Commit 3e8d4ff226cfa539d8a51f8f03d08564c090f22e
1 parent
6c9d48c1
Recover somewhat gracefully if people insist on turning on
register_globals and magic_quotes_gpc. Remove request parameters from global scope, and if they're quoted by magic_quotes_gpc, dequote them. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@3006 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
62 additions
and
10 deletions
config/dmsDefaults.php
| ... | ... | @@ -12,20 +12,23 @@ |
| 12 | 12 | * it under the terms of the GNU General Public License as published by |
| 13 | 13 | * the Free Software Foundation; either version 2 of the License, or |
| 14 | 14 | * (at your option) any later version. |
| 15 | - * | |
| 15 | + * | |
| 16 | 16 | * This program is distributed in the hope that it will be useful, |
| 17 | 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 18 | 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 19 | 19 | * GNU General Public License for more details. |
| 20 | - * | |
| 20 | + * | |
| 21 | 21 | * You should have received a copy of the GNU General Public License |
| 22 | 22 | * along with this program; if not, write to the Free Software |
| 23 | 23 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| 24 | - */ | |
| 24 | + */ | |
| 25 | 25 | |
| 26 | +// Default settings differ, we need some of these, so force the matter. | |
| 27 | +// Can be overridden here if actually necessary. | |
| 26 | 28 | error_reporting(E_ALL & ~E_NOTICE); |
| 27 | 29 | ini_set('display_errors', '1'); |
| 28 | 30 | ini_set('display_startup_errors', '1'); |
| 31 | +ini_set('magic_quotes_runtime', '0'); | |
| 29 | 32 | |
| 30 | 33 | // If not defined, set KT_DIR based on my usual location in the tree |
| 31 | 34 | if (!defined('KT_DIR')) { |
| ... | ... | @@ -71,18 +74,18 @@ class KTInit { |
| 71 | 74 | function setupI18n () { |
| 72 | 75 | global $default; |
| 73 | 76 | if (in_array("gettext", get_loaded_extensions()) && function_exists('gettext') && function_exists('_')) { |
| 74 | - require_once("$default->fileSystemRoot/lib/i18n/languageFunctions.inc"); | |
| 75 | - require_once("$default->fileSystemRoot/lib/i18n/accept-to-gettext.inc"); | |
| 77 | + require_once("$default->fileSystemRoot/lib/i18n/languageFunctions.inc"); | |
| 78 | + require_once("$default->fileSystemRoot/lib/i18n/accept-to-gettext.inc"); | |
| 76 | 79 | if ($default->useAcceptLanguageHeader) { |
| 77 | 80 | $aInstalledLocales = getInstalledLocales(); |
| 78 | 81 | $sLocale=al2gt($aInstalledLocales, 'text/html'); |
| 79 | 82 | $default->defaultLanguage = $sLocale; |
| 80 | - } | |
| 81 | - putenv('LANG=' . $default->defaultLanguage); | |
| 83 | + } | |
| 84 | + putenv('LANG=' . $default->defaultLanguage); | |
| 82 | 85 | setlocale(LC_ALL, $default->defaultLanguage); |
| 83 | 86 | // Set the text domain |
| 84 | 87 | $sDomain = 'knowledgeTree'; |
| 85 | - bindtextdomain($sDomain, $default->fileSystemRoot . "/i18n"); | |
| 88 | + bindtextdomain($sDomain, $default->fileSystemRoot . "/i18n"); | |
| 86 | 89 | textdomain($sDomain); |
| 87 | 90 | } else { |
| 88 | 91 | $default->log->info("Gettext not installed, i18n disabled."); |
| ... | ... | @@ -93,6 +96,50 @@ class KTInit { |
| 93 | 96 | } |
| 94 | 97 | } |
| 95 | 98 | // }}} |
| 99 | + | |
| 100 | + | |
| 101 | + // {{{ cleanGlobals() | |
| 102 | + function cleanGlobals () { | |
| 103 | + /* | |
| 104 | + * Borrowed from TikiWiki | |
| 105 | + * | |
| 106 | + * Copyright (c) 2002-2004, Luis Argerich, Garland Foster, | |
| 107 | + * Eduardo Polidor, et. al. | |
| 108 | + */ | |
| 109 | + if (ini_get('register_globals')) { | |
| 110 | + foreach (array($_ENV, $_GET, $_POST, $_COOKIE, $_SERVER) as $superglob) { | |
| 111 | + foreach ($superglob as $key => $val) { | |
| 112 | + if (isset($GLOBALS[$key]) && $GLOBALS[$key] == $val) { | |
| 113 | + unset($GLOBALS[$key]); | |
| 114 | + } | |
| 115 | + } | |
| 116 | + } | |
| 117 | + } | |
| 118 | + } | |
| 119 | + // }}} | |
| 120 | + | |
| 121 | + // {{{ cleanMagicQuotesItem() | |
| 122 | + function cleanMagicQuotesItem (&$var) { | |
| 123 | + if (is_array($var)) { | |
| 124 | + foreach ($var as $key => $val) { | |
| 125 | + KTInit::cleanMagicQuotesItem($var[$key]); | |
| 126 | + } | |
| 127 | + } else { | |
| 128 | + $var = stripslashes($var); | |
| 129 | + } | |
| 130 | + } | |
| 131 | + // }}} | |
| 132 | + | |
| 133 | + // {{{ cleanMagicQuotes() | |
| 134 | + function cleanMagicQuotes () { | |
| 135 | + if (get_magic_quotes_gpc()) { | |
| 136 | + KTInit::cleanMagicQuotesItem($_GET); | |
| 137 | + KTInit::cleanMagicQuotesItem($_POST); | |
| 138 | + KTInit::cleanMagicQuotesItem($_REQUEST); | |
| 139 | + KTInit::cleanMagicQuotesItem($_COOKIE); | |
| 140 | + } | |
| 141 | + } | |
| 142 | + // }}} | |
| 96 | 143 | } |
| 97 | 144 | // }}} |
| 98 | 145 | |
| ... | ... | @@ -113,6 +160,9 @@ KTInit::setupLogging(); |
| 113 | 160 | |
| 114 | 161 | KTInit::setupI18n(); |
| 115 | 162 | |
| 163 | +KTInit::cleanGlobals(); | |
| 164 | +KTInit::cleanMagicQuotes(); | |
| 165 | + | |
| 116 | 166 | // site map definition |
| 117 | 167 | include("siteMap.inc"); |
| 118 | 168 | |
| ... | ... | @@ -123,6 +173,8 @@ require_once(KT_DIR . '/presentation/Html.inc'); |
| 123 | 173 | // browser settings |
| 124 | 174 | require_once(KT_DIR . '/phpSniff/phpSniff.class.php'); |
| 125 | 175 | require_once('browsers.inc'); |
| 126 | -// import request variables and setup language | |
| 127 | -require_once(KT_LIB_DIR . '/dms.inc'); | |
| 176 | + | |
| 177 | +// Give everyone access to KTUtil utility functions | |
| 178 | +require_once(KT_LIB_DIR . '/util/ktutil.inc'); | |
| 179 | + | |
| 128 | 180 | ?> | ... | ... |