Menu
▾
▴
[mxbb-commits] core/install mx_install.php,1.85,1.86
|
From: OryNider <ory...@us...> - 2008-02-07 03:06:25
|
Update of /cvsroot/mxbb/core/install In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv22883 Modified Files: mx_install.php Log Message: same fix like in 2.8.1 Index: mx_install.php =================================================================== RCS file: /cvsroot/mxbb/core/install/mx_install.php,v retrieving revision 1.85 retrieving revision 1.86 diff -C2 -d -r1.85 -r1.86 *** mx_install.php 7 Feb 2008 01:34:32 -0000 1.85 --- mx_install.php 7 Feb 2008 03:06:15 -0000 1.86 *************** *** 65,69 **** define('INSTALLING', true); $mx_root_path = '../'; ! // // FYI: --- 65,69 ---- define('INSTALLING', true); $mx_root_path = '../'; ! $phpEx = substr(strrchr(__FILE__, '.'), 1); // // FYI: *************** *** 74,78 **** error_reporting(E_ALL ^ E_NOTICE); error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables ! include($mx_root_path . 'modules/mx_shared/ErrorHandler/prepend.php'); // For nice error output // ================================================================================ --- 74,78 ---- error_reporting(E_ALL ^ E_NOTICE); error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables ! include($mx_root_path . "modules/mx_shared/ErrorHandler/prepend.$phpEx"); // For nice error output // ================================================================================ *************** *** 124,131 **** if (isset($not_unset[$varname])) { ! // Hacking attempt. No point in continuing unless it's a COOKIE ! if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) { ! //exit; //this will die is php5 save mode } else --- 124,131 ---- if (isset($not_unset[$varname])) { ! // Hacking attempt. No point in continuing unless it's a COOKIE //removed for mx_install: $varname !== 'GLOBALS' || ! if (isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) { ! die("Hacking attempt. No point in continuing couse regiters globals can't be turned off plus you have save mode restrictions and there is no COOKIE."); } else *************** *** 172,175 **** --- 172,176 ---- } + // The following code (unsetting globals) // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files *************** *** 192,195 **** --- 193,197 ---- } + // Protect against GLOBALS tricks if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) *************** *** 382,386 **** // HERE BEGINS THE PARTY... // ================================================================================ - $phpEx = substr(strrchr(__FILE__, '.'), 1); include($mx_root_path . "install/includes/functions_install.$phpEx"); --- 384,387 ---- |
