mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-06 08:47:45 +02:00
Code Issues Releases Wiki Activity

2.0.18 changes

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5283 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2005-10-30 15:17:14 +00:00
parent 37f67fdea9
commit 9b9618f2dd
30 changed files with 503 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
phpBB/common.php
View File

@@ -28,10 +28,11 @@ if ( !defined('IN_PHPBB') )
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
// The following code (unsetting globals) was contributed by Matt Kavanagh
// The following code (unsetting globals)
// Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files
// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
if (@phpversion() >= '5.0.0' && (!ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off'))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
@@ -47,29 +48,19 @@ if (!isset($HTTP_POST_VARS) && isset($_POST))
}
}
if (@phpversion() < '4.0.0')
// Protect against GLOBALS tricks
if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS']))
{
// PHP3 path; in PHP3, globals are _always_ registered
// We 'flip' the array of variables to test like this so that
// we can validate later with isset($test[$var]) (no in_array())
$test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL);
// Loop through each input array
@reset($test);
while (list($input,) = @each($test))
{
while (list($var,) = @each($$input))
{
// Validate the variable to be unset
if (!isset($test[$var]) && $var != 'test' && $var != 'input')
{
unset($$var);
}
}
}
die("Hacking attempt");
}
else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
// Protect against HTTP_SESSION_VARS tricks
if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS))
{
die("Hacking attempt");
}
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
{
// PHP4+ path
$not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');
@@ -77,7 +68,7 @@ else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_gl
// Not only will array_merge give a warning if a parameter
// is not an array, it will actually fail. So we check if
// HTTP_SESSION_VARS has been initialised.
if (!isset($HTTP_SESSION_VARS))
if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS))
{
$HTTP_SESSION_VARS = array();
}
@@ -96,7 +87,7 @@ else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_gl
unset($$var);
}
}
unset($input);
}