diff options
| -rw-r--r-- | phpBB/common.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/startup.php | 83 | ||||
| -rw-r--r-- | phpBB/phpbb/files/filespec.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/passwords/driver/md5_phpbb2.php | 2 |
4 files changed, 7 insertions, 85 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index 70feb55d04..172503f078 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -20,11 +20,6 @@ if (!defined('IN_PHPBB')) exit; } -if (version_compare(PHP_VERSION, '5.4') < 0) -{ - die('You are running an unsupported PHP version. Please upgrade to PHP 5.4.0 or higher before trying to install or update to phpBB 3.2'); -} - require($phpbb_root_path . 'includes/startup.' . $phpEx); require($phpbb_root_path . 'phpbb/class_loader.' . $phpEx); diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 5900016c39..66f85657a5 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -22,88 +22,15 @@ if (!defined('IN_PHPBB')) $level = E_ALL & ~E_NOTICE & ~E_DEPRECATED; error_reporting($level); -/* -* Remove variables created by register_globals from the global scope -* Thanks to Matt Kavanagh +/** +* Minimum Requirement: PHP 5.4.0 */ -function deregister_globals() +if (version_compare(PHP_VERSION, '5.4') < 0) { - $not_unset = array( - 'GLOBALS' => true, - '_GET' => true, - '_POST' => true, - '_COOKIE' => true, - '_REQUEST' => true, - '_SERVER' => true, - '_SESSION' => true, - '_ENV' => true, - '_FILES' => true, - 'phpEx' => true, - 'phpbb_root_path' => true - ); - - // Not only will array_merge and array_keys give a warning if - // a parameter is not an array, array_merge will actually fail. - // So we check if _SESSION has been initialised. - if (!isset($_SESSION) || !is_array($_SESSION)) - { - $_SESSION = array(); - } - - // Merge all into one extremely huge array; unset this later - $input = array_merge( - array_keys($_GET), - array_keys($_POST), - array_keys($_COOKIE), - array_keys($_SERVER), - array_keys($_SESSION), - array_keys($_ENV), - array_keys($_FILES) - ); - - foreach ($input as $varname) - { - if (isset($not_unset[$varname])) - { - // Hacking attempt. No point in continuing. - if (isset($_COOKIE[$varname])) - { - echo "Clear your cookies. "; - } - echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; - exit; - } - - unset($GLOBALS[$varname]); - } - - unset($input); + die('You are running an unsupported PHP version. Please upgrade to PHP 5.4.0 or higher before trying to install or update to phpBB 3.2'); } +// Register globals and magic quotes have been dropped in PHP 5.4 so no need for extra checks -// Register globals and magic quotes have been dropped in PHP 5.4 -if (version_compare(PHP_VERSION, '5.4.0-dev', '>=')) -{ - /** - * @ignore - */ - define('STRIP', false); -} -else -{ - if (get_magic_quotes_runtime()) - { - // Deactivate - @set_magic_quotes_runtime(0); - } - - // Be paranoid with passed vars - if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) - { - deregister_globals(); - } - - define('STRIP', (get_magic_quotes_gpc()) ? true : false); -} // In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems // because we show E_WARNING errors and do not set a default timezone. diff --git a/phpBB/phpbb/files/filespec.php b/phpBB/phpbb/files/filespec.php index 2ff2a92c83..f1a32ef4a8 100644 --- a/phpBB/phpbb/files/filespec.php +++ b/phpBB/phpbb/files/filespec.php @@ -129,7 +129,7 @@ class filespec $this->class_initialized = true; $this->filename = $upload_ary['tmp_name']; $this->filesize = $upload_ary['size']; - $name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name']; + $name = $upload_ary['name']; $name = trim(utf8_basename($name)); $this->realname = $this->uploadname = $name; $this->mimetype = $upload_ary['type']; diff --git a/phpBB/phpbb/passwords/driver/md5_phpbb2.php b/phpBB/phpbb/passwords/driver/md5_phpbb2.php index bd8cc51e5a..b38b041d6c 100644 --- a/phpBB/phpbb/passwords/driver/md5_phpbb2.php +++ b/phpBB/phpbb/passwords/driver/md5_phpbb2.php @@ -95,7 +95,7 @@ class md5_phpbb2 extends base // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; - $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; + $password_old_format = addslashes($password_old_format); $password_new_format = $this->request->variable('password', '', true); if ($super_globals_disabled) |