date: Wed, 19 Nov 2008 09:46:09 +0000 (+0000)
Subject: MDL-17274 security: register globals not supported- now we are preventing upgrades... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=627d326ade5da27f4781acdab7fa520dcc65e920;p=moodle.git

MDL-17274 security: register globals not supported- now we are preventing upgrades and installs too
---

diff --git a/admin/cliupgrade.php b/admin/cliupgrade.php
index 67cabe740a..7cd87ded5c 100644
--- a/admin/cliupgrade.php
+++ b/admin/cliupgrade.php
@@ -280,7 +280,7 @@ if (!file_exists(dirname(dirname(__FILE__)) . '/config.php')) {
     /// Check magic quotes
     check_compatibility(!ini_get_bool('magic_quotes_runtime'), get_string('magicquotesruntime', 'install'), get_string('magicquotesruntimeerror', 'install'),false,$silent);
     /// Check unsupported PHP configuration
-    check_compatibility(ini_get_bool('magic_quotes_gpc') || (!ini_get_bool('register_globals')), get_string('globalsquotes', 'install'), get_string('globalsquoteserror', 'install'),false,$silent);
+    check_compatibility(ini_get_bool('register_globals'), get_string('globalsquotes', 'install'), get_string('globalswarning', 'install'),false,$silent);
     /// Check safe mode
     check_compatibility(!ini_get_bool('safe_mode'), get_string('safemode', 'install'), get_string('safemodeerror', 'install'), true,$silent);
     /// Check file uploads
diff --git a/admin/environment.xml b/admin/environment.xml
index eb5b8570c4..315dadea67 100644
--- a/admin/environment.xml
+++ b/admin/environment.xml
@@ -200,7 +200,7 @@
           <ON_OK message="questioncwqpfsok" />
         </FEEDBACK>
       </CUSTOM_CHECK>
-      <CUSTOM_CHECK file="lib/customcheckslib.php" function="php_check_register_globals" level="optional">
+      <CUSTOM_CHECK file="lib/customcheckslib.php" function="php_check_register_globals" level="required">
         <FEEDBACK>
           <ON_CHECK message="globalswarning" />
         </FEEDBACK>
@@ -272,7 +272,7 @@
       </PHP_EXTENSION>
     </PHP_EXTENSIONS>
     <CUSTOM_CHECKS>
-      <CUSTOM_CHECK file="lib/customcheckslib.php" function="php_check_register_globals" level="optional">
+      <CUSTOM_CHECK file="lib/customcheckslib.php" function="php_check_register_globals" level="required">
         <FEEDBACK>
           <ON_CHECK message="globalswarning" />
         </FEEDBACK>
diff --git a/install.php b/install.php
index 8558dcbe38..55cf0b8cc2 100644
--- a/install.php
+++ b/install.php
@@ -640,6 +640,8 @@ if ($nextstage == SAVE) {
 function form_table($nextstage, $formaction, $databases) {
     global $INSTALL, $DB;
 
+    $enablenext = true;
+
     /// Print the standard form if we aren't in the DOWNLOADLANG page
     /// because it has its own form.
     if ($nextstage != DOWNLOADLANG) {
@@ -674,12 +676,16 @@ function form_table($nextstage, $formaction, $databases) {
 
             /// Check that PHP is of a sufficient version
             print_compatibility_row(inst_check_php_version(), get_string('phpversion', 'install'), get_string('php52versionerror', 'install'), 'php52versionhelp');
+            $enablenext = $enablenext && inst_check_php_version();
             /// Check session auto start
             print_compatibility_row(!ini_get_bool('session.auto_start'), get_string('sessionautostart', 'install'), get_string('sessionautostarterror', 'install'), 'sessionautostarthelp');
+            $enablenext = $enablenext && !ini_get_bool('session.auto_start');
             /// Check magic quotes
             print_compatibility_row(!ini_get_bool('magic_quotes_runtime'), get_string('magicquotesruntime', 'install'), get_string('magicquotesruntimeerror', 'install'), 'magicquotesruntimehelp');
+            $enablenext = $enablenext && !ini_get_bool('magic_quotes_runtime');
             /// Check unsupported PHP configuration
-            print_compatibility_row(ini_get_bool('magic_quotes_gpc') || (!ini_get_bool('register_globals')), get_string('globalsquotes', 'install'), get_string('globalsquoteserror', 'install'), 'globalsquoteshelp');
+            print_compatibility_row(!ini_get_bool('register_globals'), get_string('globalsquotes', 'install'), get_string('globalswarning', 'install'));
+            $enablenext = $enablenext && !ini_get_bool('register_globals');
             /// Check safe mode
             print_compatibility_row(!ini_get_bool('safe_mode'), get_string('safemode', 'install'), get_string('safemodeerror', 'install'), 'safemodehelp', true);
             /// Check file uploads
@@ -857,9 +863,11 @@ function form_table($nextstage, $formaction, $databases) {
             <div><input type="hidden" name="stage" value="<?php echo $nextstage ?>" /></div>
 <?php
     }
+
+    $disabled = $enablenext ? '' : 'disabled="disabled"';
 ?>
 
-            <?php echo ($nextstage < SAVE) ? "<div><input type=\"submit\" name=\"next\" value=\"".get_string('next')."  &raquo;\" style=\"float: ".fix_align_rtl("right")."\"/></div>\n" : "&nbsp;\n" ?>
+            <?php echo ($nextstage < SAVE) ? "<div><input $disabled type=\"submit\" name=\"next\" value=\"".get_string('next')."  &raquo;\" style=\"float: ".fix_align_rtl("right")."\"/></div>\n" : "&nbsp;\n" ?>
             <?php echo ($nextstage > WELCOME) ? "<div><input type=\"submit\" name=\"prev\" value=\"&laquo;  ".get_string('previous')."\" style=\"float: ".fix_align_rtl("left")."\"/></div>\n" : "&nbsp;\n" ?>
 
 <?php
@@ -903,7 +911,9 @@ function print_compatibility_row($success, $testtext, $errormessage, $helpfield=
         echo "</p></td>\n";
         echo "<td valign=\"top\">";
         echo "<p class=\"p_install\">$errormessage ";
-        install_helpbutton("install.php?help=$helpfield");
+        if ($helpfield !== '') {
+            install_helpbutton("install.php?help=$helpfield");
+        }
         echo "</p></td>\n";
     }
     echo "</tr>\n";