Created
July 16, 2011 03:24
-
-
Save appleboy/1085966 to your computer and use it in GitHub Desktop.
phpBB3 deregister_globals
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function deregister_globals() | |
{ | |
$not_unset = array( | |
'GLOBALS' => true, | |
'_GET' => true, | |
'_POST' => true, | |
'_COOKIE' => true, | |
'_REQUEST' => true, | |
'_SERVER' => true, | |
'_SESSION' => true, | |
'_ENV' => true, | |
'_FILES' => true, | |
'phpEx' => true, | |
'phpbb_root_path' => true | |
); | |
// Not only will array_merge and array_keys give a warning if | |
// a parameter is not an array, array_merge will actually fail. | |
// So we check if _SESSION has been initialised. | |
if (!isset($_SESSION) || !is_array($_SESSION)) | |
{ | |
$_SESSION = array(); | |
} | |
// Merge all into one extremely huge array; unset this later | |
$input = array_merge( | |
array_keys($_GET), | |
array_keys($_POST), | |
array_keys($_COOKIE), | |
array_keys($_SERVER), | |
array_keys($_SESSION), | |
array_keys($_ENV), | |
array_keys($_FILES) | |
); | |
foreach ($input as $varname) | |
{ | |
if (isset($not_unset[$varname])) | |
{ | |
// Hacking attempt. No point in continuing unless it's a COOKIE | |
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) | |
{ | |
exit; | |
} | |
else | |
{ | |
$cookie = &$_COOKIE; | |
while (isset($cookie['GLOBALS'])) | |
{ | |
foreach ($cookie['GLOBALS'] as $registered_var => $value) | |
{ | |
if (!isset($not_unset[$registered_var])) | |
{ | |
unset($GLOBALS[$registered_var]); | |
} | |
} | |
$cookie = &$cookie['GLOBALS']; | |
} | |
} | |
} | |
unset($GLOBALS[$varname]); | |
} | |
unset($input); | |
} | |
// If we are on PHP >= 6.0.0 we do not need some code | |
if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) | |
{ | |
/** | |
* @ignore | |
*/ | |
define('STRIP', false); | |
} | |
else | |
{ | |
@set_magic_quotes_runtime(0); | |
// Be paranoid with passed vars | |
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) | |
{ | |
deregister_globals(); | |
} | |
define('STRIP', (get_magic_quotes_gpc()) ? true : false); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment