holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

some code to make register_globals On installs safer, we might commit that after a test-periode to 1.2 too

Browse Source
This commit is contained in:
Ralf Becker 2006-10-03 15:16:42 +00:00
parent 4e86a27a98
commit 4c1d7489fe
2 changed files with 34 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
phpgwapi/inc/common_functions.inc.php
View File

@ -663,7 +663,7 @@
{ {
list($appname,$classname) = explode('.',$class); list($appname,$classname) = explode('.',$class);
include_once($file=EGW_INCLUDE_ROOT.'/'.$appname.'/inc/class.'.$classname.'.inc.php'); include_once(EGW_INCLUDE_ROOT.'/'.$appname.'/inc/class.'.$classname.'.inc.php');
if (class_exists($classname)) if (class_exists($classname))
{ {
@ -937,30 +937,15 @@
*/ */
function _debug_array($array,$print=True) function _debug_array($array,$print=True)
{ {
$four = False; $output = '<pre>'.print_r($array,true)."</pre>\n";
if(@floor(phpversion()) > 3)
if ($print)
{ {
$four = True; echo $output;
}
if($four)
{
if(!$print)
{
ob_start();
}
echo '<pre>';
print_r($array);
echo '</pre>';
if(!$print)
{
$v = ob_get_contents();
ob_end_clean();
return $v;
}
} }
else else
{ {
return print_r($array,False,$print); return $output;
} }
} }
@ -1232,6 +1217,32 @@
} }
//if (is_array($GLOBALS['egw_unset_vars'])) { echo "egw_unset_vars=<pre>".htmlspecialchars(print_r($GLOBALS['egw_unset_vars'],true))."</pre>"; exit; } //if (is_array($GLOBALS['egw_unset_vars'])) { echo "egw_unset_vars=<pre>".htmlspecialchars(print_r($GLOBALS['egw_unset_vars'],true))."</pre>"; exit; }
// neutralises register_globals On, which is not used by eGW
// some code from the hardend php project: http://www.hardened-php.net/articles/PHPUG-PHP-Sicherheit-Parametermanipulationen.pdf
if (ini_get('register_globals'))
{
function unregister_globals()
{
// protect against GLOBALS overwrite or setting egw_info
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_REQUEST['egw_info']) || isset($_FILES['egw_info']))
{
die('GLOBALS overwrite detected!!!');
}
// unregister all globals
$noUnset = array('GLOBALS','_GET','_POST','_COOKIE','_SERVER','_ENV','_FILES','xajax');
foreach(array_unique(array_merge(
array_keys($_GET),array_keys($_POST),array_keys($_COOKIE),array_keys($_SERVER),array_keys($_ENV),array_keys($_FILES),
isset($_SESSION) && is_array($_SESSION) ? array_keys($_SESSION) : array())) as $k)
{
if (!in_array($k,$noUnset) && isset($GLOBALS[$k]))
{
unset($GLOBALS[$k]);
}
}
}
unregister_globals();
}
if(floor(phpversion()) <= 4) if(floor(phpversion()) <= 4)
{ {
/** /**

4
phpgwapi/inc/functions.inc.php
View File

@ -47,6 +47,8 @@
echo '!!! PLEASE CORRECT THIS SITUATION !!!</b></p>'; echo '!!! PLEASE CORRECT THIS SITUATION !!!</b></p>';
} }
include(EGW_API_INC.'/common_functions.inc.php');
// check if we can restore the eGW enviroment from the php-session // check if we can restore the eGW enviroment from the php-session
if ($GLOBALS['egw_info']['server']['sessions_type'] == 'php4-restore' && $_REQUEST['sessionid']) if ($GLOBALS['egw_info']['server']['sessions_type'] == 'php4-restore' && $_REQUEST['sessionid'])
{ {
@ -89,8 +91,6 @@
unset($_SESSION['egw_object_cache']); unset($_SESSION['egw_object_cache']);
} }
} }
include(EGW_API_INC.'/common_functions.inc.php');
print_debug('sane environment','messageonly','api'); print_debug('sane environment','messageonly','api');
/****************************************************************************\ /****************************************************************************\