From 22958d2e7b8b0b05eeceec5676f63f0f3838cf09 Mon Sep 17 00:00:00 2001
From: fidian <fidian@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Thu, 26 Apr 2001 17:32:22 +0000
Subject: [PATCH] * Removed potential security loophole that I inadvertantly
 added.   Config vars used to be able to be overwritten by global data if  
 gpc_magic_quotes() was enabled.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@1311 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 src/validate.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/validate.php b/src/validate.php
index 7added47..b2c33353 100644
--- a/src/validate.php
+++ b/src/validate.php
@@ -17,11 +17,6 @@
    session_start();
    include ('../functions/auth.php');
    
-   // Everyone needs stuff from config, and config needs stuff from
-   // strings.php, so include them both here.
-   include ('../functions/strings.php');
-   include ('../config/config.php');
-   
    is_logged_in();
 
 
@@ -105,4 +100,11 @@
        }
    }
 
+   // Everyone needs stuff from config, and config needs stuff from
+   // strings.php, so include them both here.
+   // Include them down here instead of at the top so that all config
+   // variables overwrite any passed in variables (for security)
+   include ('../functions/strings.php');
+   include ('../config/config.php');
+   
 ?>
-- 
2.25.1