On Thu, Jun 5, 2008 at 5:59 AM, ialex@svn.wikimedia.org wrote:

Log Message:

Define $wgRateLimitsExcludedGroups to an empty array to avoid some PHP warnings, thanks to siebrand for reporting it.

This is more than just PHP warnings, it creates a register_globals vulnerability. Don't ever use globals (even with isset() or other non-warning-raising uses) without initializing them, because they can be initialized from the URL on vulnerable installations.

One nice thing about PHP 6 is we'll no longer have to worry about this. :)