From 63da128ee5891971cc9e4f283572e0198174d692 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gae=CC=88tan=20Muller?= Date: Tue, 30 Dec 2014 02:22:13 +0100 Subject: [ticket/12487] Update PHP code PHPBB3-12487 --- phpBB/includes/startup.php | 43 +++++++++++++------------------------------ 1 file changed, 13 insertions(+), 30 deletions(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 2885c80541..c90fd79366 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -19,10 +19,6 @@ if (!defined('IN_PHPBB')) } // Report all errors, except notices and deprecation messages -if (!defined('E_DEPRECATED')) -{ - define('E_DEPRECATED', 8192); -} $level = E_ALL & ~E_NOTICE & ~E_DEPRECATED; error_reporting($level); @@ -105,33 +101,21 @@ else define('STRIP', (get_magic_quotes_gpc()) ? true : false); } -// Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone -if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get')) -{ - // For PHP 5.1.0 the date/time functions have been rewritten - // and setting a timezone is required prior to calling any date/time function. - - // Since PHP 5.2.0 calls to date/time functions without having a timezone set - // result in E_STRICT errors being thrown. - // Note: We already exclude E_STRICT errors - // (to be exact: they are not included in E_ALL in PHP 5.2) - - // In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems - // because we show E_WARNING errors and do not set a default timezone. - // This is because we have our own timezone handling and work in UTC only anyway. +// In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems +// because we show E_WARNING errors and do not set a default timezone. +// This is because we have our own timezone handling and work in UTC only anyway. - // So what we basically want to do is set our timezone to UTC, - // but we don't know what other scripts (such as bridges) are involved, - // so we check whether a timezone is already set by calling date_default_timezone_get(). +// So what we basically want to do is set our timezone to UTC, +// but we don't know what other scripts (such as bridges) are involved, +// so we check whether a timezone is already set by calling date_default_timezone_get(). - // Unfortunately, date_default_timezone_get() itself might throw E_WARNING - // if no timezone has been set, so we have to keep it quiet with @. +// Unfortunately, date_default_timezone_get() itself might throw E_WARNING +// if no timezone has been set, so we have to keep it quiet with @. - // date_default_timezone_get() tries to guess the correct timezone first - // and then falls back to UTC when everything fails. - // We just set the timezone to whatever date_default_timezone_get() returns. - date_default_timezone_set(@date_default_timezone_get()); -} +// date_default_timezone_get() tries to guess the correct timezone first +// and then falls back to UTC when everything fails. +// We just set the timezone to whatever date_default_timezone_get() returns. +date_default_timezone_set(@date_default_timezone_get()); // Autoloading of dependencies. // Three options are supported: @@ -168,5 +152,4 @@ else require($phpbb_root_path . 'vendor/autoload.php'); } -$starttime = explode(' ', microtime()); -$starttime = $starttime[1] + $starttime[0]; +$starttime = microtime(true); -- cgit v1.2.1 From c2c5c20c319d397948218b4c342fb146bf15040b Mon Sep 17 00:00:00 2001 From: javiexin Date: Fri, 12 May 2017 23:04:54 +0200 Subject: [ticket/15227] Check PHP version and remove old unused code PHPBB3-15227 --- phpBB/includes/startup.php | 31 ++++++++++--------------------- 1 file changed, 10 insertions(+), 21 deletions(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 5900016c39..327971fa8a 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -80,30 +80,19 @@ function deregister_globals() unset($input); } -// Register globals and magic quotes have been dropped in PHP 5.4 -if (version_compare(PHP_VERSION, '5.4.0-dev', '>=')) +/** +* Minimum Requirement: PHP 5.4.0 +*/ +if (version_compare(PHP_VERSION, '5.4') < 0) { - /** - * @ignore - */ - define('STRIP', false); + die('You are running an unsupported PHP version. Please upgrade to PHP 5.4.0 or higher before trying to install or update to phpBB 3.2'); } -else -{ - if (get_magic_quotes_runtime()) - { - // Deactivate - @set_magic_quotes_runtime(0); - } - // Be paranoid with passed vars - if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) - { - deregister_globals(); - } - - define('STRIP', (get_magic_quotes_gpc()) ? true : false); -} +// Register globals and magic quotes have been dropped in PHP 5.4 so no need for extra checks +/** +* @ignore +*/ +define('STRIP', false); // In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems // because we show E_WARNING errors and do not set a default timezone. -- cgit v1.2.1 From 1d5f5ccffcfd30a652734485b51066950bbb8a76 Mon Sep 17 00:00:00 2001 From: javiexin Date: Sun, 21 May 2017 12:58:05 +0200 Subject: [ticket/15227] Remove STRIP, as always false PHPBB3-15227 --- phpBB/includes/startup.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 327971fa8a..0a413895ae 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -87,12 +87,8 @@ if (version_compare(PHP_VERSION, '5.4') < 0) { die('You are running an unsupported PHP version. Please upgrade to PHP 5.4.0 or higher before trying to install or update to phpBB 3.2'); } - // Register globals and magic quotes have been dropped in PHP 5.4 so no need for extra checks -/** -* @ignore -*/ -define('STRIP', false); + // In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems // because we show E_WARNING errors and do not set a default timezone. -- cgit v1.2.1 From bee363f0724a745e8ae9bf38bd49530f4964aed7 Mon Sep 17 00:00:00 2001 From: javiexin Date: Sun, 21 May 2017 16:57:01 +0200 Subject: [ticket/15227] Remove function deregister_globals, not needed PHPBB3-15227 --- phpBB/includes/startup.php | 58 ---------------------------------------------- 1 file changed, 58 deletions(-) (limited to 'phpBB/includes/startup.php') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 0a413895ae..66f85657a5 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -22,64 +22,6 @@ if (!defined('IN_PHPBB')) $level = E_ALL & ~E_NOTICE & ~E_DEPRECATED; error_reporting($level); -/* -* Remove variables created by register_globals from the global scope -* Thanks to Matt Kavanagh -*/ -function deregister_globals() -{ - $not_unset = array( - 'GLOBALS' => true, - '_GET' => true, - '_POST' => true, - '_COOKIE' => true, - '_REQUEST' => true, - '_SERVER' => true, - '_SESSION' => true, - '_ENV' => true, - '_FILES' => true, - 'phpEx' => true, - 'phpbb_root_path' => true - ); - - // Not only will array_merge and array_keys give a warning if - // a parameter is not an array, array_merge will actually fail. - // So we check if _SESSION has been initialised. - if (!isset($_SESSION) || !is_array($_SESSION)) - { - $_SESSION = array(); - } - - // Merge all into one extremely huge array; unset this later - $input = array_merge( - array_keys($_GET), - array_keys($_POST), - array_keys($_COOKIE), - array_keys($_SERVER), - array_keys($_SESSION), - array_keys($_ENV), - array_keys($_FILES) - ); - - foreach ($input as $varname) - { - if (isset($not_unset[$varname])) - { - // Hacking attempt. No point in continuing. - if (isset($_COOKIE[$varname])) - { - echo "Clear your cookies. "; - } - echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; - exit; - } - - unset($GLOBALS[$varname]); - } - - unset($input); -} - /** * Minimum Requirement: PHP 5.4.0 */ -- cgit v1.2.1