On Thu, Jun 5, 2008 at 5:59 AM, <ialex(a)svn.wikimedia.org> wrote:
Define $wgRateLimitsExcludedGroups to an empty array to avoid some PHP warnings, thanks
to siebrand for reporting it.
This is more than just PHP warnings, it creates a register_globals
vulnerability. Don't ever use globals (even with isset() or other
non-warning-raising uses) without initializing them, because they can
be initialized from the URL on vulnerable installations.
One nice thing about PHP 6 is we'll no longer have to worry about this. :)