diff options
| author | javiexin <javiexin@gmail.com> | 2017-05-21 16:57:01 +0200 |
|---|---|---|
| committer | javiexin <javiexin@gmail.com> | 2017-05-21 16:57:01 +0200 |
| commit | bee363f0724a745e8ae9bf38bd49530f4964aed7 (patch) | |
| tree | cc80c3ba1d6e32f9f820cd2f79254a9d6ac4b09e | |
| parent | 1d5f5ccffcfd30a652734485b51066950bbb8a76 (diff) | |
| download | forums-bee363f0724a745e8ae9bf38bd49530f4964aed7.tar forums-bee363f0724a745e8ae9bf38bd49530f4964aed7.tar.gz forums-bee363f0724a745e8ae9bf38bd49530f4964aed7.tar.bz2 forums-bee363f0724a745e8ae9bf38bd49530f4964aed7.tar.xz forums-bee363f0724a745e8ae9bf38bd49530f4964aed7.zip | |
[ticket/15227] Remove function deregister_globals, not needed
PHPBB3-15227
| -rw-r--r-- | phpBB/includes/startup.php | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 0a413895ae..66f85657a5 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -22,64 +22,6 @@ if (!defined('IN_PHPBB')) $level = E_ALL & ~E_NOTICE & ~E_DEPRECATED; error_reporting($level); -/* -* Remove variables created by register_globals from the global scope -* Thanks to Matt Kavanagh -*/ -function deregister_globals() -{ - $not_unset = array( - 'GLOBALS' => true, - '_GET' => true, - '_POST' => true, - '_COOKIE' => true, - '_REQUEST' => true, - '_SERVER' => true, - '_SESSION' => true, - '_ENV' => true, - '_FILES' => true, - 'phpEx' => true, - 'phpbb_root_path' => true - ); - - // Not only will array_merge and array_keys give a warning if - // a parameter is not an array, array_merge will actually fail. - // So we check if _SESSION has been initialised. - if (!isset($_SESSION) || !is_array($_SESSION)) - { - $_SESSION = array(); - } - - // Merge all into one extremely huge array; unset this later - $input = array_merge( - array_keys($_GET), - array_keys($_POST), - array_keys($_COOKIE), - array_keys($_SERVER), - array_keys($_SESSION), - array_keys($_ENV), - array_keys($_FILES) - ); - - foreach ($input as $varname) - { - if (isset($not_unset[$varname])) - { - // Hacking attempt. No point in continuing. - if (isset($_COOKIE[$varname])) - { - echo "Clear your cookies. "; - } - echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; - exit; - } - - unset($GLOBALS[$varname]); - } - - unset($input); -} - /** * Minimum Requirement: PHP 5.4.0 */ |