We use cookies to ensure you get the best experience on our website
Startsida Utforska Hjälp
Registrera dig Logga in
0ct0pu5
/
squirrelmail
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Bläddra i källkod

code could be triggered to unset variables that are used in foreach or
unset call. PHP 5.2.0 does not handle it gracefully.

tokul 19 år sedan
förälder
64f2516fab
incheckning
070768ad60
1 ändrade filer med 33 tillägg och 30 borttagningar
Unifierad Vy Visa Diff Statistik
  1. 33 30
      include/init.php

+ 33 - 30
include/init.php
Visa fil 

@@ -20,42 +20,45 @@ error_reporting(E_ALL);
 
 
 
 /**
 
 /**
 
  * If register_globals are on, unregister globals.
 
  * If register_globals are on, unregister globals.
 
- * Code requires PHP 4.1.0 or newer.
 
  * Second test covers boolean set as string (php_value register_globals off).
 
  * Second test covers boolean set as string (php_value register_globals off).
 
  */
 
  */
 
-if ((bool) @ini_get('register_globals') &&
 
+if ((bool) ini_get('register_globals') &&
 
     strtolower(ini_get('register_globals'))!='off') {
 
     strtolower(ini_get('register_globals'))!='off') {
 
     /**
 
     /**
 
-     * Remove all globals from $_GET, $_POST, and $_COOKIE.
 
-     */
 
-    foreach ($_REQUEST as $key => $value) {
 
-        unset($GLOBALS[$key]);
 
-    }
 
-    /**
 
-     * Remove globalized $_FILES variables
 
-     * Before 4.3.0 $_FILES are included in $_REQUEST.
 
-     * Unglobalize them in separate call in order to remove dependency
 
-     * on PHP version.
 
+     * Remove all globals that are not reserved by PHP
 
+     * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
 
      */
 
      */
 
-    foreach ($_FILES as $key => $value) {
 
-        unset($GLOBALS[$key]);
 
-        // there are three undocumented $_FILES globals.
 
-        unset($GLOBALS[$key.'_type']);
 
-        unset($GLOBALS[$key.'_name']);
 
-        unset($GLOBALS[$key.'_size']);
 
-    }
 
-    /**
 
-     * Remove globalized environment variables.
 
-     */
 
-    foreach ($_ENV as $key => $value) {
 
-        unset($GLOBALS[$key]);
 
-    }
 
-    /**
 
-     * Remove globalized server variables.
 
-     */
 
-    foreach ($_SERVER as $key => $value) {
 
-        unset($GLOBALS[$key]);
 
+    foreach ($GLOBALS as $key => $value) {
 
+        switch($key) {
 
+        case 'HTTP_POST_VARS':
 
+        case '_POST':
 
+        case 'HTTP_GET_VARS':
 
+        case '_GET':
 
+        case 'HTTP_COOKIE_VARS':
 
+        case '_COOKIE':
 
+        case 'HTTP_SERVER_VARS':
 
+        case '_SERVER':
 
+        case 'HTTP_ENV_VARS':
 
+        case '_ENV':
 
+        case 'HTTP_POST_FILES':
 
+        case '_FILES':
 
+        case '_REQUEST':
 
+        case 'HTTP_SESSION_VARS':
 
+        case '_SESSION':
 
+        case 'GLOBALS':
 
+        case 'key':
 
+        case 'value':
 
+            break;
 
+        case 'sInitLocation':
 
+            // FIXME: variable must be set only in src/login.php
 
+            break;
 
+        default:
 
+            unset($GLOBALS[$key]);
 
+        }
 
     }
 
     }
 
+    // Unset variables used in foreach
 
+    unset($GLOBALS['key']);
 
+    unset($GLOBALS['value']);
 
 }
 
 }
 
 
 
 /**
 
 /**

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5