true, '_GET' => true, '_POST' => true, '_COOKIE' => true, '_REQUEST' => true, '_SERVER' => true, '_SESSION' => true, '_ENV' => true, '_FILES' => true, 'phpEx' => true, 'phpbb_root_path' => true ); // Not only will array_merge and array_keys give a warning if // a parameter is not an array, array_merge will actually fail. // So we check if _SESSION has been initialised. if (!isset($_SESSION) || !is_array($_SESSION)) { $_SESSION = array(); } // Merge all into one extremely huge array; unset this later $input = array_merge( array_keys($_GET), array_keys($_POST), array_keys($_COOKIE), array_keys($_SERVER), array_keys($_SESSION), array_keys($_ENV), array_keys($_FILES) ); foreach ($input as $varname) { if (isset($not_unset[$varname])) { // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) { exit; } else { $cookie = &$_COOKIE; while (isset($cookie['GLOBALS'])) { if (!is_array($cookie['GLOBALS'])) { break; } foreach ($cookie['GLOBALS'] as $registered_var => $value) { if (!isset($not_unset[$registered_var])) { unset($GLOBALS[$registered_var]); } } $cookie = &$cookie['GLOBALS']; } } } unset($GLOBALS[$varname]); } unset($input); } // Register globals and magic quotes have been dropped in PHP 5.4 if (version_compare(PHP_VERSION, '5.4.0-dev', '>=')) { /** * @ignore */ define('STRIP', false); } else { @set_magic_quotes_runtime(0); // Be paranoid with passed vars if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) { deregister_globals(); } define('STRIP', (get_magic_quotes_gpc()) ? true : false); } // Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get')) { // For PHP 5.1.0 the date/time functions have been rewritten // and setting a timezone is required prior to calling any date/time function. // Since PHP 5.2.0 calls to date/time functions without having a timezone set // result in E_STRICT errors being thrown. // Note: We already exclude E_STRICT errors // (to be exact: they are not included in E_ALL in PHP 5.2) // In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems // because we show E_WARNING errors and do not set a default timezone. // This is because we have our own timezone handling and work in UTC only anyway. // So what we basically want to do is set our timezone to UTC, // but we don't know what other scripts (such as bridges) are involved, // so we check whether a timezone is already set by calling date_default_timezone_get(). // Unfortunately, date_default_timezone_get() itself might throw E_WARNING // if no timezone has been set, so we have to keep it quiet with @. // date_default_timezone_get() tries to guess the correct timezone first // and then falls back to UTC when everything fails. // We just set the timezone to whatever date_default_timezone_get() returns. date_default_timezone_set(@date_default_timezone_get()); } $starttime = explode(' ', microtime()); $starttime = $starttime[1] + $starttime[0];