From f8eb15471488fe5f84669a9abbc2fc3a705903de Mon Sep 17 00:00:00 2001 From: Yuriy Rusko Date: Tue, 14 Jun 2011 06:11:35 -0400 Subject: [ticket/10218] Moving global deregistration, etc. to startup.php Because startup.php deletes all variables, the constants in database_update are used to preserve settings at the top. PHPBB3-10218 --- phpBB/includes/startup.php | 121 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 phpBB/includes/startup.php (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php new file mode 100644 index 0000000000..2958277174 --- /dev/null +++ b/phpBB/includes/startup.php @@ -0,0 +1,121 @@ + true, + '_GET' => true, + '_POST' => true, + '_COOKIE' => true, + '_REQUEST' => true, + '_SERVER' => true, + '_SESSION' => true, + '_ENV' => true, + '_FILES' => true, + 'phpEx' => true, + 'phpbb_root_path' => true + ); + + // Not only will array_merge and array_keys give a warning if + // a parameter is not an array, array_merge will actually fail. + // So we check if _SESSION has been initialised. + if (!isset($_SESSION) || !is_array($_SESSION)) + { + $_SESSION = array(); + } + + // Merge all into one extremely huge array; unset this later + $input = array_merge( + array_keys($_GET), + array_keys($_POST), + array_keys($_COOKIE), + array_keys($_SERVER), + array_keys($_SESSION), + array_keys($_ENV), + array_keys($_FILES) + ); + + foreach ($input as $varname) + { + if (isset($not_unset[$varname])) + { + // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) + if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + { + exit; + } + else + { + $cookie = &$_COOKIE; + while (isset($cookie['GLOBALS'])) + { + if (!is_array($cookie['GLOBALS'])) + { + break; + } + + foreach ($cookie['GLOBALS'] as $registered_var => $value) + { + if (!isset($not_unset[$registered_var])) + { + unset($GLOBALS[$registered_var]); + } + } + $cookie = &$cookie['GLOBALS']; + } + } + } + + unset($GLOBALS[$varname]); + } + + unset($input); +} + +// If we are on PHP >= 6.0.0 we do not need some code +if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) +{ + /** + * @ignore + */ + define('STRIP', false); +} +else +{ + @set_magic_quotes_runtime(0); + + // Be paranoid with passed vars + if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) + { + deregister_globals(); + } + + define('STRIP', (get_magic_quotes_gpc()) ? true : false); +} -- cgit v1.2.1 From 4bb98fb0463d543f60201c3f8435ada3e0b070da Mon Sep 17 00:00:00 2001 From: Yuriy Rusko Date: Wed, 15 Jun 2011 00:50:12 -0400 Subject: [ticket/10218] Prevent startime from being overwritten by deregister_globals() PHPBB3-10218 --- phpBB/includes/startup.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 2958277174..be46c17ba6 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -13,8 +13,6 @@ if (!defined('IN_PHPBB')) { exit; } -$starttime = explode(' ', microtime()); -$starttime = $starttime[1] + $starttime[0]; // Report all errors, except notices and deprecation messages if (!defined('E_DEPRECATED')) @@ -119,3 +117,6 @@ else define('STRIP', (get_magic_quotes_gpc()) ? true : false); } + +$starttime = explode(' ', microtime()); +$starttime = $starttime[1] + $starttime[0]; -- cgit v1.2.1 From 9f3b159998a2ffeb5476cd77e08c372a196360a4 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 20 Jun 2011 01:23:43 +0200 Subject: [ticket/7729] Prevent date/time functions from throwing E_WARNING on PHP 5.3. PHPBB3-7729 --- phpBB/includes/startup.