Commit 3e8d4ff226cfa539d8a51f8f03d08564c090f22e
1 parent
6c9d48c1
Recover somewhat gracefully if people insist on turning on
register_globals and magic_quotes_gpc. Remove request parameters from global scope, and if they're quoted by magic_quotes_gpc, dequote them. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@3006 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
62 additions
and
10 deletions
config/dmsDefaults.php
| @@ -12,20 +12,23 @@ | @@ -12,20 +12,23 @@ | ||
| 12 | * it under the terms of the GNU General Public License as published by | 12 | * it under the terms of the GNU General Public License as published by |
| 13 | * the Free Software Foundation; either version 2 of the License, or | 13 | * the Free Software Foundation; either version 2 of the License, or |
| 14 | * (at your option) any later version. | 14 | * (at your option) any later version. |
| 15 | - * | 15 | + * |
| 16 | * This program is distributed in the hope that it will be useful, | 16 | * This program is distributed in the hope that it will be useful, |
| 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 19 | * GNU General Public License for more details. | 19 | * GNU General Public License for more details. |
| 20 | - * | 20 | + * |
| 21 | * You should have received a copy of the GNU General Public License | 21 | * You should have received a copy of the GNU General Public License |
| 22 | * along with this program; if not, write to the Free Software | 22 | * along with this program; if not, write to the Free Software |
| 23 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | 23 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| 24 | - */ | 24 | + */ |
| 25 | 25 | ||
| 26 | +// Default settings differ, we need some of these, so force the matter. | ||
| 27 | +// Can be overridden here if actually necessary. | ||
| 26 | error_reporting(E_ALL & ~E_NOTICE); | 28 | error_reporting(E_ALL & ~E_NOTICE); |
| 27 | ini_set('display_errors', '1'); | 29 | ini_set('display_errors', '1'); |
| 28 | ini_set('display_startup_errors', '1'); | 30 | ini_set('display_startup_errors', '1'); |
| 31 | +ini_set('magic_quotes_runtime', '0'); | ||
| 29 | 32 | ||
| 30 | // If not defined, set KT_DIR based on my usual location in the tree | 33 | // If not defined, set KT_DIR based on my usual location in the tree |
| 31 | if (!defined('KT_DIR')) { | 34 | if (!defined('KT_DIR')) { |
| @@ -71,18 +74,18 @@ class KTInit { | @@ -71,18 +74,18 @@ class KTInit { | ||
| 71 | function setupI18n () { | 74 | function setupI18n () { |
| 72 | global $default; | 75 | global $default; |
| 73 | if (in_array("gettext", get_loaded_extensions()) && function_exists('gettext') && function_exists('_')) { | 76 | if (in_array("gettext", get_loaded_extensions()) && function_exists('gettext') && function_exists('_')) { |
| 74 | - require_once("$default->fileSystemRoot/lib/i18n/languageFunctions.inc"); | ||
| 75 | - require_once("$default->fileSystemRoot/lib/i18n/accept-to-gettext.inc"); | 77 | + require_once("$default->fileSystemRoot/lib/i18n/languageFunctions.inc"); |
| 78 | + require_once("$default->fileSystemRoot/lib/i18n/accept-to-gettext.inc"); | ||
| 76 | if ($default->useAcceptLanguageHeader) { | 79 | if ($default->useAcceptLanguageHeader) { |
| 77 | $aInstalledLocales = getInstalledLocales(); | 80 | $aInstalledLocales = getInstalledLocales(); |
| 78 | $sLocale=al2gt($aInstalledLocales, 'text/html'); | 81 | $sLocale=al2gt($aInstalledLocales, 'text/html'); |
| 79 | $default->defaultLanguage = $sLocale; | 82 | $default->defaultLanguage = $sLocale; |
| 80 | - } | ||
