mirror of
https://github.com/phpbb/phpbb.git
synced 2025-02-24 20:13:22 +01:00
2f4a618900
Changes:
- Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed.
- A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added.
git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0
228 lines
6.1 KiB
PHP
228 lines
6.1 KiB
PHP
<?php
|
|
/**
|
|
*
|
|
* @package phpBB3
|
|
* @version $Id$
|
|
* @copyright (c) 2005 phpBB Group
|
|
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
|
*
|
|
* Minimum Requirement: PHP 5.2.0+
|
|
*/
|
|
|
|
/**
|
|
*/
|
|
if (!defined('IN_PHPBB'))
|
|
{
|
|
exit;
|
|
}
|
|
|
|
$starttime = explode(' ', microtime());
|
|
$starttime = $starttime[1] + $starttime[0];
|
|
|
|
// Report all errors, except notices
|
|
error_reporting(E_ALL ^ E_NOTICE);
|
|
date_default_timezone_set('UTC');
|
|
|
|
/*
|
|
* Remove variables created by register_globals from the global scope
|
|
* Thanks to Matt Kavanagh
|
|
*/
|
|
function deregister_globals()
|
|
{
|
|
$not_unset = array(
|
|
'GLOBALS' => true,
|
|
'_GET' => true,
|
|
'_POST' => true,
|
|
'_COOKIE' => true,
|
|
'_REQUEST' => true,
|
|
'_SERVER' => true,
|
|
'_SESSION' => true,
|
|
'_ENV' => true,
|
|
'_FILES' => true,
|
|
'phpEx' => true,
|
|
'phpbb_root_path' => true
|
|
);
|
|
|
|
// Not only will array_merge and array_keys give a warning if
|
|
// a parameter is not an array, array_merge will actually fail.
|
|
// So we check if _SESSION has been initialised.
|
|
if (!isset($_SESSION) || !is_array($_SESSION))
|
|
{
|
|
$_SESSION = array();
|
|
}
|
|
|
|
// Merge all into one extremely huge array; unset this later
|
|
$input = array_merge(
|
|
array_keys($_GET),
|
|
array_keys($_POST),
|
|
array_keys($_COOKIE),
|
|
array_keys($_SERVER),
|
|
array_keys($_SESSION),
|
|
array_keys($_ENV),
|
|
array_keys($_FILES)
|
|
);
|
|
|
|
foreach ($input as $varname)
|
|
{
|
|
if (isset($not_unset[$varname]))
|
|
{
|
|
// Hacking attempt. No point in continuing unless it's a COOKIE
|
|
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
|
|
{
|
|
exit;
|
|
}
|
|
else
|
|
{
|
|
$cookie = &$_COOKIE;
|
|
while (isset($cookie['GLOBALS']))
|
|
{
|
|
foreach ($cookie['GLOBALS'] as $registered_var => $value)
|
|
{
|
|
if (!isset($not_unset[$registered_var]))
|
|
{
|
|
unset($GLOBALS[$registered_var]);
|
|
}
|
|
}
|
|
$cookie = &$cookie['GLOBALS'];
|
|
}
|
|
}
|
|
}
|
|
|
|
unset($GLOBALS[$varname]);
|
|
}
|
|
|
|
unset($input);
|
|
}
|
|
|
|
// If we are on PHP >= 6.0.0 we do not need some code
|
|
if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
|
|
{
|
|
/**
|
|
* @ignore
|
|
*/
|
|
define('STRIP', false);
|
|
}
|
|
else
|
|
{
|
|
set_magic_quotes_runtime(0);
|
|
|
|
// Be paranoid with passed vars
|
|
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
|
|
{
|
|
deregister_globals();
|
|
}
|
|
|
|
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
|
|
}
|
|
|
|
if (defined('IN_CRON'))
|
|
{
|
|
@define('PHPBB_ROOT_PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR);
|
|
}
|
|
|
|
if (!file_exists(PHPBB_ROOT_PATH . 'config.' . PHP_EXT))
|
|
{
|
|
die('<p>The config.' . PHP_EXT . ' file could not be found.</p><p><a href="' . PHPBB_ROOT_PATH . 'install/index.' . PHP_EXT . '">Click here to install phpBB</a></p>');
|
|
}
|
|
|
|
require(PHPBB_ROOT_PATH . 'config.' . PHP_EXT);
|
|
|
|
if (!defined('PHPBB_INSTALLED'))
|
|
{
|
|
// Redirect the user to the installer
|
|
// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
|
|
// available as used by the redirect function
|
|
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
|
|
$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
|
|
$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
|
|
|
|
$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
|
|
if (!$script_name)
|
|
{
|
|
$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
|
|
}
|
|
|
|
// Replace any number of consecutive backslashes and/or slashes with a single slash
|
|
// (could happen on some proxy setups and/or Windows servers)
|
|
$script_path = trim(dirname($script_name)) . '/install/index.' . PHP_EXT;
|
|
$script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path);
|
|
|
|
$url = (($secure) ? 'https://' : 'http://') . $server_name;
|
|
|
|
if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
|
|
{
|
|
// HTTP HOST can carry a port number...