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index be46c17ba6..ca9665da29 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -118,5 +118,33 @@ else define('STRIP', (get_magic_quotes_gpc()) ? true : false); } +// Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone +if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get')) +{ + // For PHP 5.1.0 the date/time functions have been rewritten + // and setting a timezone is required prior to calling any date/time function. + + // Since PHP 5.2.0 calls to date/time functions without having a timezone set + // result in E_STRICT errors being thrown. + // Note: We already exclude E_STRICT errors + // (to be exact: they are not included in E_ALL in PHP 5.2) + + // In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems + // because we show E_WARNING errors and do not set a default timezone. + // This is because we have our own timezone handling and work in UTC only anyway. + + // So what we basically want to do is set our timezone to UTC, + // but we don't know what other scripts (such as bridges) are involved, + // so we check whether a timezone is already set by calling date_default_timezone_get(). + + // Unfortunately, date_default_timezone_get() itself might throw E_WARNING + // if no timezone has been set, so we have to keep it quiet with @. + + // date_default_timezone_get() tries to guess the correct timezone first + // and then falls back to UTC when everything fails. + // We just set the timezone to whatever date_default_timezone_get() returns. + date_default_timezone_set(@date_default_timezone_get()); +} + $starttime = explode(' ', microtime()); $starttime = $starttime[1] + $starttime[0]; -- cgit v1.2.1 From cd184e49125e70fbce40897ef3e4eec8665de12f Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 18 Oct 2011 21:16:42 +0200 Subject: [ticket/10420] Update includes/startup.php for PHP 5.4. PHP 5.4 dropped support for register globals and magic quotes. Calling set_magic_quotes_runtime() on PHP 5.4 actually results in an E_CORE_ERROR error. PHPBB3-10420 --- phpBB/includes/startup.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index ca9665da29..bbe2f127f1 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -97,8 +97,8 @@ function deregister_globals() unset($input); } -// If we are on PHP >= 6.0.0 we do not need some code -if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) +// Register globals and magic quotes have been dropped in PHP 5.4 +if (version_compare(PHP_VERSION, '5.4.0-dev', '>=')) { /** * @ignore -- cgit v1.2.1 From 7a04c9048c110f0bd21ea3e9e869e17b408d640e Mon Sep 17 00:00:00 2001 From: Unknown Date: Sat, 31 Dec 2011 13:32:52 +0000 Subject: [ticket/9916] Updating header license and removing Version $Id$ PHPBB3-9916 --- phpBB/includes/startup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index bbe2f127f1..2100fbd97e 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -3,7 +3,7 @@ * * @package phpBB3 * @copyright (c) 2011 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 * */ -- cgit v1.2.1 From 71afba0dedd2fcc4e478e191acc23277df8209c9 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Thu, 15 Mar 2012 22:46:06 -0400 Subject: [task/php54] Refactor error_reporting call slightly. Separate error level assignment into a variable in this commit so that the only difference between Olympus and Ascraeus is the addition of logic altering $level. PHPBB3-10615 --- phpBB/includes/startup.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index bbe2f127f1..178fb30435 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -19,7 +19,8 @@ if (!defined('E_DEPRECATED')) { define('E_DEPRECATED', 8192); } -error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); +$level = E_ALL & ~E_NOTICE & ~E_DEPRECATED; +error_reporting($level); /* * Remove variables created by register_globals from the global scope -- cgit v1.2.1 From 5efdbfa5e4e3c00c08167cdfff912ee4937f4fd2 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Thu, 15 Mar 2012 22:47:42 -0400 Subject: [task/php54] Disable E_STRICT in Olympus when running on PHP 5.4. We cannot use static in Olympus because it must be PHP 4 compatible. Therefore disable E_STRICT for Olympus. This commit should be reverted for Ascraeus. PHPBB3-10615 --- phpBB/includes/startup.