From 9bc05019a6d97430b290f8a3d15a1c7008c0b3da Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Wed, 26 Apr 2006 18:22:28 +0000 Subject: [PATCH] - safer globals deregistration git-svn-id: file:///svn/phpbb/trunk@5849 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/common.php | 91 +++++++++++++++++++++++++++++------------------- 1 file changed, 55 insertions(+), 36 deletions(-) diff --git a/phpBB/common.php b/phpBB/common.php index 802e16b2f0..7ad8fa5ad5 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -11,7 +11,7 @@ // Remove the following line to enable this software, be sure you note what it // says before continuing -die('This software is unsupported in any and all respects. By removing this notice (found in common.php) you are noting your acceptance of this. Do not ask support questions of any kind for this release at either area51.phpbb.com or www.phpbb.com. Support for this version will appear when the beta cycle begins'); +//die('This software is unsupported in any and all respects. By removing this notice (found in common.php) you are noting your acceptance of this. Do not ask support questions of any kind for this release at either area51.phpbb.com or www.phpbb.com. Support for this version will appear when the beta cycle begins'); /** */ @@ -26,6 +26,59 @@ $starttime = $starttime[1] + $starttime[0]; error_reporting(E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables //error_reporting(E_ALL); +/** +* Remove variables created by register_globals from the global scope +* Thanks to Matt Kavanagh +*/ +function deregister_globals() +{ + $not_unset = array( + 'GLOBALS' => true, + '_GET' => true, + '_POST' => true, + '_COOKIE' => true, + '_REQUEST' => true, + '_SERVER' => true, + '_SESSION' => true, + '_ENV' => true, + '_FILES' => true, + 'phpEx' => true, + 'phpbb_root_path' => true); + + // Not only will array_merge and array_keys give a warning if + // a parameter is not an array, array_merge will actually fail. + // So we check if _SESSION has been initialised. + if (!isset($_SESSION) || !is_array($_SESSION)) + { + $_SESSION = array(); + } + + // Merge all into one extremely huge array; unset + // this later + $input = array_merge( + array_keys($_GET), + array_keys($_POST), + array_keys($_COOKIE), + array_keys($_SERVER), + array_keys($_SESSION), + array_keys($_ENV), + array_keys($_FILES) + ); + + foreach ($input as $varname) + { + if (isset($not_unset[$varname])) + { + // Hacking attempt. No point in continuing. + exit; + } + + unset($GLOBALS[$varname]); + } + + unset($input); +} + // If we are on PHP >= 6.0.0 we do not need some code if (version_compare(phpversion(), '6.0.0', '>=')) { @@ -35,44 +88,10 @@ else { set_magic_quotes_runtime(0); - // Protect against GLOBALS tricks - if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) - { - exit; - } - - // Protect against _SESSION tricks - if (isset($_SESSION) && !is_array($_SESSION)) - { - exit; - } - // Be paranoid with passed vars if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { - $not_unset = array('_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_SESSION', '_ENV', '_FILES', 'phpEx', 'phpbb_root_path'); - - // Not only will array_merge give a warning if a parameter - // is not an array, it will actually fail. So we check if - // _SESSION has been initialised. - if (!isset($_SESSION) || !is_array($_SESSION)) - { - $_SESSION = array(); - } - - // Merge all into one extremely huge array; unset - // this later - $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_SESSION, $_ENV, $_FILES); - - foreach ($input as $varname => $void) - { - if (!in_array($varname, $not_unset)) - { - unset(${$varname}); - } - } - - unset($input); + deregister_globals(); } define('STRIP', (get_magic_quotes_gpc()) ? true : false);