|
|
if (strpos($server_name, ':') === false)
|
|
{
|
|
$url .= ':' . $server_port;
|
|
}
|
|
}
|
|
|
|
$url .= $script_path;
|
|
header('Location: ' . $url);
|
|
exit;
|
|
}
|
|
|
|
if (defined('DEBUG_EXTRA'))
|
|
{
|
|
$base_memory_usage = 0;
|
|
if (function_exists('memory_get_usage'))
|
|
{
|
|
$base_memory_usage = memory_get_usage();
|
|
}
|
|
}
|
|
|
|
// Load Extensions
|
|
if (!empty($load_extensions))
|
|
{
|
|
$load_extensions = explode(',', $load_extensions);
|
|
|
|
foreach ($load_extensions as $extension)
|
|
{
|
|
@dl(trim($extension));
|
|
}
|
|
}
|
|
|
|
// Include files
|
|
require(PHPBB_ROOT_PATH . 'includes/acm/acm_' . $acm_type . '.' . PHP_EXT);
|
|
require(PHPBB_ROOT_PATH . 'includes/cache.' . PHP_EXT);
|
|
require(PHPBB_ROOT_PATH . 'includes/template.' . PHP_EXT);
|
|
require(PHPBB_ROOT_PATH . 'includes/session.' . PHP_EXT);
|
|
require(PHPBB_ROOT_PATH . 'includes/auth.' . PHP_EXT);
|
|
|
|
require(PHPBB_ROOT_PATH . 'includes/functions.' . PHP_EXT);
|
|
require(PHPBB_ROOT_PATH . 'includes/functions_content.' . PHP_EXT);
|
|
|
|
require(PHPBB_ROOT_PATH . 'includes/constants.' . PHP_EXT);
|
|
require(PHPBB_ROOT_PATH . 'includes/db/' . $dbms . '.' . PHP_EXT);
|
|
require(PHPBB_ROOT_PATH . 'includes/utf/utf_tools.' . PHP_EXT);
|
|
|
|
// Set PHP error handler to ours
|
|
set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler');
|
|
|
|
// Instantiate some basic classes
|
|
$user = new user();
|
|
$auth = new auth();
|
|
$template = new template();
|
|
$cache = new acm();
|
|
$db = new $sql_db();
|
|
|
|
// Connect to DB
|
|
$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, defined('PHPBB_DB_NEW_LINK') ? PHPBB_DB_NEW_LINK : false);
|
|
|
|
// We do not need this any longer, unset for safety purposes
|
|
unset($dbpasswd);
|
|
|
|
// Grab global variables, re-cache if necessary
|
|
$config = cache::obtain_config();
|
|
|
|
// Add own hook handler
|
|
require(PHPBB_ROOT_PATH . 'includes/hooks/index.' . PHP_EXT);
|
|
$phpbb_hook = new phpbb_hook(array('exit_handler', 'phpbb_user_session_handler', 'append_sid', array('template', 'display')));
|
|
|
|
foreach (cache::obtain_hooks() as $hook)
|
|
{
|
|
@include(PHPBB_ROOT_PATH . 'includes/hooks/' . $hook . '.' . PHP_EXT);
|
|
}
|
|
|
|
?>
|