makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 21:38:54 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'prep-release-3.0.9' into develop-olympus

Browse source 
* prep-release-3.0.9:
  [ticket/10218] Prevent startime from being overwritten by deregister_globals()
  [ticket/10218] Moving global deregistration, etc. to startup.php

Conflicts:
	phpBB/install/database_update.php
This commit is contained in:
Andreas Fischer 2011-06-15 18:51:04 +02:00
commit 79f757d4b7
6 changed files with 139 additions and 245 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

107
phpBB/common.php
View file

@ -16,112 +16,7 @@ if (!defined('IN_PHPBB'))
exit; exit;
} }
$starttime = explode(' ', microtime()); require($phpbb_root_path . 'includes/startup.' . $phpEx);
$starttime = $starttime[1] + $starttime[0];
// Report all errors, except notices and deprecation messages
if (!defined('E_DEPRECATED'))
{
define('E_DEPRECATED', 8192);
}
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
/*
* Remove variables created by register_globals from the global scope
* Thanks to Matt Kavanagh
*/
function deregister_globals()
{
$not_unset = array(
'GLOBALS' => true,
'_GET' => true,
'_POST' => true,
'_COOKIE' => true,
'_REQUEST' => true,
'_SERVER' => true,
'_SESSION' => true,
'_ENV' => true,
'_FILES' => true,
'phpEx' => true,
'phpbb_root_path' => true
);
// Not only will array_merge and array_keys give a warning if
// a parameter is not an array, array_merge will actually fail.
// So we check if _SESSION has been initialised.
if (!isset($_SESSION) || !is_array($_SESSION))
{
$_SESSION = array();
}
// Merge all into one extremely huge array; unset this later
$input = array_merge(
array_keys($_GET),
array_keys($_POST),
array_keys($_COOKIE),
array_keys($_SERVER),
array_keys($_SESSION),
array_keys($_ENV),
array_keys($_FILES)
);
foreach ($input as $varname)
{
if (isset($not_unset[$varname]))
{
// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
{
exit;
}
else
{
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
if (!is_array($cookie['GLOBALS']))
{
break;
}
foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
{
unset($GLOBALS[$registered_var]);
}
}
$cookie = &$cookie['GLOBALS'];
}
}
}
unset($GLOBALS[$varname]);
}
unset($input);
}
// If we are on PHP >= 6.0.0 we do not need some code
if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
{
/**
* @ignore
*/
define('STRIP', false);
}
else
{
@set_magic_quotes_runtime(0);
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
{
deregister_globals();
}
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
}
if (file_exists($phpbb_root_path . 'config.' . $phpEx)) if (file_exists($phpbb_root_path . 'config.' . $phpEx))
{ {

7
phpBB/download/file.php
View file

@ -31,12 +31,7 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'
if (isset($_GET['avatar'])) if (isset($_GET['avatar']))
{ {
if (!defined('E_DEPRECATED')) require($phpbb_root_path . 'includes/startup.' . $phpEx);
{
define('E_DEPRECATED', 8192);
}
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
require($phpbb_root_path . 'config.' . $phpEx); require($phpbb_root_path . 'config.' . $phpEx);
if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))

122
phpBB/includes/startup.php Normal file
View file

@ -0,0 +1,122 @@
<?php
/**
*
* @package phpBB3
* @copyright (c) 2011 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
*/
if (!defined('IN_PHPBB'))
{
exit;
}
// Report all errors, except notices and deprecation messages
if (!defined('E_DEPRECATED'))
{
define('E_DEPRECATED', 8192);
}
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
/*
* Remove variables created by register_globals from the global scope
* Thanks to Matt Kavanagh
*/
function deregister_globals()
{
$not_unset = array(
'GLOBALS' => true,
'_GET' => true,
'_POST' => true,
'_COOKIE' => true,
'_REQUEST' => true,
'_SERVER' => true,
'_SESSION' => true,
'_ENV' => true,
'_FILES' => true,
'phpEx' => true,
'phpbb_root_path' => true
);
// Not only will array_merge and array_keys give a warning if
// a parameter is not an array, array_merge will actually fail.
// So we check if _SESSION has been initialised.
if (!isset($_SESSION) || !is_array($_SESSION))
{
$_SESSION = array();
}
// Merge all into one extremely huge array; unset this later
$input = array_merge(
array_keys($_GET),
array_keys($_POST),
array_keys($_COOKIE),
array_keys($_SERVER),
array_keys($_SESSION),
array_keys($_ENV),
array_keys($_FILES)
);
foreach ($input as $varname)
{
if (isset($not_unset[$varname]))
{
// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
{
exit;
}
else
{
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
if (!is_array($cookie['GLOBALS']))
{
break;
}
foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
{
unset($GLOBALS[$registered_var]);
}
}
$cookie = &$cookie['GLOBALS'];
}
}
}
unset($GLOBALS[$varname]);
}
unset($input);
}
// If we are on PHP >= 6.0.0 we do not need some code
if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
{
/**
* @ignore
*/
define('STRIP', false);
}
else
{
@set_magic_quotes_runtime(0);
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
{
deregister_globals();
}
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
}
$starttime = explode(' ', microtime());
$starttime = $starttime[1] + $starttime[0];

