Menu
▾
▴
[mxbb-commits] core common.php,1.82,1.83
|
From: OryNider <ory...@us...> - 2008-02-12 08:19:11
|
Update of /cvsroot/mxbb/core In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv16156 Modified Files: common.php Log Message: // PHP5 with register_long_arrays off? This is requested in class mx_request_vars, do not change! Index: common.php =================================================================== RCS file: /cvsroot/mxbb/core/common.php,v retrieving revision 1.82 retrieving revision 1.83 diff -C2 -d -r1.82 -r1.83 *** common.php 11 Feb 2008 11:13:17 -0000 1.82 --- common.php 12 Feb 2008 08:19:06 -0000 1.83 *************** *** 128,131 **** --- 128,164 ---- } + // The following code (unsetting globals) + // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files + + // PHP5 with register_long_arrays off? This is requested in class mx_request_vars, do not change! + if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off')) + { + $HTTP_POST_VAR = $_POST; + $HTTP_GET_VAR = $_GET; + $HTTP_SERVER_VARS = $_SERVER; + $HTTP_COOKIE_VARS = $_COOKIE; + $HTTP_ENV_VARS = $_ENV; + $HTTP_POST_FILES = $_FILES; + + // _SESSION is the only superglobal which is conditionally set + if (isset($_SESSION)) + { + $HTTP_SESSION_VARS = $_SESSION; + } + } + + + // Protect against GLOBALS tricks + if (isset($_POST['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($_GET['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) + { + die("Hacking attempt"); + } + + // Protect against HTTP_SESSION_VARS tricks + if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)) + { + die("Hacking attempt"); + } + // // Define some basic configuration arrays this also prevents |