| 81 | - putenv('LANG=' . $default->defaultLanguage); | 83 | + } |
| 84 | + putenv('LANG=' . $default->defaultLanguage); | ||
| 82 | setlocale(LC_ALL, $default->defaultLanguage); | 85 | setlocale(LC_ALL, $default->defaultLanguage); |
| 83 | // Set the text domain | 86 | // Set the text domain |
| 84 | $sDomain = 'knowledgeTree'; | 87 | $sDomain = 'knowledgeTree'; |
| 85 | - bindtextdomain($sDomain, $default->fileSystemRoot . "/i18n"); | 88 | + bindtextdomain($sDomain, $default->fileSystemRoot . "/i18n"); |
| 86 | textdomain($sDomain); | 89 | textdomain($sDomain); |
| 87 | } else { | 90 | } else { |
| 88 | $default->log->info("Gettext not installed, i18n disabled."); | 91 | $default->log->info("Gettext not installed, i18n disabled."); |
| @@ -93,6 +96,50 @@ class KTInit { | @@ -93,6 +96,50 @@ class KTInit { | ||
| 93 | } | 96 | } |
| 94 | } | 97 | } |
| 95 | // }}} | 98 | // }}} |
| 99 | + | ||
| 100 | + | ||
| 101 | + // {{{ cleanGlobals() | ||
| 102 | + function cleanGlobals () { | ||
| 103 | + /* | ||
| 104 | + * Borrowed from TikiWiki | ||
| 105 | + * | ||
| 106 | + * Copyright (c) 2002-2004, Luis Argerich, Garland Foster, | ||
| 107 | + * Eduardo Polidor, et. al. | ||
| 108 | + */ | ||
| 109 | + if (ini_get('register_globals')) { | ||
| 110 | + foreach (array($_ENV, $_GET, $_POST, $_COOKIE, $_SERVER) as $superglob) { | ||
| 111 | + foreach ($superglob as $key => $val) { | ||
| 112 | + if (isset($GLOBALS[$key]) && $GLOBALS[$key] == $val) { | ||
| 113 | + unset($GLOBALS[$key]); | ||
| 114 | + } | ||
| 115 | + } | ||
| 116 | + } | ||
| 117 | + } | ||
| 118 | + } | ||
| 119 | + // }}} | ||
| 120 | + | ||
| 121 | + // {{{ cleanMagicQuotesItem() | ||
| 122 | + function cleanMagicQuotesItem (&$var) { | ||
| 123 | + if (is_array($var)) { | ||
| 124 | + foreach ($var as $key => $val) { | ||
| 125 | + KTInit::cleanMagicQuotesItem($var[$key]); | ||
| 126 | + } | ||
| 127 | + } else { | ||
| 128 | + $var = stripslashes($var); | ||
| 129 | + } | ||
| 130 | + } | ||
| 131 | + // }}} | ||
| 132 | + | ||
| 133 | + // {{{ cleanMagicQuotes() | ||
| 134 | + function cleanMagicQuotes () { | ||
| 135 | + if (get_magic_quotes_gpc()) { | ||
| 136 | + KTInit::cleanMagicQuotesItem($_GET); | ||
| 137 | + KTInit::cleanMagicQuotesItem($_POST); | ||
| 138 | + KTInit::cleanMagicQuotesItem($_REQUEST); | ||
| 139 | + KTInit::cleanMagicQuotesItem($_COOKIE); | ||
| 140 | + } | ||
| 141 | + } | ||
| 142 | + // }}} | ||
| 96 | } | 143 | } |
| 97 | // }}} | 144 | // }}} |
| 98 | 145 | ||
| @@ -113,6 +160,9 @@ KTInit::setupLogging(); | @@ -113,6 +160,9 @@ KTInit::setupLogging(); | ||
| 113 | 160 | ||
| 114 | KTInit::setupI18n(); | 161 | KTInit::setupI18n(); |
| 115 | 162 | ||
| 163 | +KTInit::cleanGlobals(); | ||
| 164 | +KTInit::cleanMagicQuotes(); | ||
| 165 | + | ||
| 116 | // site map definition | 166 | // site map definition |
| 117 | include("siteMap.inc"); | 167 | include("siteMap.inc"); |
| 118 | 168 | ||
| @@ -123,6 +173,8 @@ require_once(KT_DIR . '/presentation/Html.inc'); | @@ -123,6 +173,8 @@ require_once(KT_DIR . '/presentation/Html.inc'); | ||
| 123 | // browser settings | 173 | // browser settings |
| 124 | require_once(KT_DIR . '/phpSniff/phpSniff.class.php'); | 174 | require_once(KT_DIR . '/phpSniff/phpSniff.class.php'); |
| 125 | require_once('browsers.inc'); | 175 | require_once('browsers.inc'); |
| 126 | -// import request variables and setup language | ||
| 127 | -require_once(KT_LIB_DIR . '/dms.inc'); | 176 | + |
| 177 | +// Give everyone access to KTUtil utility functions | ||
| 178 | +require_once(KT_LIB_DIR . '/util/ktutil.inc'); | ||
| 179 | + | ||
| 128 | ?> | 180 | ?> |