* Removed potential security loophole that I inadvertantly added.
authorfidian <fidian@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 26 Apr 2001 17:32:22 +0000 (17:32 +0000)
committerfidian <fidian@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 26 Apr 2001 17:32:22 +0000 (17:32 +0000)
  Config vars used to be able to be overwritten by global data if
  gpc_magic_quotes() was enabled.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@1311 7612ce4b-ef26-0410-bec9-ea0150e637f0

src/validate.php

index 7added4..b2c3335 100644 (file)
    session_start();
    include ('../functions/auth.php');
    
-   // Everyone needs stuff from config, and config needs stuff from
-   // strings.php, so include them both here.
-   include ('../functions/strings.php');
-   include ('../config/config.php');
-   
    is_logged_in();
 
 
        }
    }
 
+   // Everyone needs stuff from config, and config needs stuff from
+   // strings.php, so include them both here.
+   // Include them down here instead of at the top so that all config
+   // variables overwrite any passed in variables (for security)
+   include ('../functions/strings.php');
+   include ('../config/config.php');
+   
 ?>