1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
<?php
/**
*
* @package phpBB3
* @copyright (c) 2011 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
*/
if (!defined('IN_PHPBB'))
{
exit;
}
// Report all errors, except notices and deprecation messages
if (!defined('E_DEPRECATED'))
{
define('E_DEPRECATED', 8192);
}
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
/*
* Remove variables created by register_globals from the global scope
* Thanks to Matt Kavanagh
*/
function deregister_globals()
{
$not_unset = array(
'GLOBALS' => true,
'_GET' => true,
'_POST' => true,
'_COOKIE' => true,
'_REQUEST' => true,
'_SERVER' => true,
'_SESSION' => true,
'_ENV' => true,
'_FILES' => true,
'phpEx' => true,
'phpbb_root_path' => true
);
// Not only will array_merge and array_keys give a warning if
// a parameter is not an array, array_merge will actually fail.
// So we check if _SESSION has been initialised.
if (!isset($_SESSION) || !is_array($_SESSION))
{
$_SESSION = array();
}
// Merge all into one extremely huge array; unset this later
$input = array_merge(
array_keys($_GET),
array_keys($_POST),
array_keys($_COOKIE),
array_keys($_SERVER),
array_keys($_SESSION),
array_keys($_ENV),
array_keys($_FILES)
);
foreach ($input as $varname)
{
if (isset($not_unset[$varname]))
{
// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
{
exit;
}
else
{
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
if (!is_array($cookie['GLOBALS']))
{
break;
}
foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
{
unset($GLOBALS[$registered_var]);
}
}
$cookie = &$cookie['GLOBALS'];
}
}
}
unset($GLOBALS[$varname]);
}
unset($input);
}
// Register globals and magic quotes have been dropped in PHP 5.4
if (version_compare(PHP_VERSION, '5.4.0-dev', '>='))
{
/**
* @ignore
*/
define('STRIP', false);
}
else
{
@set_magic_quotes_runtime(0);
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
{
deregister_globals();
}
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
}
// Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone
if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get'))
{
// For PHP 5.1.0 the date/time functions have been rewritten
// and setting a timezone is required prior to calling any date/time function.
// Since PHP 5.2.0 calls to date/time functions without having a timezone set
// result in E_STRICT errors being thrown.
// Note: We already exclude E_STRICT errors
// (to be exact: they are not included in E_ALL in PHP 5.2)
// In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems
// because we show E_WARNING errors and do not set a default timezone.
// This is because we have our own timezone handling and work in UTC only anyway.
// So what we basically want to do is set our timezone to UTC,
// but we don't know what other scripts (such as bridges) are involved,
// so we check whether a timezone is already set by calling date_default_timezone_get().
// Unfortunately, date_default_timezone_get() itself might throw E_WARNING
// if no timezone has been set, so we have to keep it quiet with @.
// date_default_timezone_get() tries to guess the correct timezone first
// and then falls back to UTC when everything fails.
// We just set the timezone to whatever date_default_timezone_get() returns.
date_default_timezone_set(@date_default_timezone_get());
}
$starttime = explode(' ', microtime());
$starttime = $starttime[1] + $starttime[0];
|