mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-08 08:35:31 +02:00
Code Issues Releases Wiki Activity

We want to use this code in the install system as well

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@5871 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Graham Eames 2006-04-30 14:45:46 +00:00
parent 3536a60e10
commit 9918f8ee93
1 changed files with 56 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
phpBB/install/index.php
View File

@ -20,35 +20,29 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1);
//error_reporting(E_ERROR | E_WARNING | E_PARSE); //error_reporting(E_ERROR | E_WARNING | E_PARSE);
error_reporting(E_ALL); error_reporting(E_ALL);
// If we are on PHP >= 6.0.0 we do not need some code /*
if (version_compare(phpversion(), '6.0.0', '>=')) * Remove variables created by register_globals from the global scope
* Thanks to Matt Kavanagh
*/
function deregister_globals()
{ {
define('STRIP', false); $not_unset = array(
} 'GLOBALS' => true,
else '_GET' => true,
{ '_POST' => true,
set_magic_quotes_runtime(0); '_COOKIE' => true,
'_REQUEST' => true,
'_SERVER' => true,
'_SESSION' => true,
'_ENV' => true,
'_FILES' => true,
'phpEx' => true,
'phpbb_root_path' => true
);
// Protect against GLOBALS tricks // Not only will array_merge and array_keys give a warning if
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) // a parameter is not an array, array_merge will actually fail.
{ // So we check if _SESSION has been initialised.
exit;
}
// Protect against _SESSION tricks
if (isset($_SESSION) && !is_array($_SESSION))
{
exit;
}
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
{
$not_unset = array('_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_SESSION', '_ENV', '_FILES', 'phpEx', 'phpbb_root_path');
// Not only will array_merge give a warning if a parameter
// is not an array, it will actually fail. So we check if
// _SESSION has been initialised.
if (!isset($_SESSION) || !is_array($_SESSION)) if (!isset($_SESSION) || !is_array($_SESSION))
{ {
$_SESSION = array(); $_SESSION = array();
@ -56,19 +50,45 @@ else
// Merge all into one extremely huge array; unset // Merge all into one extremely huge array; unset
// this later // this later
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_SESSION, $_ENV, $_FILES); $input = array_merge(
array_keys($_GET),
array_keys($_POST),
array_keys($_COOKIE),
array_keys($_SERVER),
array_keys($_SESSION),
array_keys($_ENV),
array_keys($_FILES)
);
foreach ($input as $varname => $void) foreach ($input as $varname)
{ {
if (!in_array($varname, $not_unset)) if (isset($not_unset[$varname]))
{ {
unset(${$varname}); // Hacking attempt. No point in continuing.
exit;
} }
unset($GLOBALS[$varname]);
} }
unset($input); unset($input);
} }
// If we are on PHP >= 6.0.0 we do not need some code
if (version_compare(phpversion(), '6.0.0-dev', '>='))
{
define('STRIP', false);
}
else
{
set_magic_quotes_runtime(0);
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
{
deregister_globals();
}
define('STRIP', (get_magic_quotes_gpc()) ? true : false); define('STRIP', (get_magic_quotes_gpc()) ? true : false);
} }