From c004427719464c24e299d348e9d8adfeea941e32 Mon Sep 17 00:00:00 2001
From: webchick <webchick@24967.no-reply.drupal.org>
Date: Tue, 6 Nov 2012 01:11:05 -0800
Subject: [PATCH] Issue #1816124 by Berdir, Damien Tournoud, David_Rothstein,
 pwolanin, chx: Fixed installer PHP code execution issues from
 SA-CORE-2012-003 (and backport anything to 7.x-dev as necessary).

---
 core/includes/install.core.inc | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc
index 50fb9b676a4..2b117bc5ce2 100644
--- a/core/includes/install.core.inc
+++ b/core/includes/install.core.inc
@@ -379,12 +379,11 @@ function install_begin_request(&$install_state) {
   else {
     $task = NULL;
 
-    // Since previous versions of Drupal stored database connection information
-    // in the 'db_url' variable, we should never let an installation proceed if
-    // this variable is defined and the settings file was not verified above
-    // (otherwise we risk installing over an existing site whose settings file
-    // has not yet been updated).
-    if (!empty($GLOBALS['db_url'])) {
+    // Do not install over a configured settings.php. Check the 'db_url'
+    // variable in addition to 'databases', since previous versions of Drupal
+    // used that (and we do not want to allow installations on an existing site
+    // whose settings file has not yet been updated).
+    if (!empty($GLOBALS['databases']) || !empty($GLOBALS['db_url'])) {
       throw new Exception(install_already_done_error());
     }
   }