36
phpBB/install/database_update.php
View file

@ -8,17 +8,21 @@
* *
*/ */
$updates_to_version = '3.0.10-dev'; define('UPDATES_TO_VERSION', '3.0.10-dev');
// Enter any version to update from to test updates. The version within the db will not be updated. // Enter any version to update from to test updates. The version within the db will not be updated.
$debug_from_version = false; define('DEBUG_FROM_VERSION', false);
// Which oldest version does this updater support? // Which oldest version does this updater support?
$oldest_from_version = '3.0.0'; define('OLDEST_FROM_VERSION', '3.0.0');
// Return if we "just include it" to find out for which version the database update is responsible for // Return if we "just include it" to find out for which version the database update is responsible for
if (defined('IN_PHPBB') && defined('IN_INSTALL')) if (defined('IN_PHPBB') && defined('IN_INSTALL'))
{ {
$updates_to_version = UPDATES_TO_VERSION;
$debug_from_version = DEBUG_FROM_VERSION;
$oldest_from_version = OLDEST_FROM_VERSION;
return; return;
} }
@ -30,12 +34,12 @@ define('IN_INSTALL', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../'; $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1); $phpEx = substr(strrchr(__FILE__, '.'), 1);
// Report all errors, except notices and deprecation messages require($phpbb_root_path . 'includes/startup.' . $phpEx);
if (!defined('E_DEPRECATED'))
{ $updates_to_version = UPDATES_TO_VERSION;
define('E_DEPRECATED', 8192); $debug_from_version = DEBUG_FROM_VERSION;
} $oldest_from_version = OLDEST_FROM_VERSION;
//error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
error_reporting(E_ALL); error_reporting(E_ALL);
@set_time_limit(0); @set_time_limit(0);
@ -85,20 +89,6 @@ if (!defined('LOGIN_ATTEMPT_TABLE'))
define('LOGIN_ATTEMPT_TABLE', $table_prefix . 'login_attempts'); define('LOGIN_ATTEMPT_TABLE', $table_prefix . 'login_attempts');
} }
// If we are on PHP >= 6.0.0 we do not need some code
if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
{
/**
* @ignore
*/
define('STRIP', false);
}
else
{
@set_magic_quotes_runtime(0);
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
}
$user = new user(); $user = new user();
$cache = new cache(); $cache = new cache();
$db = new $sql_db(); $db = new $sql_db();

99
phpBB/install/index.php
View file

@ -18,110 +18,13 @@ define('IN_INSTALL', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../'; $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1); $phpEx = substr(strrchr(__FILE__, '.'), 1);
// Report all errors, except notices and deprecation messages
if (!defined('E_DEPRECATED'))
{
define('E_DEPRECATED', 8192);
}
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
// @todo Review this test and see if we can find out what it is which prevents PHP 4.2.x from even displaying the page with requirements on it // @todo Review this test and see if we can find out what it is which prevents PHP 4.2.x from even displaying the page with requirements on it
if (version_compare(PHP_VERSION, '4.3.3') < 0) if (version_compare(PHP_VERSION, '4.3.3') < 0)
{ {
die('You are running an unsupported PHP version. Please upgrade to PHP 4.3.3 or higher before trying to install phpBB 3.0'); die('You are running an unsupported PHP version. Please upgrade to PHP 4.3.3 or higher before trying to install phpBB 3.0');
} }
/* require($phpbb_root_path . 'includes/startup.' . $phpEx);
* Remove variables created by register_globals from the global scope
* Thanks to Matt Kavanagh
*/
function deregister_globals()
{
$not_unset = array(
'GLOBALS' => true,
'_GET' => true,
'_POST' => true,
'_COOKIE' => true,
'_REQUEST' => true,
'_SERVER' => true,
'_SESSION' => true,
'_ENV' => true,
'_FILES' => true,
'phpEx' => true,
'phpbb_root_path' => true
);
// Not only will array_merge and array_keys give a warning if
// a parameter is not an array, array_merge will actually fail.
// So we check if _SESSION has been initialised.
if (!isset($_SESSION) || !is_array($_SESSION))
{
$_SESSION = array();
}
// Merge all into one extremely huge array; unset this later
$input = array_merge(
array_keys($_GET),
array_keys($_POST),
array_keys($_COOKIE),
array_keys($_SERVER),
array_keys($_SESSION),
array_keys($_ENV),
array_keys($_FILES)
);
foreach ($input as $varname)
{
if (isset($not_unset[$varname]))
{
// Hacking attempt. No point in continuing unless it's a COOKIE
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
{
exit;
}
else
{
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
{
unset($GLOBALS[$registered_var]);
}
}
$cookie = &$cookie['GLOBALS'];
}
}
}
unset($GLOBALS[$varname]);
}
unset($input);
}
// If we are on PHP >= 6.0.0 we do not need some code
if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
{
/**
* @ignore
*/
define('STRIP', false);
}
else
{
@set_magic_quotes_runtime(0);
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
{
deregister_globals();
}
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
}
// Try to override some limits - maybe it helps some... // Try to override some limits - maybe it helps some...
@set_time_limit(0); @set_time_limit(0);

13
phpBB/style.php
View file

@ -15,13 +15,7 @@ define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './'; $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1); $phpEx = substr(strrchr(__FILE__, '.'), 1);
// Report all errors, except notices and deprecation messages require($phpbb_root_path . 'includes/startup.' . $phpEx);
if (!defined('E_DEPRECATED'))
{
define('E_DEPRECATED', 8192);
}
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
require($phpbb_root_path . 'config.' . $phpEx); require($phpbb_root_path . 'config.' . $phpEx);
if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
@ -29,11 +23,6 @@ if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
exit; exit;
} }
if (version_compare(PHP_VERSION, '6.0.0-dev', '<'))
{
@set_magic_quotes_runtime(0);
}
// Load Extensions // Load Extensions
if (!empty($load_extensions) && function_exists('dl')) if (!empty($load_extensions) && function_exists('dl'))
{ {