From 04b25912a6e0570032b2205ced16d83d9f4df6d7 Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Mon, 29 Apr 2019 14:05:15 +1000
Subject: [PATCH] Resolve security/core#52 by validating that an installtype is
 sensible

---
 install/index.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/install/index.php b/install/index.php
index c6cd5c63ba..6eaf8a5030 100644
--- a/install/index.php
+++ b/install/index.php
@@ -63,14 +63,16 @@ global $installURLPath;
 // Set the install type
 // this is sent as a query string when the page is first loaded
 // and subsequently posted to the page as a hidden field
-if (isset($_POST['civicrm_install_type'])) {
+// only permit acceptable installation types to prevent issues;
+$acceptableInstallTypes = ['drupal', 'wordpress', 'backdrop'];
+if (isset($_POST['civicrm_install_type']) && in_array($_POST['civicrm_install_type'], $acceptableInstallTypes)) {
   $installType = $_POST['civicrm_install_type'];
 }
-elseif (isset($_GET['civicrm_install_type'])) {
+elseif (isset($_GET['civicrm_install_type']) && in_array(strtolower($_GET['civicrm_install_type']), $acceptableInstallTypes)) {
   $installType = strtolower($_GET['civicrm_install_type']);
 }
 else {
-  // default value if not set
+  // default value if not set and not an acceptable install type.
   $installType = "drupal";
 }
 
-- 
2.25.1