Menu
▾
▴
[mxbb-commits] core/install mx_install.php,1.84,1.85
|
From: OryNider <ory...@us...> - 2008-02-07 01:34:37
|
Update of /cvsroot/mxbb/core/install In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv12785/install Modified Files: mx_install.php Log Message: http://www.mx-system.com/forum/viewtopic.php?p=61446#61446 Index: mx_install.php =================================================================== RCS file: /cvsroot/mxbb/core/install/mx_install.php,v retrieving revision 1.84 retrieving revision 1.85 diff -C2 -d -r1.84 -r1.85 *** mx_install.php 5 Feb 2008 14:51:28 -0000 1.84 --- mx_install.php 7 Feb 2008 01:34:32 -0000 1.85 *************** *** 79,83 **** // The following code is based on common.php from phpBB // ================================================================================ ! set_magic_quotes_runtime(0); // Disable magic_quotes_runtime // The following code (unsetting globals) --- 79,174 ---- // The following code is based on common.php from phpBB // ================================================================================ ! /* ! * Remove variables created by register_globals from the global scope ! * Thanks to Matt Kavanagh ! */ ! function deregister_globals() ! { ! $not_unset = array( ! 'GLOBALS' => true, ! '_GET' => true, ! '_POST' => true, ! '_COOKIE' => true, ! '_REQUEST' => true, ! '_SERVER' => true, ! '_SESSION' => true, ! '_ENV' => true, ! '_FILES' => true, ! 'phpEx' => true, ! 'phpbb_root_path' => true, ! 'mx_root_path' => true, ! 'module_root_path' => true ! ); ! ! // Not only will array_merge and array_keys give a warning if ! // a parameter is not an array, array_merge will actually fail. ! // So we check if _SESSION has been initialised. ! if (!isset($_SESSION) || !is_array($_SESSION)) ! { ! $_SESSION = array(); ! } ! ! // Merge all into one extremely huge array; unset this later ! $input = array_merge( ! array_keys($_GET), ! array_keys($_POST), ! array_keys($_COOKIE), ! array_keys($_SERVER), ! array_keys($_SESSION), ! array_keys($_ENV), ! array_keys($_FILES) ! ); ! ! foreach ($input as $varname) ! { ! if (isset($not_unset[$varname])) ! { ! // Hacking attempt. No point in continuing unless it's a COOKIE ! if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) ! { ! //exit; //this will die is php5 save mode ! } ! else ! { ! $cookie = &$_COOKIE; ! while (isset($cookie['GLOBALS'])) ! { ! foreach ($cookie['GLOBALS'] as $registered_var => $value) ! { ! if (!isset($not_unset[$registered_var])) ! { ! unset($GLOBALS[$registered_var]); ! } ! } ! $cookie = &$cookie['GLOBALS']; ! } ! } ! } ! ! unset($GLOBALS[$varname]); ! } ! ! unset($input); ! } ! // If we are on PHP >= 6.0.0 we do not need some code ! if (phpversion() >= '6.0.0-dev') ! { ! /** ! * @ignore ! */ ! define('STRIP', false); ! } ! else ! { ! set_magic_quotes_runtime(0); ! ! // Be paranoid with passed vars ! if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) ! { ! @deregister_globals(); ! } ! ! define('STRIP', (get_magic_quotes_gpc()) ? true : false); ! } // The following code (unsetting globals) *************** *** 216,310 **** } - /* - * Remove variables created by register_globals from the global scope - * Thanks to Matt Kavanagh - */ - function deregister_globals() - { - $not_unset = array( - 'GLOBALS' => true, - '_GET' => true, - '_POST' => true, - '_COOKIE' => true, - '_REQUEST' => true, - '_SERVER' => true, - '_SESSION' => true, - '_ENV' => true, - '_FILES' => true, - 'phpEx' => true, - 'phpbb_root_path' => true - ); - - // Not only will array_merge and array_keys give a warning if - // a parameter is not an array, array_merge will actually fail. - // So we check if _SESSION has been initialised. - if (!isset($_SESSION) || !is_array($_SESSION)) - { - $_SESSION = array(); - } - - // Merge all into one extremely huge array; unset this later - $input = array_merge( - array_keys($_GET), - array_keys($_POST), - array_keys($_COOKIE), - array_keys($_SERVER), - array_keys($_SESSION), - array_keys($_ENV), - array_keys($_FILES) - ); - - foreach ($input as $varname) - { - if (isset($not_unset[$varname])) - { - // Hacking attempt. No point in continuing unless it's a COOKIE - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) - { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } - } - } - - unset($GLOBALS[$varname]); - } - - unset($input); - } - - // If we are on PHP >= 6.0.0 we do not need some code - if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) - { - /** - * @ignore - */ - define('STRIP', false); - } - else - { - set_magic_quotes_runtime(0); - - // Be paranoid with passed vars - if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) - { - deregister_globals(); - } - - define('STRIP', (get_magic_quotes_gpc()) ? true : false); - } // --- 307,310 ---- |
