diff options
| author | Graham Eames <grahamje@users.sourceforge.net> | 2006-04-30 14:45:46 +0000 |
|---|---|---|
| committer | Graham Eames <grahamje@users.sourceforge.net> | 2006-04-30 14:45:46 +0000 |
| commit | 9918f8ee935beb80cde971de968595c15732b2ee (patch) | |
| tree | 795165de35e57059d441ad8b354031812d1a2347 /phpBB | |
| parent | 3536a60e1070f9de74f889a482d9071c559be947 (diff) | |
| download | forums-9918f8ee935beb80cde971de968595c15732b2ee.tar forums-9918f8ee935beb80cde971de968595c15732b2ee.tar.gz forums-9918f8ee935beb80cde971de968595c15732b2ee.tar.bz2 forums-9918f8ee935beb80cde971de968595c15732b2ee.tar.xz forums-9918f8ee935beb80cde971de968595c15732b2ee.zip | |
We want to use this code in the install system as well
git-svn-id: file:///svn/phpbb/trunk@5871 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rwxr-xr-x | phpBB/install/index.php | 92 |
1 files changed, 56 insertions, 36 deletions
diff --git a/phpBB/install/index.php b/phpBB/install/index.php index 5a0ecc7bd0..99bde17803 100755 --- a/phpBB/install/index.php +++ b/phpBB/install/index.php @@ -20,8 +20,62 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1); //error_reporting(E_ERROR | E_WARNING | E_PARSE); error_reporting(E_ALL); +/* +* Remove variables created by register_globals from the global scope +* Thanks to Matt Kavanagh +*/ +function deregister_globals() +{ + $not_unset = array( + 'GLOBALS' => true, + '_GET' => true, + '_POST' => true, + '_COOKIE' => true, + '_REQUEST' => true, + '_SERVER' => true, + '_SESSION' => true, + '_ENV' => true, + '_FILES' => true, + 'phpEx' => true, + 'phpbb_root_path' => true + ); + + // Not only will array_merge and array_keys give a warning if + // a parameter is not an array, array_merge will actually fail. + // So we check if _SESSION has been initialised. + if (!isset($_SESSION) || !is_array($_SESSION)) + { + $_SESSION = array(); + } + + // Merge all into one extremely huge array; unset + // this later + $input = array_merge( + array_keys($_GET), + array_keys($_POST), + array_keys($_COOKIE), + array_keys($_SERVER), + array_keys($_SESSION), + array_keys($_ENV), + array_keys($_FILES) + ); + + foreach ($input as $varname) + { + if (isset($not_unset[$varname])) + { + // Hacking attempt. No point in continuing. + exit; + } + + unset($GLOBALS[$varname]); + } + + unset($input); +} + // If we are on PHP >= 6.0.0 we do not need some code -if (version_compare(phpversion(), '6.0.0', '>=')) +if (version_compare(phpversion(), '6.0.0-dev', '>=')) { define('STRIP', false); } @@ -29,44 +83,10 @@ else { set_magic_quotes_runtime(0); - // Protect against GLOBALS tricks - if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) - { - exit; - } - - // Protect against _SESSION tricks - if (isset($_SESSION) && !is_array($_SESSION)) - { - exit; - } - // Be paranoid with passed vars if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { - $not_unset = array('_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_SESSION', '_ENV', '_FILES', 'phpEx', 'phpbb_root_path'); - - // Not only will array_merge give a warning if a parameter - // is not an array, it will actually fail. So we check if - // _SESSION has been initialised. - if (!isset($_SESSION) || !is_array($_SESSION)) - { - $_SESSION = array(); - } - - // Merge all into one extremely huge array; unset - // this later - $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_SESSION, $_ENV, $_FILES); - - foreach ($input as $varname => $void) - { - if (!in_array($varname, $not_unset)) - { - unset(${$varname}); - } - } - - unset($input); + deregister_globals(); } define('STRIP', (get_magic_quotes_gpc()) ? true : false); |