mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-31 03:59:52 +02:00
This commit was manufactured by cvs2svn to create tag
'release_2_0_20'. git-svn-id: file:///svn/phpbb/tags/release_2_0_20@5762 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
(no author)
140
phpBB/common.php
140
phpBB/common.php
@@ -8,7 +8,6 @@
|
||||
*
|
||||
* $Id$
|
||||
*
|
||||
*
|
||||
***************************************************************************/
|
||||
|
||||
/***************************************************************************
|
||||
@@ -25,9 +24,73 @@ if ( !defined('IN_PHPBB') )
|
||||
die("Hacking attempt");
|
||||
}
|
||||
|
||||
//
|
||||
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
|
||||
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
|
||||
|
||||
// The following code (unsetting globals)
|
||||
// Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files
|
||||
|
||||
// PHP5 with register_long_arrays off?
|
||||
if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off'))
|
||||
{
|
||||
$HTTP_POST_VARS = $_POST;
|
||||
$HTTP_GET_VARS = $_GET;
|
||||
$HTTP_SERVER_VARS = $_SERVER;
|
||||
$HTTP_COOKIE_VARS = $_COOKIE;
|
||||
$HTTP_ENV_VARS = $_ENV;
|
||||
$HTTP_POST_FILES = $_FILES;
|
||||
|
||||
// _SESSION is the only superglobal which is conditionally set
|
||||
if (isset($_SESSION))
|
||||
{
|
||||
$HTTP_SESSION_VARS = $_SESSION;
|
||||
}
|
||||
}
|
||||
|
||||
// Protect against GLOBALS tricks
|
||||
if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS']))
|
||||
{
|
||||
die("Hacking attempt");
|
||||
}
|
||||
|
||||
// Protect against HTTP_SESSION_VARS tricks
|
||||
if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS))
|
||||
{
|
||||
die("Hacking attempt");
|
||||
}
|
||||
|
||||
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
|
||||
{
|
||||
// PHP4+ path
|
||||
$not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');
|
||||
|
||||
// Not only will array_merge give a warning if a parameter
|
||||
// is not an array, it will actually fail. So we check if
|
||||
// HTTP_SESSION_VARS has been initialised.
|
||||
if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS))
|
||||
{
|
||||
$HTTP_SESSION_VARS = array();
|
||||
}
|
||||
|
||||
// Merge all into one extremely huge array; unset
|
||||
// this later
|
||||
$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
|
||||
|
||||
unset($input['input']);
|
||||
unset($input['not_unset']);
|
||||
|
||||
while (list($var,) = @each($input))
|
||||
{
|
||||
if (!in_array($var, $not_unset))
|
||||
{
|
||||
unset($$var);
|
||||
}
|
||||
}
|
||||
|
||||
unset($input);
|
||||
}
|
||||
|
||||
//
|
||||
// addslashes to vars if magic_quotes_gpc is off
|
||||
// this is a security precaution to prevent someone
|
||||
@@ -101,18 +164,21 @@ if( !get_magic_quotes_gpc() )
|
||||
// malicious rewriting of language and otherarray values via
|
||||
// URI params
|
||||
//
|
||||
$board_config = Array();
|
||||
$userdata = Array();
|
||||
$theme = Array();
|
||||
$images = Array();
|
||||
$lang = Array();
|
||||
$board_config = array();
|
||||
$userdata = array();
|
||||
$theme = array();
|
||||
$images = array();
|
||||
$lang = array();
|
||||
$nav_links = array();
|
||||
$dss_seeded = false;
|
||||
$gen_simple_header = FALSE;
|
||||
|
||||
@include($phpbb_root_path . 'config.'.$phpEx);
|
||||
include($phpbb_root_path . 'config.'.$phpEx);
|
||||
|
||||
if( !defined("PHPBB_INSTALLED") )
|
||||
{
|
||||
header("Location: install.$phpEx");
|
||||
header('Location: ' . $phpbb_root_path . 'install/install.' . $phpEx);
|
||||
exit;
|
||||
}
|
||||
|
||||
include($phpbb_root_path . 'includes/constants.'.$phpEx);
|
||||
@@ -122,45 +188,18 @@ include($phpbb_root_path . 'includes/auth.'.$phpEx);
|
||||
include($phpbb_root_path . 'includes/functions.'.$phpEx);
|
||||
include($phpbb_root_path . 'includes/db.'.$phpEx);
|
||||
|
||||
//
|
||||
// Mozilla navigation bar
|
||||
// Default items that should be valid on all pages.
|
||||
// Defined here and not in page_header.php so they can be redefined in the code
|
||||
//
|
||||
$nav_links['top'] = array (
|
||||
'url' => append_sid($phpbb_root_dir."index.".$phpEx),
|
||||
'title' => sprintf($lang['Forum_Index'], $board_config['sitename'])
|
||||
);
|
||||
$nav_links['search'] = array (
|
||||
'url' => append_sid($phpbb_root_dir."search.".$phpEx),
|
||||
'title' => $lang['Search']
|
||||
);
|
||||
$nav_links['help'] = array (
|
||||
'url' => append_sid($phpbb_root_dir."faq.".$phpEx),
|
||||
'title' => $lang['FAQ']
|
||||
);
|
||||
$nav_links['author'] = array (
|
||||
'url' => append_sid($phpbb_root_dir."memberlist.".$phpEx),
|
||||
'title' => $lang['Memberlist']
|
||||
);
|
||||
// We do not need this any longer, unset for safety purposes
|
||||
unset($dbpasswd);
|
||||
|
||||
//
|
||||
// Obtain and encode users IP
|
||||
//
|
||||
if( getenv('HTTP_X_FORWARDED_FOR') != '' )
|
||||
{
|
||||
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
|
||||
|
||||
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
|
||||
{
|
||||
$private_ip = array('/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
|
||||
$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
|
||||
}
|
||||
// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
|
||||
// private range IP's appearing instead of the guilty routable IP, tough, don't
|
||||
// even bother complaining ... go scream and shout at the idiots out there who feel
|
||||
// "clever" is doing harm rather than good ... karma is a great thing ... :)
|
||||
//
|
||||
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );
|
||||
$user_ip = encode_ip($client_ip);
|
||||
|
||||
//
|
||||
@@ -170,16 +209,19 @@ $user_ip = encode_ip($client_ip);
|
||||
//
|
||||
$sql = "SELECT *
|
||||
FROM " . CONFIG_TABLE;
|
||||
if(!$result = $db->sql_query($sql))
|
||||
if( !($result = $db->sql_query($sql)) )
|
||||
{
|
||||
message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql);
|
||||
}
|
||||
else
|
||||
|
||||
while ( $row = $db->sql_fetchrow($result) )
|
||||
{
|
||||
while($row = $db->sql_fetchrow($result))
|
||||
{
|
||||
$board_config[$row['config_name']] = $row['config_value'];
|
||||
}
|
||||
$board_config[$row['config_name']] = $row['config_value'];
|
||||
}
|
||||
|
||||
if (file_exists('install') || file_exists('contrib'))
|
||||
{
|
||||
message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib');
|
||||
}
|
||||
|
||||
//
|
||||
|
||||
Reference in New Issue
Block a user