mirror of
				https://github.com/phpbb/phpbb.git
				synced 2025-10-25 05:36:13 +02:00 
			
		
		
		
	
		
			
				
	
	
		
			123 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			123 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| /**
 | |
| *
 | |
| * @package phpBB3
 | |
| * @copyright (c) 2011 phpBB Group
 | |
| * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 | |
| *
 | |
| */
 | |
| 
 | |
| /**
 | |
| */
 | |
| if (!defined('IN_PHPBB'))
 | |
| {
 | |
| 	exit;
 | |
| }
 | |
| 
 | |
| // Report all errors, except notices and deprecation messages
 | |
| if (!defined('E_DEPRECATED'))
 | |
| {
 | |
| 	define('E_DEPRECATED', 8192);
 | |
| }
 | |
| error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
 | |
| 
 | |
| /*
 | |
| * Remove variables created by register_globals from the global scope
 | |
| * Thanks to Matt Kavanagh
 | |
| */
 | |
| function deregister_globals()
 | |
| {
 | |
| 	$not_unset = array(
 | |
| 		'GLOBALS'	=> true,
 | |
| 		'_GET'		=> true,
 | |
| 		'_POST'		=> true,
 | |
| 		'_COOKIE'	=> true,
 | |
| 		'_REQUEST'	=> true,
 | |
| 		'_SERVER'	=> true,
 | |
| 		'_SESSION'	=> true,
 | |
| 		'_ENV'		=> true,
 | |
| 		'_FILES'	=> true,
 | |
| 		'phpEx'		=> true,
 | |
| 		'phpbb_root_path'	=> true
 | |
| 	);
 | |
| 
 | |
| 	// Not only will array_merge and array_keys give a warning if
 | |
| 	// a parameter is not an array, array_merge will actually fail.
 | |
| 	// So we check if _SESSION has been initialised.
 | |
| 	if (!isset($_SESSION) || !is_array($_SESSION))
 | |
| 	{
 | |
| 		$_SESSION = array();
 | |
| 	}
 | |
| 
 | |
| 	// Merge all into one extremely huge array; unset this later
 | |
| 	$input = array_merge(
 | |
| 		array_keys($_GET),
 | |
| 		array_keys($_POST),
 | |
| 		array_keys($_COOKIE),
 | |
| 		array_keys($_SERVER),
 | |
| 		array_keys($_SESSION),
 | |
| 		array_keys($_ENV),
 | |
| 		array_keys($_FILES)
 | |
| 	);
 | |
| 
 | |
| 	foreach ($input as $varname)
 | |
| 	{
 | |
| 		if (isset($not_unset[$varname]))
 | |
| 		{
 | |
| 			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
 | |
| 			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
 | |
| 			{
 | |
| 				exit;
 | |
| 			}
 | |
| 			else
 | |
| 			{
 | |
| 				$cookie = &$_COOKIE;
 | |
| 				while (isset($cookie['GLOBALS']))
 | |
| 				{
 | |
| 					if (!is_array($cookie['GLOBALS']))
 | |
| 					{
 | |
| 						break;
 | |
| 					}
 | |
| 
 | |
| 					foreach ($cookie['GLOBALS'] as $registered_var => $value)
 | |
| 					{
 | |
| 						if (!isset($not_unset[$registered_var]))
 | |
| 						{
 | |
| 							unset($GLOBALS[$registered_var]);
 | |
| 						}
 | |
| 					}
 | |
| 					$cookie = &$cookie['GLOBALS'];
 | |
| 				}
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		unset($GLOBALS[$varname]);
 | |
| 	}
 | |
| 
 | |
| 	unset($input);
 | |
| }
 | |
| 
 | |
| // If we are on PHP >= 6.0.0 we do not need some code
 | |
| if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
 | |
| {
 | |
| 	/**
 | |
| 	* @ignore
 | |
| 	*/
 | |
| 	define('STRIP', false);
 | |
| }
 | |
| else
 | |
| {
 | |
| 	@set_magic_quotes_runtime(0);
 | |
| 
 | |
| 	// Be paranoid with passed vars
 | |
| 	if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
 | |
| 	{
 | |
| 		deregister_globals();
 | |
| 	}
 | |
| 
 | |
| 	define('STRIP', (get_magic_quotes_gpc()) ? true : false);
 | |
| }
 | |
| 
 | |
| $starttime = explode(' ', microtime());
 | |
| $starttime = $starttime[1] + $starttime[0];
 |