diff options
| author | Yuriy Rusko <github@rusko.net> | 2011-06-14 06:11:35 -0400 |
|---|---|---|
| committer | Yuriy Rusko <github@rusko.net> | 2011-06-14 06:11:35 -0400 |
| commit | f8eb15471488fe5f84669a9abbc2fc3a705903de (patch) | |
| tree | ca8ffdfa9096a9a90c6f51771dfb663fb3eb6cee | |
| parent | 5223f7558b646628e0f040f7e25506eed8cbdfcf (diff) | |
| download | forums-f8eb15471488fe5f84669a9abbc2fc3a705903de.tar forums-f8eb15471488fe5f84669a9abbc2fc3a705903de.tar.gz forums-f8eb15471488fe5f84669a9abbc2fc3a705903de.tar.bz2 forums-f8eb15471488fe5f84669a9abbc2fc3a705903de.tar.xz forums-f8eb15471488fe5f84669a9abbc2fc3a705903de.zip | |
[ticket/10218] Moving global deregistration, etc. to startup.php
Because startup.php deletes all variables, the constants in
database_update are used to preserve settings at the top.
PHPBB3-10218
| -rw-r--r-- | phpBB/common.php | 107 | ||||
| -rw-r--r-- | phpBB/download/file.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/startup.php | 121 | ||||
| -rw-r--r-- | phpBB/install/database_update.php | 36 | ||||
| -rw-r--r-- | phpBB/install/index.php | 99 | ||||
| -rw-r--r-- | phpBB/style.php | 13 |
6 files changed, 138 insertions, 245 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index a176a45c38..491addc5e0 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -16,112 +16,7 @@ if (!defined('IN_PHPBB')) exit; } -$starttime = explode(' ', microtime()); -$starttime = $starttime[1] + $starttime[0]; - -// Report all errors, except notices and deprecation messages -if (!defined('E_DEPRECATED')) -{ - define('E_DEPRECATED', 8192); -} -error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); - -/* -* Remove variables created by register_globals from the global scope -* Thanks to Matt Kavanagh -*/ -function deregister_globals() -{ - $not_unset = array( - 'GLOBALS' => true, - '_GET' => true, - '_POST' => true, - '_COOKIE' => true, - '_REQUEST' => true, - '_SERVER' => true, - '_SESSION' => true, - '_ENV' => true, - '_FILES' => true, - 'phpEx' => true, - 'phpbb_root_path' => true - ); - - // Not only will array_merge and array_keys give a warning if - // a parameter is not an array, array_merge will actually fail. - // So we check if _SESSION has been initialised. - if (!isset($_SESSION) || !is_array($_SESSION)) - { - $_SESSION = array(); - } - - // Merge all into one extremely huge array; unset this later - $input = array_merge( - array_keys($_GET), - array_keys($_POST), - array_keys($_COOKIE), - array_keys($_SERVER), - array_keys($_SESSION), - array_keys($_ENV), - array_keys($_FILES) - ); - - foreach ($input as $varname) - { - if (isset($not_unset[$varname])) - { - // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) - { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - if (!is_array($cookie['GLOBALS'])) - { - break; - } - - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } - } - } - - unset($GLOBALS[$varname]); - } - - unset($input); -} - -// If we are on PHP >= 6.0.0 we do not need some code -if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) -{ - /** - * @ignore - */ - define('STRIP', false); -} -else -{ - @set_magic_quotes_runtime(0); - - // Be paranoid with passed vars - if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) - { - deregister_globals(); - } - - define('STRIP', (get_magic_quotes_gpc()) ? true : false); -} +require($phpbb_root_path . 'includes/startup.' . $phpEx); if (file_exists($phpbb_root_path . 'config.' . $phpEx)) { diff --git a/phpBB/download/file.php b/phpBB/download/file.php index ed5c4f55b8..c17f0cf018 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -31,12 +31,7 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT' if (isset($_GET['avatar'])) { - if (!defined('E_DEPRECATED')) - { - define('E_DEPRECATED', 8192); - } - error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); - + require($phpbb_root_path . 'includes/startup.' . $phpEx); require($phpbb_root_path . 'config.' . $phpEx); if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php new file mode 100644 index 0000000000..2958277174 --- /dev/null +++ b/phpBB/includes/startup.php @@ -0,0 +1,121 @@ +<?php +/** +* +* @package phpBB3 +* @copyright (c) 2011 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +/** +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} +$starttime = explode(' ', microtime()); +$starttime = $starttime[1] + $starttime[0]; + +// Report all errors, except notices and deprecation messages +if (!defined('E_DEPRECATED')) +{ + define('E_DEPRECATED', 8192); +} +error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); + +/* +* Remove variables created by register_globals from the global scope +* Thanks to Matt Kavanagh +*/ +function deregister_globals() +{ + $not_unset = array( + 'GLOBALS' => true, + '_GET' => true, + '_POST' => true, + '_COOKIE' => true, + '_REQUEST' => true, + '_SERVER' => true, + '_SESSION' => true, + '_ENV' => true, + '_FILES' => true, + 'phpEx' => true, + 'phpbb_root_path' => true + ); + + // Not only will array_merge and array_keys give a warning if + // a parameter is not an array, array_merge will actually fail. + // So we check if _SESSION has been initialised. + if (!isset($_SESSION) || !is_array($_SESSION)) + { + $_SESSION = array(); + } + + // Merge all into one extremely huge array; unset this later + $input = array_merge( + array_keys($_GET), + array_keys($_POST), + array_keys($_COOKIE), + array_keys($_SERVER), + array_keys($_SESSION), + array_keys($_ENV), + array_keys($_FILES) + ); + + foreach ($input as $varname) + { + if (isset($not_unset[$varname])) + { + // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) + if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + { + exit; + } + else + { + $cookie = &$_COOKIE; + while (isset($cookie['GLOBALS'])) + { + if (!is_array($cookie['GLOBALS'])) + { + break; + } + + foreach ($cookie['GLOBALS'] as $registered_var => $value) + { + if (!isset($not_unset[$registered_var])) + { + unset($GLOBALS[$registered_var]); + } + } + $cookie = &$cookie['GLOBALS']; + } + } + } + + unset($GLOBALS[$varname]); + } + + unset($input); +} + +// If we are on PHP >= 6.0.0 we do not need some code +if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) +{ + /** + * @ignore + */ + define('STRIP', false); +} +else +{ + @set_magic_quotes_runtime(0); + + // Be paranoid with passed vars + if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) + { + deregister_globals(); + } + + define('STRIP', (get_magic_quotes_gpc()) ? true : false); +} diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 504d9afd68..478ec36c23 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -8,17 +8,21 @@ * */ -$updates_to_version = '3.0.9-RC1'; +define('UPDATES_TO_VERSION', '3.0.9-RC1'); // Enter any version to update from to test updates. The version within the db will not be updated. -$debug_from_version = false; +define('DEBUG_FROM_VERSION', false); // Which oldest version does this updater support? -$oldest_from_version = '3.0.0'; +define('OLDEST_FROM_VERSION', '3.0.0'); // Return if we "just include it" to find out for which version the database update is responsible for if (defined('IN_PHPBB') && defined('IN_INSTALL')) { + $updates_to_version = UPDATES_TO_VERSION; + $debug_from_version = DEBUG_FROM_VERSION; + $oldest_from_version = OLDEST_FROM_VERSION; + return; } @@ -30,12 +34,12 @@ define('IN_INSTALL', true); $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); -// Report all errors, except notices and deprecation messages -if (!defined('E_DEPRECATED')) -{ - define('E_DEPRECATED', 8192); -} -//error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); +require($phpbb_root_path . 'includes/startup.' . $phpEx); + +$updates_to_version = UPDATES_TO_VERSION; +$debug_from_version = DEBUG_FROM_VERSION; +$oldest_from_version = OLDEST_FROM_VERSION; + error_reporting(E_ALL); @set_time_limit(0); @@ -85,20 +89,6 @@ if (!defined('LOGIN_ATTEMPT_TABLE')) define('LOGIN_ATTEMPT_TABLE', $table_prefix . 