'[SM-CVS] CVS: squirrelmail/include init.php,1.13,1.14'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] CVS: squirrelmail/include init.php,1.13,1.14
From:       Tomas Kuliavas <tokul () users ! sourceforge ! net>
Date:       2006-07-26 6:39:04
Message-ID: E1G5d2u-0006Tg-9y () sc8-pr-cvs8 ! sourceforge ! net
[Download RAW message or body]

Update of /cvsroot/squirrelmail/squirrelmail/include
In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv24380

Modified Files:
	init.php 
Log Message:
code could be triggered to unset variables that are used in foreach or 
unset call. PHP 5.2.0 does not handle it gracefully.


Index: init.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/include/init.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -w -r1.13 -r1.14
--- init.php	24 Jul 2006 19:20:24 -0000	1.13
+++ init.php	26 Jul 2006 06:39:01 -0000	1.14
@@ -20,42 +20,45 @@
 
 /**
  * If register_globals are on, unregister globals.
- * Code requires PHP 4.1.0 or newer.
  * Second test covers boolean set as string (php_value register_globals off).
  */
-if ((bool) @ini_get('register_globals') &&
+if ((bool) ini_get('register_globals') &&
     strtolower(ini_get('register_globals'))!='off') {
     /**
-     * Remove all globals from $_GET, $_POST, and $_COOKIE.
-     */
-    foreach ($_REQUEST as $key => $value) {
-        unset($GLOBALS[$key]);
-    }
-    /**
-     * Remove globalized $_FILES variables
-     * Before 4.3.0 $_FILES are included in $_REQUEST.
-     * Unglobalize them in separate call in order to remove dependency
-     * on PHP version.
+     * Remove all globals that are not reserved by PHP
+     * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
      */
-    foreach ($_FILES as $key => $value) {
-        unset($GLOBALS[$key]);
-        // there are three undocumented $_FILES globals.
-        unset($GLOBALS[$key.'_type']);
-        unset($GLOBALS[$key.'_name']);
-        unset($GLOBALS[$key.'_size']);
-    }
-    /**
-     * Remove globalized environment variables.
-     */
-    foreach ($_ENV as $key => $value) {
+    foreach ($GLOBALS as $key => $value) {
+        switch($key) {
+        case 'HTTP_POST_VARS':
+        case '_POST':
+        case 'HTTP_GET_VARS':
+        case '_GET':
+        case 'HTTP_COOKIE_VARS':
+        case '_COOKIE':
+        case 'HTTP_SERVER_VARS':
+        case '_SERVER':
+        case 'HTTP_ENV_VARS':
+        case '_ENV':
+        case 'HTTP_POST_FILES':
+        case '_FILES':
+        case '_REQUEST':
+        case 'HTTP_SESSION_VARS':
+        case '_SESSION':
+        case 'GLOBALS':
+        case 'key':
+        case 'value':
+            break;
+        case 'sInitLocation':
+            // FIXME: variable must be set only in src/login.php
+            break;
+        default:
         unset($GLOBALS[$key]);
     }
-    /**
-     * Remove globalized server variables.
-     */
-    foreach ($_SERVER as $key => $value) {
-        unset($GLOBALS[$key]);
     }
+    // Unset variables used in foreach
+    unset($GLOBALS['key']);
+    unset($GLOBALS['value']);
 }
 
 /**


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic