diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-04-29 13:31:32 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-04-29 13:31:32 +0000 |
| commit | b011b84060759f83c323c1f4bbfee75c7028d7d7 (patch) | |
| tree | dc475f888ded1d6e6efbe6d6069e17d58f5147d3 /phpBB/common.php | |
| parent | 859902ea243824b48d2b67d806cd622746bed00f (diff) | |
| download | forums-b011b84060759f83c323c1f4bbfee75c7028d7d7.tar forums-b011b84060759f83c323c1f4bbfee75c7028d7d7.tar.gz forums-b011b84060759f83c323c1f4bbfee75c7028d7d7.tar.bz2 forums-b011b84060759f83c323c1f4bbfee75c7028d7d7.tar.xz forums-b011b84060759f83c323c1f4bbfee75c7028d7d7.zip | |
blah
git-svn-id: file:///svn/phpbb/trunk@5860 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/common.php')
| -rw-r--r-- | phpBB/common.php | 106 |
1 files changed, 56 insertions, 50 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index d8307713fe..88577c6971 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -23,8 +23,61 @@ if (!defined('IN_PHPBB')) $starttime = explode(' ', microtime()); $starttime = $starttime[1] + $starttime[0]; -error_reporting(E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables -//error_reporting(E_ALL); +error_reporting(E_ERROR | E_WARNING | E_PARSE); + +/* +* Remove variables created by register_globals from the global scope +* Thanks to Matt Kavanagh +*/ +function deregister_globals() +{ + $not_unset = array( + 'GLOBALS' => true, + '_GET' => true, + '_POST' => true, + '_COOKIE' => true, + '_REQUEST' => true, + '_SERVER' => true, + '_SESSION' => true, + '_ENV' => true, + '_FILES' => true, + 'phpEx' => true, + 'phpbb_root_path' => true + ); + + // Not only will array_merge and array_keys give a warning if + // a parameter is not an array, array_merge will actually fail. + // So we check if _SESSION has been initialised. + if (!isset($_SESSION) || !is_array($_SESSION)) + { + $_SESSION = array(); + } + + // Merge all into one extremely huge array; unset + // this later + $input = array_merge( + array_keys($_GET), + array_keys($_POST), + array_keys($_COOKIE), + array_keys($_SERVER), + array_keys($_SESSION), + array_keys($_ENV), + array_keys($_FILES) + ); + + foreach ($input as $varname) + { + if (isset($not_unset[$varname])) + { + // Hacking attempt. No point in continuing. + exit; + } + + unset($GLOBALS[$varname]); + } + + unset($input); +} // If we are on PHP >= 6.0.0 we do not need some code if (version_compare(phpversion(), '6.0.0-dev', '>=')) @@ -38,54 +91,7 @@ else // Be paranoid with passed vars if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { - // Remove variables created by register_globals from the global scope - // Thanks to Matt Kavanagh - $not_unset = array( - 'GLOBALS' => true, - '_GET' => true, - '_POST' => true, - '_COOKIE' => true, - '_REQUEST' => true, - '_SERVER' => true, - '_SESSION' => true, - '_ENV' => true, - '_FILES' => true, - 'phpEx' => true, - 'phpbb_root_path' => true - ); - - // Not only will array_merge and array_keys give a warning if - // a parameter is not an array, array_merge will actually fail. - // So we check if _SESSION has been initialised. - if (!isset($_SESSION) || !is_array($_SESSION)) - { - $_SESSION = array(); - } - - // Merge all into one extremely huge array; unset - // this later - $input = array_merge( - array_keys($_GET), - array_keys($_POST), - array_keys($_COOKIE), - array_keys($_SERVER), - array_keys($_SESSION), - array_keys($_ENV), - array_keys($_FILES) - ); - - foreach ($input as $varname) - { - if (isset($not_unset[$varname])) - { - // Hacking attempt. No point in continuing. - exit; - } - - unset($GLOBALS[$varname]); - } - - unset($input); + deregister_globals(); } define('STRIP', (get_magic_quotes_gpc()) ? true : false); |