'login_attempts'); } -// If we are on PHP >= 6.0.0 we do not need some code -if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) -{ - /** - * @ignore - */ - define('STRIP', false); -} -else -{ - @set_magic_quotes_runtime(0); - define('STRIP', (get_magic_quotes_gpc()) ? true : false); -} - $user = new user(); $cache = new cache(); $db = new $sql_db(); diff --git a/phpBB/install/index.php b/phpBB/install/index.php index bace22f177..ff6a297022 100644 --- a/phpBB/install/index.php +++ b/phpBB/install/index.php @@ -18,110 +18,13 @@ define('IN_INSTALL', true); $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); -// Report all errors, except notices and deprecation messages -if (!defined('E_DEPRECATED')) -{ - define('E_DEPRECATED', 8192); -} -error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); - // @todo Review this test and see if we can find out what it is which prevents PHP 4.2.x from even displaying the page with requirements on it if (version_compare(PHP_VERSION, '4.3.3') < 0) { die('You are running an unsupported PHP version. Please upgrade to PHP 4.3.3 or higher before trying to install phpBB 3.0'); } -/* -* Remove variables created by register_globals from the global scope -* Thanks to Matt Kavanagh -*/ -function deregister_globals() -{ - $not_unset = array( - 'GLOBALS' => true, - '_GET' => true, - '_POST' => true, - '_COOKIE' => true, - '_REQUEST' => true, - '_SERVER' => true, - '_SESSION' => true, - '_ENV' => true, - '_FILES' => true, - 'phpEx' => true, - 'phpbb_root_path' => true - ); - - // Not only will array_merge and array_keys give a warning if - // a parameter is not an array, array_merge will actually fail. - // So we check if _SESSION has been initialised. - if (!isset($_SESSION) || !is_array($_SESSION)) - { - $_SESSION = array(); - } - - // Merge all into one extremely huge array; unset this later - $input = array_merge( - array_keys($_GET), - array_keys($_POST), - array_keys($_COOKIE), - array_keys($_SERVER), - array_keys($_SESSION), - array_keys($_ENV), - array_keys($_FILES) - ); - - foreach ($input as $varname) - { - if (isset($not_unset[$varname])) - { - // Hacking attempt. No point in continuing unless it's a COOKIE - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) - { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } - } - } - - unset($GLOBALS[$varname]); - } - - unset($input); -} - -// If we are on PHP >= 6.0.0 we do not need some code -if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) -{ - /** - * @ignore - */ - define('STRIP', false); -} -else -{ - @set_magic_quotes_runtime(0); - - // Be paranoid with passed vars - if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') - { - deregister_globals(); - } - - define('STRIP', (get_magic_quotes_gpc()) ? true : false); -} +require($phpbb_root_path . 'includes/startup.' . $phpEx); // Try to override some limits - maybe it helps some... @set_time_limit(0); diff --git a/phpBB/style.php b/phpBB/style.php index f3e1b4c89e..916aa8ce5c 100644 --- a/phpBB/style.php +++ b/phpBB/style.php @@ -15,13 +15,7 @@ define('IN_PHPBB', true); $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './'; $phpEx = substr(strrchr(__FILE__, '.'), 1); -// Report all errors, except notices and deprecation messages -if (!defined('E_DEPRECATED')) -{ - define('E_DEPRECATED', 8192); -} -error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); - +require($phpbb_root_path . 'includes/startup.' . $phpEx); require($phpbb_root_path . 'config.' . $phpEx); if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) @@ -29,11 +23,6 @@ if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) exit; } -if (version_compare(PHP_VERSION, '6.0.0-dev', '<')) -{ - @set_magic_quotes_runtime(0); -} - // Load Extensions if (!empty($load_extensions) && function_exists('dl')) { |