[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] CVS: squirrelmail/include init.php,1.13,1.14
From: Tomas Kuliavas <tokul () users ! sourceforge ! net>
Date: 2006-07-26 6:39:04
Message-ID: E1G5d2u-0006Tg-9y () sc8-pr-cvs8 ! sourceforge ! net
[Download RAW message or body]
Update of /cvsroot/squirrelmail/squirrelmail/include
In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv24380
Modified Files:
init.php
Log Message:
code could be triggered to unset variables that are used in foreach or
unset call. PHP 5.2.0 does not handle it gracefully.
Index: init.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/include/init.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -w -r1.13 -r1.14
--- init.php 24 Jul 2006 19:20:24 -0000 1.13
+++ init.php 26 Jul 2006 06:39:01 -0000 1.14
@@ -20,42 +20,45 @@
/**
* If register_globals are on, unregister globals.
- * Code requires PHP 4.1.0 or newer.
* Second test covers boolean set as string (php_value register_globals off).
*/
-if ((bool) @ini_get('register_globals') &&
+if ((bool) ini_get('register_globals') &&
strtolower(ini_get('register_globals'))!='off') {
/**
- * Remove all globals from $_GET, $_POST, and $_COOKIE.
- */
- foreach ($_REQUEST as $key => $value) {
- unset($GLOBALS[$key]);
- }
- /**
- * Remove globalized $_FILES variables
- * Before 4.3.0 $_FILES are included in $_REQUEST.
- * Unglobalize them in separate call in order to remove dependency
- * on PHP version.
+ * Remove all globals that are not reserved by PHP
+ * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
*/
- foreach ($_FILES as $key => $value) {
- unset($GLOBALS[$key]);
- // there are three undocumented $_FILES globals.
- unset($GLOBALS[$key.'_type']);
- unset($GLOBALS[$key.'_name']);
- unset($GLOBALS[$key.'_size']);
- }
- /**
- * Remove globalized environment variables.
- */
- foreach ($_ENV as $key => $value) {
+ foreach ($GLOBALS as $key => $value) {
+ switch($key) {
+ case 'HTTP_POST_VARS':
+ case '_POST':
+ case 'HTTP_GET_VARS':
+ case '_GET':
+ case 'HTTP_COOKIE_VARS':
+ case '_COOKIE':
+ case 'HTTP_SERVER_VARS':
+ case '_SERVER':
+ case 'HTTP_ENV_VARS':
+ case '_ENV':
+ case 'HTTP_POST_FILES':
+ case '_FILES':
+ case '_REQUEST':
+ case 'HTTP_SESSION_VARS':
+ case '_SESSION':
+ case 'GLOBALS':
+ case 'key':
+ case 'value':
+ break;
+ case 'sInitLocation':
+ // FIXME: variable must be set only in src/login.php
+ break;
+ default:
unset($GLOBALS[$key]);
}
- /**
- * Remove globalized server variables.
- */
- foreach ($_SERVER as $key => $value) {
- unset($GLOBALS[$key]);
}
+ // Unset variables used in foreach
+ unset($GLOBALS['key']);
+ unset($GLOBALS['value']);
}
/**
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic