X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=install%2Findex.php;h=9d86c115e18545f3162d6f05d7afcf49852e245b;hb=f425e17af762da1d66fcd3a992dd0dcf3f9d3c4d;hp=c6cd5c63ba15c28607f5dbd5ad346e69d914e93a;hpb=683bf89187ea00ea7c6a4d41306ad1fbb4f3cde2;p=civicrm-core.git

diff --git a/install/index.php b/install/index.php
index c6cd5c63ba..9d86c115e1 100644
--- a/install/index.php
+++ b/install/index.php
@@ -63,14 +63,16 @@ global $installURLPath;
 // Set the install type
 // this is sent as a query string when the page is first loaded
 // and subsequently posted to the page as a hidden field
-if (isset($_POST['civicrm_install_type'])) {
+// only permit acceptable installation types to prevent issues;
+$acceptableInstallTypes = ['drupal', 'wordpress', 'backdrop'];
+if (isset($_POST['civicrm_install_type']) && in_array($_POST['civicrm_install_type'], $acceptableInstallTypes)) {
   $installType = $_POST['civicrm_install_type'];
 }
-elseif (isset($_GET['civicrm_install_type'])) {
+elseif (isset($_GET['civicrm_install_type']) && in_array(strtolower($_GET['civicrm_install_type']), $acceptableInstallTypes)) {
   $installType = strtolower($_GET['civicrm_install_type']);
 }
 else {
-  // default value if not set
+  // default value if not set and not an acceptable install type.
   $installType = "drupal";
 }
 
@@ -621,7 +623,7 @@ class InstallRequirements {
 
     $this->requirePHPVersion(array(
       ts("PHP Configuration"),
-      ts("PHP5 installed"),
+      ts("PHP7 installed"),
     ));
 
     // Check that we can identify the root folder successfully