true, '_GET' => true, '_POST' => true, '_COOKIE' => true, '_REQUEST' => true, '_SERVER' => true, '_SESSION' => true, '_ENV' => true, '_FILES' => true, 'phpEx' => true, 'phpbb_root_path' => true ); // Not only will array_merge and array_keys give a warning if // a parameter is not an array, array_merge will actually fail. // So we check if _SESSION has been initialised. if (!isset($_SESSION) || !is_array($_SESSION)) { $_SESSION = array(); } // Merge all into one extremely huge array; unset this later $input = array_merge( array_keys($_GET), array_keys($_POST), array_keys($_COOKIE), array_keys($_SERVER), array_keys($_SESSION), array_keys($_ENV), array_keys($_FILES) ); foreach ($input as $varname) { if (isset($not_unset[$varname])) { // Hacking attempt. No point in continuing unless it's a COOKIE if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) { exit; } else { $cookie = &$_COOKIE; while (isset($cookie['GLOBALS'])) { foreach ($cookie['GLOBALS'] as $registered_var => $value) { if (!isset($not_unset[$registered_var])) { unset($GLOBALS[$registered_var]); } } $cookie = &$cookie['GLOBALS']; } } } unset($GLOBALS[$varname]); } unset($input); } // If we are on PHP >= 6.0.0 we do not need some code if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) { /** * @ignore */ define('STRIP', false); } else { @set_magic_quotes_runtime(0); // Be paranoid with passed vars if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) { deregister_globals(); } define('STRIP', (get_magic_quotes_gpc()) ? true : false); } if (defined('IN_CRON')) { $phpbb_root_path = dirname(__FILE__) . DIRECTORY_SEPARATOR; } if (file_exists($phpbb_root_path . 'config.' . $phpEx)) { require($phpbb_root_path . 'config.' . $phpEx); } if (!defined('PHPBB_INSTALLED')) { // Redirect the user to the installer // We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information // available as used by the redirect function $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); $secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0; $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); if (!$script_name) { $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); } // Replace any number of consecutive backslashes and/or slashes with a single slash // (could happen on some proxy setups and/or Windows servers) $script_path = trim(dirname($script_name)) . '/install/index.' . $phpEx; $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); $url = (($secure) ? 'https://' : 'http://') . $server_name; if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80))) { // HTTP HOST can carry a port number... if (strpos($server_name, ':') === false) { $url .= ':' . $server_port; } } $url .= $script_path; header('Location: ' . $url); exit; } if (defined('DEBUG_EXTRA')) { $base_memory_usage = 0; if (function_exists('memory_get_usage')) { $base_memory_usage = memory_get_usage(); } } // Load Extensions // dl() is deprecated and disabled by default as of PHP 5.3. if (!empty($load_extensions) && function_exists('dl')) { $load_extensions = explode(',', $load_extensions); foreach ($load_extensions as $extension) { @dl(trim($extension)); } } // Include files require($phpbb_root_path . 'includes/class_loader.' . $phpEx); require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx); require($phpbb_root_path . 'includes/cache.' . $phpEx); require($phpbb_root_path . 'includes/template.' . $phpEx); require($phpbb_root_path . 'includes/session.' . $phpEx); require($phpbb_root_path . 'includes/auth.' . $phpEx); require($phpbb_root_path . 'includes/functions.' . $phpEx); require($phpbb_root_path . 'includes/functions_content.' . $phpEx); require($phpbb_root_path . 'includes/constants.' . $phpEx); require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx); require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx); // Set PHP error handler to ours set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler'); // Cache must be loaded before class loader $cache = new cache(); // Setup class loader first $class_loader = new phpbb_class_loader($phpbb_root_path, '.' . $phpEx, $cache); $class_loader->register(); // Instantiate some basic classes $request = new phpbb_request(); $user = new user(); $auth = new auth(); $template = new template(); $db = new $sql_db(); // make sure request_var uses this request instance request_var('', 0, false, false, $request); // "dependency injection" for a function // Connect to DB $db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, defined('PHPBB_DB_NEW_LINK') ? PHPBB_DB_NEW_LINK : false); // We do not need this any longer, unset for safety purposes unset($dbpasswd); // Grab global variables, re-cache if necessary $config = $cache->obtain_config(); // Add own hook handler require($phpbb_root_path . 'includes/hooks/index.' . $phpEx); $phpbb_hook = new phpbb_hook(array('exit_handler', 'phpbb_user_session_handler', 'append_sid', array('template', 'display'))); foreach ($cache->obtain_hooks() as $hook) { @include($phpbb_root_path . 'includes/hooks/' . $hook . '.' . $phpEx); }