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 178fb30435..cf216a65db 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -20,6 +20,21 @@ if (!defined('E_DEPRECATED')) define('E_DEPRECATED', 8192); } $level = E_ALL & ~E_NOTICE & ~E_DEPRECATED; +if (version_compare(PHP_VERSION, '5.4.0-dev', '>=')) +{ + // PHP 5.4 adds E_STRICT to E_ALL. + // Our utf8 normalizer triggers E_STRICT output on PHP 5.4. + // Unfortunately it cannot be made E_STRICT-clean while + // continuing to work on PHP 4. + // Therefore, in phpBB 3.0.x we disable E_STRICT on PHP 5.4+, + // while phpBB 3.1 will fix utf8 normalizer. + // E_STRICT is defined starting with PHP 5 + if (!defined('E_STRICT')) + { + define('E_STRICT', 2048); + } + $level &= ~E_STRICT; +} error_reporting($level); /* -- cgit v1.2.1 From fbf34f16ab5526669dae5b7eb130aac0803e3aed Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 18 Mar 2012 00:48:30 -0400 Subject: [feature/event-dispatcher] Implement configurable autoloader selection. The code is in startup.php which should be used by all scripts. PHPBB3-9550 --- phpBB/includes/startup.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 2100fbd97e..de55db2960 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -146,5 +146,26 @@ if (function_exists('date_default_timezone_set') && function_exists('date_defaul date_default_timezone_set(@date_default_timezone_get()); } +// Autoloading of dependencies. +// Three options are supported: +// 1. Specify PHPBB_AUTOLOAD=/path/to/autoload.php in the environment. +// This is useful for running CLI scripts and tests. +// /path/to/autoload.php should define and register class loaders +// for all of phpBB's dependencies. +// 2. If dependencies are installed with Composer, Composer will create a +// vendor/.composer/autoload.php. If this file exists it will be +// automatically used by phpBB. +// 3. Failing that phpBB assumes that autoloading has been set up in +// some other way. This might be useful in cases when phpBB is integrated +// into a larger program. +if (getenv('PHPBB_AUTOLOAD')) +{ + require(getenv('PHPBB_AUTOLOAD')); +} +else if (file_exists($phpbb_root_path . 'vendor/.composer/autoload.php')) +{ + require($phpbb_root_path . 'vendor/.composer/autoload.php'); +} + $starttime = explode(' ', microtime()); $starttime = $starttime[1] + $starttime[0]; -- cgit v1.2.1 From a44423baee5d0d5e0fd8899204a71e4a292dc6bf Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Sat, 24 Mar 2012 21:37:45 +0100 Subject: [feature/event-dispatcher] Change composer autoloading options Check if composer's generated autoloader is present, and if not give an error. PHPBB3-9550 --- phpBB/includes/startup.php | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 9c4e1374ba..45eaff6fc7 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -149,22 +149,32 @@ if (function_exists('date_default_timezone_set') && function_exists('date_defaul // Autoloading of dependencies. // Three options are supported: -// 1. Specify PHPBB_AUTOLOAD=/path/to/autoload.php in the environment. -// This is useful for running CLI scripts and tests. +// 1. If dependencies are installed with Composer, Composer will create a +// vendor/.composer/autoload.php. If this file exists it will be +// automatically used by phpBB. This is the default mode that phpBB +// will use when shipped. +// 2. To disable composer autoloading, PHPBB_NO_AUTOLOAD can be specified. +// Additionally specify PHPBB_AUTOLOAD=/path/to/autoload.php in the +// environment. This is useful for running CLI scripts and tests. // /path/to/autoload.php should define and register class loaders // for all of phpBB's dependencies. -// 2. If dependencies are installed with Composer, Composer will create a -// vendor/.composer/autoload.php. If this file exists it will be -// automatically used by phpBB. -// 3. Failing that phpBB assumes that autoloading has been set up in -// some other way. This might be useful in cases when phpBB is integrated -// into a larger program. -if (getenv('PHPBB_AUTOLOAD')) +// 3. You can also set PHPBB_NO_AUTOLOAD without setting PHPBB_AUTOLOAD. +// In this case autoloading needs to be defined before running any phpBB +// script. This might be useful in cases when phpBB is integrated into a +// larger program. +if (getenv('PHPBB_NO_AUTOLOAD')) { - require(getenv('PHPBB_AUTOLOAD')); + if (getenv('PHPBB_AUTOLOAD')) + { + require(getenv('PHPBB_AUTOLOAD')); + } } -else if (file_exists($phpbb_root_path . 