Changeset 104

Show
Ignore:
Timestamp:
2007-12-19 19:35:09 (1 year ago)
Author:
hannes
Message:

de-registering local names of global variables in case register_globals is turned on (ticket #43)

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/includes/input.php

    r68 r104  
    2323 **/ 
    2424 
     25/* register_globals atrocity can't just be disabled by using ini_set, 
     26 * because the damage is already done once that takes effect, so... */ 
     27if (ini_get('register_globals') !== 0 && strtolower(ini_get('register_globals')) !== 'off') { 
     28    // 'de-register' all local names of global variables 
     29    foreach ($_SERVER as $key=>$val) { 
     30        unset($$key); 
     31    } 
     32    foreach ($_GET as $key=>$val) { 
     33        unset($$key); 
     34    } 
     35    foreach ($_POST as $key=>$val) { 
     36        unset($$key); 
     37    } 
     38    foreach ($_COOKIE as $key=>$val) { 
     39        unset($$key); 
     40    } 
     41    foreach ($_FILES as $key=>$val) { 
     42        unset($$key); 
     43    } 
     44    foreach ($_ENV as $key=>$val) { 
     45        unset($$key); 
     46    } 
     47    foreach ($_REQUEST as $key=>$val) { 
     48        unset($$key); 
     49    } 
     50    if (isset($_SESSION) && is_array($_SESSION)) { 
     51        foreach ($_SESSION as $key=>$val) { 
     52            unset($$key); 
     53        } 
     54    } 
     55} 
     56 
    2557// handle PHP's 'magic quotes' feature (bug) in case disabling it through .htaccess failed 
    2658function stripslashes_array($data) { 

  • trunk/index.php

    r53 r104  
    2424 
    2525// disable output of error messages and warnings 
    26 ini_set('display_errors','Off'); 
     26ini_set('display_errors', 'Off'); 
    2727 
    2828// if install script is present, redirect there