diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2011-06-15 18:51:04 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2011-06-15 18:51:04 +0200 |
| commit | 79f757d4b74e5d8b8ec74d6eb4da74c6cc03d526 (patch) | |
| tree | 216e859587f371e5eb7891f960dffaccba21c5dd /phpBB/includes | |
| parent | 1e8c257bd4965c8f9e1c35688ba9fe0ad1044efb (diff) | |
| parent | 2d6df4c7fcc3b5afa83b92a35124024d4d57177d (diff) | |
| download | forums-79f757d4b74e5d8b8ec74d6eb4da74c6cc03d526.tar forums-79f757d4b74e5d8b8ec74d6eb4da74c6cc03d526.tar.gz forums-79f757d4b74e5d8b8ec74d6eb4da74c6cc03d526.tar.bz2 forums-79f757d4b74e5d8b8ec74d6eb4da74c6cc03d526.tar.xz forums-79f757d4b74e5d8b8ec74d6eb4da74c6cc03d526.zip | |
Merge branch 'prep-release-3.0.9' into develop-olympus
* prep-release-3.0.9:
[ticket/10218] Prevent startime from being overwritten by deregister_globals()
[ticket/10218] Moving global deregistration, etc. to startup.php
Conflicts:
phpBB/install/database_update.php
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/startup.php | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php new file mode 100644 index 0000000000..be46c17ba6 --- /dev/null +++ b/phpBB/includes/startup.php @@ -0,0 +1,122 @@ +<?php +/** +* +* @package phpBB3 +* @copyright (c) 2011 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +/** +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + +// Report all errors, except notices and deprecation messages +if (!defined('E_DEPRECATED')) +{ + define('E_DEPRECATED', 8192); +} +error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); + +/* +* Remove variables created by register_globals from the global scope +* Thanks to Matt Kavanagh +*/ +function deregister_globals() +{ + $not_unset = array( + 'GLOBALS' => true, + '_GET' => true, + '_POST' => true, + '_COOKIE' => true, + '_REQUEST' => true, + '_SERVER' => true, + '_SESSION' => true, + '_ENV' => true, + '_FILES' => true, + 'phpEx' => true, + 'phpbb_root_path' => true + ); + + // Not only will array_merge and array_keys give a warning if + // a parameter is not an array, array_merge will actually fail. + // So we check if _SESSION has been initialised. + if (!isset($_SESSION) || !is_array($_SESSION)) + { + $_SESSION = array(); + } + + // Merge all into one extremely huge array; unset this later + $input = array_merge( + array_keys($_GET), + array_keys($_POST), + array_keys($_COOKIE), + array_keys($_SERVER), + array_keys($_SESSION), + array_keys($_ENV), + array_keys($_FILES) + ); + + foreach ($input as $varname) + { + if (isset($not_unset[$varname])) + { + // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) + if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + { + exit; + } + else + { + $cookie = &$_COOKIE; + while (isset($cookie['GLOBALS'])) + { + if (!is_array($cookie['GLOBALS'])) + { + break; + } + + foreach ($cookie['GLOBALS'] as $registered_var => $value) + { + if (!isset($not_unset[$registered_var])) + { + unset($GLOBALS[$registered_var]); + } + } + $cookie = &$cookie['GLOBALS']; + } + } + } + + unset($GLOBALS[$varname]); + } + + unset($input); +} + +// If we are on PHP >= 6.0.0 we do not need some code +if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) +{ + /** + * @ignore + */ + define('STRIP', false); +} +else +{ + @set_magic_quotes_runtime(0); + + // Be paranoid with passed vars + if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) + { + deregister_globals(); + } + + define('STRIP', (get_magic_quotes_gpc()) ? true : false); +} + +$starttime = explode(' ', microtime()); +$starttime = $starttime[1] + $starttime[0]; |