diff --git a/phpgwapi/inc/common_functions.inc.php b/phpgwapi/inc/common_functions.inc.php index 0bae1374b2..af59fe09ee 100755 --- a/phpgwapi/inc/common_functions.inc.php +++ b/phpgwapi/inc/common_functions.inc.php @@ -663,7 +663,7 @@ { list($appname,$classname) = explode('.',$class); - include_once($file=EGW_INCLUDE_ROOT.'/'.$appname.'/inc/class.'.$classname.'.inc.php'); + include_once(EGW_INCLUDE_ROOT.'/'.$appname.'/inc/class.'.$classname.'.inc.php'); if (class_exists($classname)) { @@ -937,30 +937,15 @@ */ function _debug_array($array,$print=True) { - $four = False; - if(@floor(phpversion()) > 3) + $output = '
'.print_r($array,true)."\n"; + + if ($print) { - $four = True; - } - if($four) - { - if(!$print) - { - ob_start(); - } - echo '
'; - print_r($array); - echo ''; - if(!$print) - { - $v = ob_get_contents(); - ob_end_clean(); - return $v; - } + echo $output; } else { - return print_r($array,False,$print); + return $output; } } @@ -1232,6 +1217,32 @@ } //if (is_array($GLOBALS['egw_unset_vars'])) { echo "egw_unset_vars=
".htmlspecialchars(print_r($GLOBALS['egw_unset_vars'],true)).""; exit; } + // neutralises register_globals On, which is not used by eGW + // some code from the hardend php project: http://www.hardened-php.net/articles/PHPUG-PHP-Sicherheit-Parametermanipulationen.pdf + if (ini_get('register_globals')) + { + function unregister_globals() + { + // protect against GLOBALS overwrite or setting egw_info + if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_REQUEST['egw_info']) || isset($_FILES['egw_info'])) + { + die('GLOBALS overwrite detected!!!'); + } + // unregister all globals + $noUnset = array('GLOBALS','_GET','_POST','_COOKIE','_SERVER','_ENV','_FILES','xajax'); + foreach(array_unique(array_merge( + array_keys($_GET),array_keys($_POST),array_keys($_COOKIE),array_keys($_SERVER),array_keys($_ENV),array_keys($_FILES), + isset($_SESSION) && is_array($_SESSION) ? array_keys($_SESSION) : array())) as $k) + { + if (!in_array($k,$noUnset) && isset($GLOBALS[$k])) + { + unset($GLOBALS[$k]); + } + } + } + unregister_globals(); + } + if(floor(phpversion()) <= 4) { /** diff --git a/phpgwapi/inc/functions.inc.php b/phpgwapi/inc/functions.inc.php index e04e656ca2..c74d0c540d 100644 --- a/phpgwapi/inc/functions.inc.php +++ b/phpgwapi/inc/functions.inc.php @@ -47,6 +47,8 @@ echo '!!! PLEASE CORRECT THIS SITUATION !!!'; } + include(EGW_API_INC.'/common_functions.inc.php'); + // check if we can restore the eGW enviroment from the php-session if ($GLOBALS['egw_info']['server']['sessions_type'] == 'php4-restore' && $_REQUEST['sessionid']) { @@ -89,8 +91,6 @@ unset($_SESSION['egw_object_cache']); } } - include(EGW_API_INC.'/common_functions.inc.php'); - print_debug('sane environment','messageonly','api'); /****************************************************************************\