1 files changed, 35 insertions, 58 deletions
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php
index 441eaec6b1..5900016c39 100644
--- a/phpBB/includes/startup.php
+++ b/phpBB/includes/startup.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2011 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -15,10 +19,6 @@ if (!defined('IN_PHPBB'))
 }
 
 // Report all errors, except notices and deprecation messages
-if (!defined('E_DEPRECATED'))
-{
-	define('E_DEPRECATED', 8192);
-}
 $level = E_ALL & ~E_NOTICE & ~E_DEPRECATED;
 error_reporting($level);
 
@@ -65,31 +65,13 @@ function deregister_globals()
 	{
 		if (isset($not_unset[$varname]))
 		{
-			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
-			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
-			{
-				exit;
-			}
-			else
+			// Hacking attempt. No point in continuing.
+			if (isset($_COOKIE[$varname]))
 			{
-				$cookie = &$_COOKIE;
-				while (isset($cookie['GLOBALS']))
-				{
-					if (!is_array($cookie['GLOBALS']))
-					{
-						break;
-					}
-
-					foreach ($cookie['GLOBALS'] as $registered_var => $value)
-					{
-						if (!isset($not_unset[$registered_var]))
-						{
-							unset($GLOBALS[$registered_var]);
-						}
-					}
-					$cookie = &$cookie['GLOBALS'];
-				}
+				echo "Clear your cookies. ";
 			}
+			echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
+			exit;
 		}
 
 		unset($GLOBALS[$varname]);
@@ -108,7 +90,11 @@ if (version_compare(PHP_VERSION, '5.4.0-dev', '>='))
 }
 else
 {
-	@set_magic_quotes_runtime(0);
+	if (get_magic_quotes_runtime())
+	{
+		// Deactivate
+		@set_magic_quotes_runtime(0);
+	}
 
 	// Be paranoid with passed vars
 	if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
@@ -119,33 +105,21 @@ else
 	define('STRIP', (get_magic_quotes_gpc()) ? true : false);
 }
 
-// Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone
-if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get'))
-{
-	// For PHP 5.1.0 the date/time functions have been rewritten
-	// and setting a timezone is required prior to calling any date/time function.
-
-	// Since PHP 5.2.0 calls to date/time functions without having a timezone set
-	// result in E_STRICT errors being thrown.
-	// Note: We already exclude E_STRICT errors
-	// (to be exact: they are not included in E_ALL in PHP 5.2)
-
-	// In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems
-	// because we show E_WARNING errors and do not set a default timezone.
-	// This is because we have our own timezone handling and work in UTC only anyway.
+// In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems
+// because we show E_WARNING errors and do not set a default timezone.
+// This is because we have our own timezone handling and work in UTC only anyway.
 
-	// So what we basically want to do is set our timezone to UTC,
-	// but we don't know what other scripts (such as bridges) are involved,
-	// so we check whether a timezone is already set by calling date_default_timezone_get().
+// So what we basically want to do is set our timezone to UTC,
+// but we don't know what other scripts (such as bridges) are involved,
+// so we check whether a timezone is already set by calling date_default_timezone_get().
 
-	// Unfortunately, date_default_timezone_get() itself might throw E_WARNING
-	// if no timezone has been set, so we have to keep it quiet with @.
+// Unfortunately, date_default_timezone_get() itself might throw E_WARNING
+// if no timezone has been set, so we have to keep it quiet with @.
 
-	// date_default_timezone_get() tries to guess the correct timezone first
-	// and then falls back to UTC when everything fails.
-	// We just set the timezone to whatever date_default_timezone_get() returns.
-	date_default_timezone_set(@date_default_timezone_get());
-}
+// date_default_timezone_get() tries to guess the correct timezone first
+// and then falls back to UTC when everything fails.
+// We just set the timezone to whatever date_default_timezone_get() returns.
+date_default_timezone_set(@date_default_timezone_get());
 
 // Autoloading of dependencies.
 // Three options are supported:
@@ -173,10 +147,13 @@ else
 {
 	if (!file_exists($phpbb_root_path . 'vendor/autoload.php'))
 	{
-		trigger_error('You have not set up composer dependencies. See http://getcomposer.org/.', E_USER_ERROR);
+		trigger_error(
+			'Composer dependencies have not been set up yet, run ' .
+			"'php ../composer.phar install' from the phpBB directory to do so.",
+			E_USER_ERROR
+		);
 	}
 	require($phpbb_root_path . 'vendor/autoload.php');
 }
 
-$starttime = explode(' ', microtime());
-$starttime = $starttime[1] + $starttime[0];
+$starttime = microtime(true);