'vendor/.composer/autoload.php')) +else { + if (!file_exists($phpbb_root_path . 'vendor/.composer/autoload.php')) + { + trigger_error('You have not set up composer dependencies. See http://getcomposer.org/.', E_USER_ERROR); + } require($phpbb_root_path . 'vendor/.composer/autoload.php'); } -- cgit v1.2.1 From 138e7dae0087e683fcb170df1e806b8e4f4b86cd Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Wed, 28 Mar 2012 21:48:46 +0200 Subject: [feature/event-dispatcher] Rename PHPBB_NO_AUTOLOAD=>PHPBB_NO_COMPOSER_AUTOLOAD PHPBB3-9550 --- phpBB/includes/startup.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 45eaff6fc7..f75d70e366 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -153,16 +153,16 @@ if (function_exists('date_default_timezone_set') && function_exists('date_defaul // vendor/.composer/autoload.php. If this file exists it will be // automatically used by phpBB. This is the default mode that phpBB // will use when shipped. -// 2. To disable composer autoloading, PHPBB_NO_AUTOLOAD can be specified. +// 2. To disable composer autoloading, PHPBB_NO_COMPOSER_AUTOLOAD can be specified. // Additionally specify PHPBB_AUTOLOAD=/path/to/autoload.php in the // environment. This is useful for running CLI scripts and tests. // /path/to/autoload.php should define and register class loaders // for all of phpBB's dependencies. -// 3. You can also set PHPBB_NO_AUTOLOAD without setting PHPBB_AUTOLOAD. +// 3. You can also set PHPBB_NO_COMPOSER_AUTOLOAD without setting PHPBB_AUTOLOAD. // In this case autoloading needs to be defined before running any phpBB // script. This might be useful in cases when phpBB is integrated into a // larger program. -if (getenv('PHPBB_NO_AUTOLOAD')) +if (getenv('PHPBB_NO_COMPOSER_AUTOLOAD')) { if (getenv('PHPBB_AUTOLOAD')) { -- cgit v1.2.1 From 47c6b32d874826e4994c6589ed21a4fd9b4556d5 Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Sun, 13 May 2012 13:05:20 -0400 Subject: [ticket/10893] Update the usage of Composer Changes 'vendor/.composer/autoload.php' to 'vendor/autoload.php' as per the change in the way that composer works as noted https://groups.google.com/forum/#!msg/composer-dev/fWIs3KocwoA/nU3aLko9LhQJ PHPBB3-10893 --- phpBB/includes/startup.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index f75d70e366..441eaec6b1 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -150,7 +150,7 @@ if (function_exists('date_default_timezone_set') && function_exists('date_defaul // Autoloading of dependencies. // Three options are supported: // 1. If dependencies are installed with Composer, Composer will create a -// vendor/.composer/autoload.php. If this file exists it will be +// vendor/autoload.php. If this file exists it will be // automatically used by phpBB. This is the default mode that phpBB // will use when shipped. // 2. To disable composer autoloading, PHPBB_NO_COMPOSER_AUTOLOAD can be specified. @@ -171,11 +171,11 @@ if (getenv('PHPBB_NO_COMPOSER_AUTOLOAD')) } else { - if (!file_exists($phpbb_root_path . 'vendor/.composer/autoload.php')) + if (!file_exists($phpbb_root_path . 'vendor/autoload.php')) { trigger_error('You have not set up composer dependencies. See http://getcomposer.org/.', E_USER_ERROR); } - require($phpbb_root_path . 'vendor/.composer/autoload.php'); + require($phpbb_root_path . 'vendor/autoload.php'); } $starttime = explode(' ', microtime()); -- cgit v1.2.1