|
|
@@ -32,6 +32,45 @@ $SQM_INTERNAL_VERSION = array(1,5,2);
|
|
|
error_reporting(E_ALL);
|
|
|
|
|
|
|
|
|
+/**
|
|
|
+ * If register_globals are on, unregister globals.
|
|
|
+ * Code requires PHP 4.1.0 or newer.
|
|
|
+ */
|
|
|
+if ((bool) @ini_get('register_globals')) {
|
|
|
+ /**
|
|
|
+ * Remove all globals from $_GET, $_POST, and $_COOKIE.
|
|
|
+ */
|
|
|
+ foreach ($_REQUEST as $key => $value) {
|
|
|
+ unset($GLOBALS[$key]);
|
|
|
+ }
|
|
|
+ /**
|
|
|
+ * Remove globalized $_FILES variables
|
|
|
+ * Before 4.3.0 $_FILES are included in $_REQUEST.
|
|
|
+ * Unglobalize them in separate call in order to remove dependency
|
|
|
+ * on PHP version.
|
|
|
+ */
|
|
|
+ foreach ($_FILES as $key => $value) {
|
|
|
+ unset($GLOBALS[$key]);
|
|
|
+ // there are three undocumented $_FILES globals.
|
|
|
+ unset($GLOBALS[$key.'_type']);
|
|
|
+ unset($GLOBALS[$key.'_name']);
|
|
|
+ unset($GLOBALS[$key.'_size']);
|
|
|
+ }
|
|
|
+ /**
|
|
|
+ * Remove globalized environment variables.
|
|
|
+ */
|
|
|
+ foreach ($_ENV as $key => $value) {
|
|
|
+ unset($GLOBALS[$key]);
|
|
|
+ }
|
|
|
+ /**
|
|
|
+ * Remove globalized server variables.
|
|
|
+ */
|
|
|
+ foreach ($_SERVER as $key => $value) {
|
|
|
+ unset($GLOBALS[$key]);
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
/**
|
|
|
* calculate SM_PATH and calculate the base_uri
|
|
|
* assumptions made: init.php is only called from plugins or from the src dir.
|
|
|
@@ -53,10 +92,8 @@ for($i = count($a) -2;$i > -1; --$i) {
|
|
|
|
|
|
$base_uri = implode('/',array_slice($a,0,$i)). '/';
|
|
|
|
|
|
-
|
|
|
-
|
|
|
define('SM_PATH',$sSM_PATH);
|
|
|
-
|
|
|
+define('SM_BASE_URI', $base_uri);
|
|
|
/**
|
|
|
* global var $bInit is used to check if initialisation took place.
|
|
|
* At this moment it's a workarounf for the include of addrbook_search_html
|
|
|
@@ -88,43 +125,6 @@ if (get_magic_quotes_gpc()) {
|
|
|
sqstripslashes($_POST);
|
|
|
}
|
|
|
|
|
|
-/**
|
|
|
- * If register_globals are on, unregister globals.
|
|
|
- * Code requires PHP 4.1.0 or newer.
|
|
|
- */
|
|
|
-if ((bool) @ini_get('register_globals')) {
|
|
|
- /**
|
|
|
- * Remove all globals from $_GET, $_POST, and $_COOKIE.
|
|
|
- */
|
|
|
- foreach ($_REQUEST as $key => $value) {
|
|
|
- unset($GLOBALS[$key]);
|
|
|
- }
|
|
|
- /**
|
|
|
- * Remove globalized $_FILES variables
|
|
|
- * Before 4.3.0 $_FILES are included in $_REQUEST.
|
|
|
- * Unglobalize them in separate call in order to remove dependency
|
|
|
- * on PHP version.
|
|
|
- */
|
|
|
- foreach ($_FILES as $key => $value) {
|
|
|
- unset($GLOBALS[$key]);
|
|
|
- // there are three undocumented $_FILES globals.
|
|
|
- unset($GLOBALS[$key.'_type']);
|
|
|
- unset($GLOBALS[$key.'_name']);
|
|
|
- unset($GLOBALS[$key.'_size']);
|
|
|
- }
|
|
|
- /**
|
|
|
- * Remove globalized environment variables.
|
|
|
- */
|
|
|
- foreach ($_ENV as $key => $value) {
|
|
|
- unset($GLOBALS[$key]);
|
|
|
- }
|
|
|
- /**
|
|
|
- * Remove globalized server variables.
|
|
|
- */
|
|
|
- foreach ($_SERVER as $key => $value) {
|
|
|
- unset($GLOBALS[$key]);
|
|
|
- }
|
|
|
-}
|
|
|
|
|
|
/* strip any tags added to the url from PHP_SELF.
|
|
|
This fixes hand crafted url XXS expoits for any
|
|
|
@@ -150,8 +150,6 @@ ini_set('session.name' , $session_name);
|
|
|
session_set_cookie_params (0, $base_uri);
|
|
|
sqsession_is_active();
|
|
|
|
|
|
-sqsession_register($base_uri, 'base_uri');
|
|
|
-
|
|
|
/**
|
|
|
* Remove globalized session data in rg=on setups
|
|
|
*/
|
|
|
@@ -160,6 +158,9 @@ if ((bool) @ini_get('register_globals')) {
|
|
|
unset($GLOBALS[$key]);
|
|
|
}
|
|
|
}
|
|
|
+
|
|
|
+sqsession_register($base_uri, SM_BASE_URI);
|
|
|
+
|
|
|
/**
|
|
|
* Retrieve the language cookie
|
|
|
*/
|
stekkel