From ce20dec32d4672056caf23cd75ed001dafc49c3d Mon Sep 17 00:00:00 2001
From: Yannick Warnier <yannick.warnier@beeznest.com>
Date: Tue, 1 May 2007 18:03:27 +0200
Subject: [PATCH] [svn r12210] Moved filtering of PHP_SELF to avoid injection
 in GLOBALS

---
 main/inc/global.inc.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/main/inc/global.inc.php b/main/inc/global.inc.php
index eb454ff6b0..a3c9ffefec 100644
--- a/main/inc/global.inc.php
+++ b/main/inc/global.inc.php
@@ -161,6 +161,8 @@ if (!$x=strpos($_SERVER['PHP_SELF'],'whoisonline.php'))
 
 
 
+// preventing XSS injections on all scripts at once
+$_SERVER['PHP_SELF'] = api_get_self();
 
 if(get_setting('server_type') == 'test')
 {
@@ -406,7 +408,4 @@ if(mysql_num_rows($q_last_connection) > 0)
 	$s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date=NOW() WHERE login_id='$i_id_last_connection'";
 	api_sql_query($s_sql_update_logout_date);
 }
-
-// preventing XSS injections on all scripts at once
-$_SERVER['PHP_SELF'] = api_get_self();
 ?>
\ No newline at end of file