Menu
▾
▴
[mxbb-commits] core common.php,1.80,1.81
|
From: MW <jo...@us...> - 2008-02-10 21:04:34
|
Update of /cvsroot/mxbb/core In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv1485 Modified Files: common.php Log Message: Remove old outdated php4 seciurity checks as they are unrelevant now. Moved init of $mx_request_vars up to make use it been initialized before used. Index: common.php =================================================================== RCS file: /cvsroot/mxbb/core/common.php,v retrieving revision 1.80 retrieving revision 1.81 diff -C2 -d -r1.80 -r1.81 *** common.php 9 Feb 2008 19:49:06 -0000 1.80 --- common.php 10 Feb 2008 21:04:29 -0000 1.81 *************** *** 105,111 **** unset($input); ! } // If we are on PHP >= 6.0.0 we do not need some code ! if (phpversion() >= '6.0.0-dev') { /** --- 105,112 ---- unset($input); ! } ! // If we are on PHP >= 6.0.0 we do not need some code ! if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) { /** *************** *** 127,267 **** } - // The following code (unsetting globals) - // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files - - // PHP5 with register_long_arrays off? - /* - if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off')) - { - - $HTTP_POST_VARS = $_POST; - $HTTP_GET_VARS = $_GET; - $HTTP_SERVER_VARS = $_SERVER; - $HTTP_COOKIE_VARS = $_COOKIE; - $HTTP_ENV_VARS = $_ENV; - $HTTP_POST_FILES = $_FILES; - - // _SESSION is the only superglobal which is conditionally set - if (isset($_SESSION)) - { - $HTTP_SESSION_VARS = $_SESSION; - } - } - */ - // Protect against GLOBALS tricks - if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) - { - die("Hacking attempt"); - } - - // Protect against HTTP_SESSION_VARS tricks - if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)) - { - die("Hacking attempt"); - } - - if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') - { - // PHP4+ path - $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path', 'mx_root_path'); - - // Not only will array_merge give a warning if a parameter - // is not an array, it will actually fail. So we check if - // HTTP_SESSION_VARS has been initialised. - if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS)) - { - $HTTP_SESSION_VARS = array(); - } - - // Merge all into one extremely huge array; unset - // this later - // - // Note! Since array_merge() destroys numerical keys - if the array is numerically indexed, the keys get reindexed in a continuous way - we use the + operator instead - // - //$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES); - $input = $HTTP_GET_VARS + $HTTP_POST_VARS + $HTTP_COOKIE_VARS + $HTTP_SERVER_VARS + $HTTP_SESSION_VARS + $HTTP_ENV_VARS + $HTTP_POST_FILES; - - unset($input['input']); - unset($input['not_unset']); - - while (list($var,) = @each($input)) - { - if (in_array($var, $not_unset)) - { - die('Hacking attempt!'); - } - unset($$var); - } - unset($input); - } - - // - // addslashes to vars if magic_quotes_gpc is off - // this is a security precaution to prevent someone - // trying to break out of a SQL statement. - // - if( !get_magic_quotes_gpc() ) - { - if( is_array($HTTP_GET_VARS) ) - { - while( list($k, $v) = each($HTTP_GET_VARS) ) - { - if( is_array($HTTP_GET_VARS[$k]) ) - { - while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) ) - { - $HTTP_GET_VARS[$k][$k2] = addslashes($v2); - } - @reset($HTTP_GET_VARS[$k]); - } - else - { - $HTTP_GET_VARS[$k] = addslashes($v); - } - } - @reset($HTTP_GET_VARS); - } - - if( is_array($HTTP_POST_VARS) ) - { - while( list($k, $v) = each($HTTP_POST_VARS) ) - { - if( is_array($HTTP_POST_VARS[$k]) ) - { - while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) ) - { - $HTTP_POST_VARS[$k][$k2] = addslashes($v2); - } - @reset($HTTP_POST_VARS[$k]); - } - else - { - $HTTP_POST_VARS[$k] = addslashes($v); - } - } - @reset($HTTP_POST_VARS); - } - - if( is_array($HTTP_COOKIE_VARS) ) - { - while( list($k, $v) = each($HTTP_COOKIE_VARS) ) - { - if( is_array($HTTP_COOKIE_VARS[$k]) ) - { - while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) ) - { - $HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2); - } - @reset($HTTP_COOKIE_VARS[$k]); - } - else - { - $HTTP_COOKIE_VARS[$k] = addslashes($v); - } - } - @reset($HTTP_COOKIE_VARS); - } - } - // // Define some basic configuration arrays this also prevents --- 128,131 ---- *************** *** 300,303 **** --- 164,172 ---- // + // instatiate the mx_request_vars class + // make sure to do before it's ever used + $mx_request_vars = new mx_request_vars(); + + // // Instatiate the mx_cache class // *************** *** 386,394 **** // - // instatiate the mx_request_vars class - // - $mx_request_vars = new mx_request_vars(); - - // // instatiate the mx_user class // --- 255,258 ---- |
