From a8f2e79fbc485c0133e616068570ed369e23935c Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 12 Mar 2011 14:40:42 +0100 Subject: [ticket/10046] No longer change $phpbb_root_path to an absolute path for cron. This is no longer required because we no longer call register_shutdown_function() which made this change necessary. PHPBB3-10046 --- phpBB/common.php | 5 ----- 1 file changed, 5 deletions(-) (limited to 'phpBB/common.php') diff --git a/phpBB/common.php b/phpBB/common.php index c8b2fb9609..ae174c8441 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -118,11 +118,6 @@ else define('STRIP', (get_magic_quotes_gpc()) ? true : false); } -if (defined('IN_CRON')) -{ - $phpbb_root_path = dirname(__FILE__) . DIRECTORY_SEPARATOR; -} - if (file_exists($phpbb_root_path . 'config.' . $phpEx)) { require($phpbb_root_path . 'config.' . $phpEx); -- cgit v1.2.1 From 5a4a1e3c25b0e10a3ce008dc2eded29decb0f469 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 11 May 2011 03:51:34 +0200 Subject: [ticket/10126] Use binary "and not" instead of binary "xor" in error_reporting. Make what we want to achieve clear by using "and not" instead of "xor". PHPBB3-10126 --- phpBB/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/common.php') diff --git a/phpBB/common.php b/phpBB/common.php index ae174c8441..ceafdbd3bd 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -24,7 +24,7 @@ if (!defined('E_DEPRECATED')) { define('E_DEPRECATED', 8192); } -error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED); +error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); /* * Remove variables created by register_globals from the global scope -- cgit v1.2.1 From 57eb02bf2c62c665e8b0050515aa78684c8dd452 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Fri, 3 Jun 2011 02:30:36 +0200 Subject: [ticket/10149] Skip foreach over GLOBALS cookie values if cookie is scalar PHPBB3-10149 --- phpBB/common.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'phpBB/common.php') diff --git a/phpBB/common.php b/phpBB/common.php index ceafdbd3bd..a176a45c38 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -69,7 +69,7 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE + // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) { exit; @@ -79,6 +79,11 @@ function deregister_globals() $cookie = &$_COOKIE; while (isset($cookie['GLOBALS'])) { + if (!is_array($cookie['GLOBALS'])) + { + break; + } + foreach ($cookie['GLOBALS'] as $registered_var => $value) { if (!isset($not_unset[$registered_var])) -- cgit v1.2.1 From f8eb15471488fe5f84669a9abbc2fc3a705903de Mon Sep 17 00:00:00 2001 From: Yuriy Rusko Date: Tue, 14 Jun 2011 06:11:35 -0400 Subject: [ticket/10218] Moving global deregistration, etc. to startup.php Because startup.php deletes all variables, the constants in database_update are used to preserve settings at the top. PHPBB3-10218 --- phpBB/common.php | 107 +------------------------------------------------------ 1 file changed, 1 insertion(+), 106 deletions(-) (limited to 'phpBB/common.php') diff --git a/phpBB/common.php b/phpBB/common.php index a176a45c38..491addc5e0 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -16,112 +16,7 @@ if (!defined('IN_PHPBB')) exit; } -$starttime = explode(' ', microtime()); -$starttime = $starttime[1] + $starttime[0]; - -// Report all errors, except notices and deprecation messages -if (!defined('E_DEPRECATED')) -{ - define('E_DEPRECATED', 8192); -} -error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); - -/* -* Remove variables created by register_globals from the global scope -* Thanks to Matt Kavanagh -*/ -function deregister_globals() -{ - $not_unset = array( - 'GLOBALS' => true, - '_GET' => true, - '_POST' => true, - '_COOKIE' => true, - '_REQUEST' => true, - '_SERVER' => true, - '_SESSION' => true, - '_ENV' => true, - '_FILES' => true, - 'phpEx' => true, - 'phpbb_root_path' => true - ); - - // Not only will array_merge and array_keys give a warning if - // a parameter is not an array, array_merge will actually fail. - // So we check if _SESSION has been initialised. - if (!isset($_SESSION) || !is_array($_SESSION)) - { - $_SESSION = array(); - } - - // Merge all into one extremely huge array; unset this later - $input = array_merge( - array_keys($_GET), - array_keys($_POST), - array_keys($_COOKIE), - array_keys($_SERVER), - array_keys($_SESSION), - array_keys($_ENV), - array_keys($_FILES) - ); - - foreach ($input as $varname) - { - if (isset($not_unset[$varname])) - { - // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) - { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - if (!is_array($cookie['GLOBALS'])) - { - break; - } - - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } - } - } - - unset($GLOBALS[$varname]); - } - - unset($input); -} - -// If we are on PHP >= 6.0.0 we do not need some code -if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) -{ - /** - * @ignore - */ - define('STRIP', false); -} -else -{ - @set_magic_quotes_runtime(0); - - // Be paranoid with passed vars - if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) - { - deregister_globals(); - } - - define('STRIP', (get_magic_quotes_gpc()) ? true : false); -} +require($phpbb_root_path . 'includes/startup.' . $phpEx); if (file_exists($phpbb_root_path . 'config.' . $phpEx)) { -- cgit v1.2.1