We want to use this code in the install system as well

git-svn-id: file:///svn/phpbb/trunk@5871 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-05-06 23:55:26 +02:00 · 2006-04-30 14:45:46 +00:00 · 2006-04-30 14:45:46 +00:00 · 9918f8ee93
commit 9918f8ee93
parent 3536a60e10
1 changed files with 56 additions and 36 deletions
--- a/phpBB/install/index.php
+++ b/phpBB/install/index.php
@ -20,8 +20,62 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1);
 //error_reporting(E_ERROR | E_WARNING | E_PARSE);
 error_reporting(E_ALL);

+/*
+* Remove variables created by register_globals from the global scope
+* Thanks to Matt Kavanagh
+*/
+function deregister_globals()
+{
+	$not_unset = array(
+		'GLOBALS' => true,
+		'_GET' => true,
+		'_POST' => true,
+		'_COOKIE' => true,
+		'_REQUEST' => true,
+		'_SERVER' => true,
+		'_SESSION' => true,
+		'_ENV' => true,
+		'_FILES' => true,
+		'phpEx' => true,
+		'phpbb_root_path' => true
+	);
+
+	// Not only will array_merge and array_keys give a warning if
+	// a parameter is not an array, array_merge will actually fail.
+	// So we check if _SESSION has been initialised.
+	if (!isset($_SESSION) || !is_array($_SESSION))
+	{
+		$_SESSION = array();
+	}
+
+	// Merge all into one extremely huge array; unset
+	// this later
+	$input = array_merge(
+		array_keys($_GET),
+		array_keys($_POST),
+		array_keys($_COOKIE),
+		array_keys($_SERVER),
+		array_keys($_SESSION),
+		array_keys($_ENV),
+		array_keys($_FILES)
+	);
+
+	foreach ($input as $varname)
+	{
+		if (isset($not_unset[$varname]))
+		{
+			// Hacking attempt. No point in continuing.
+			exit;
+		}
+
+		unset($GLOBALS[$varname]);
+	}
+
+	unset($input);
+}
+
 // If we are on PHP >= 6.0.0 we do not need some code
-if (version_compare(phpversion(), '6.0.0', '>='))
+if (version_compare(phpversion(), '6.0.0-dev', '>='))
 {
 	define('STRIP', false);
 }
@ -29,44 +83,10 @@ else
 {
 	set_magic_quotes_runtime(0);

-	// Protect against GLOBALS tricks
-	if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']))
-	{
-		exit;
-	}
-
-	// Protect against _SESSION tricks
-	if (isset($_SESSION) && !is_array($_SESSION))
-	{
-		exit;
-	}
-
 	// Be paranoid with passed vars
 	if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
 	{
-		$not_unset = array('_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_SESSION', '_ENV', '_FILES', 'phpEx', 'phpbb_root_path');
-
-		// Not only will array_merge give a warning if a parameter
-		// is not an array, it will actually fail. So we check if
-		// _SESSION has been initialised.
-		if (!isset($_SESSION) || !is_array($_SESSION))
-		{
-			$_SESSION = array();
-		}
-
-		// Merge all into one extremely huge array; unset
-		// this later
-		$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_SESSION, $_ENV, $_FILES);
-
-		foreach ($input as $varname => $void)
-		{
-			if (!in_array($varname, $not_unset))
-			{
-				unset(${$varname});
-			}
-		}
-
-		unset($input);
+		deregister_globals();
 	}

 	define('STRIP', (get_magic_quotes_gpc()) ? true : false);