mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-31 22:10:45 +02:00
[ticket/10218] Moving global deregistration, etc. to startup.php
Because startup.php deletes all variables, the constants in database_update are used to preserve settings at the top. PHPBB3-10218
This commit is contained in:
121
phpBB/includes/startup.php
Normal file
121
phpBB/includes/startup.php
Normal file
@@ -0,0 +1,121 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* @package phpBB3
|
||||
* @copyright (c) 2011 phpBB Group
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
*/
|
||||
if (!defined('IN_PHPBB'))
|
||||
{
|
||||
exit;
|
||||
}
|
||||
$starttime = explode(' ', microtime());
|
||||
$starttime = $starttime[1] + $starttime[0];
|
||||
|
||||
// Report all errors, except notices and deprecation messages
|
||||
if (!defined('E_DEPRECATED'))
|
||||
{
|
||||
define('E_DEPRECATED', 8192);
|
||||
}
|
||||
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
|
||||
|
||||
/*
|
||||
* Remove variables created by register_globals from the global scope
|
||||
* Thanks to Matt Kavanagh
|
||||
*/
|
||||
function deregister_globals()
|
||||
{
|
||||
$not_unset = array(
|
||||
'GLOBALS' => true,
|
||||
'_GET' => true,
|
||||
'_POST' => true,
|
||||
'_COOKIE' => true,
|
||||
'_REQUEST' => true,
|
||||
'_SERVER' => true,
|
||||
'_SESSION' => true,
|
||||
'_ENV' => true,
|
||||
'_FILES' => true,
|
||||
'phpEx' => true,
|
||||
'phpbb_root_path' => true
|
||||
);
|
||||
|
||||
// Not only will array_merge and array_keys give a warning if
|
||||
// a parameter is not an array, array_merge will actually fail.
|
||||
// So we check if _SESSION has been initialised.
|
||||
if (!isset($_SESSION) || !is_array($_SESSION))
|
||||
{
|
||||
$_SESSION = array();
|
||||
}
|
||||
|
||||
// Merge all into one extremely huge array; unset this later
|
||||
$input = array_merge(
|
||||
array_keys($_GET),
|
||||
array_keys($_POST),
|
||||
array_keys($_COOKIE),
|
||||
array_keys($_SERVER),
|
||||
array_keys($_SESSION),
|
||||
array_keys($_ENV),
|
||||
array_keys($_FILES)
|
||||
);
|
||||
|
||||
foreach ($input as $varname)
|
||||
{
|
||||
if (isset($not_unset[$varname]))
|
||||
{
|
||||
// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
|
||||
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
|
||||
{
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
$cookie = &$_COOKIE;
|
||||
while (isset($cookie['GLOBALS']))
|
||||
{
|
||||
if (!is_array($cookie['GLOBALS']))
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
foreach ($cookie['GLOBALS'] as $registered_var => $value)
|
||||
{
|
||||
if (!isset($not_unset[$registered_var]))
|
||||
{
|
||||
unset($GLOBALS[$registered_var]);
|
||||
}
|
||||
}
|
||||
$cookie = &$cookie['GLOBALS'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
unset($GLOBALS[$varname]);
|
||||
}
|
||||
|
||||
unset($input);
|
||||
}
|
||||
|
||||
// If we are on PHP >= 6.0.0 we do not need some code
|
||||
if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
|
||||
{
|
||||
/**
|
||||
* @ignore
|
||||
*/
|
||||
define('STRIP', false);
|
||||
}
|
||||
else
|
||||
{
|
||||
@set_magic_quotes_runtime(0);
|
||||
|
||||
// Be paranoid with passed vars
|
||||
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
|
||||
{
|
||||
deregister_globals();
|
||||
}
|
||||
|
||||
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
|
||||
}
|
Reference in New Issue
Block a user