Do not use $HTTP_*_VARS arrays anymore.

2003-11-19 11:07:23 +00:00
parent 048d4ce7fd
commit 197b293e7d
2 changed files with 3 additions and 19 deletions
--- a/3
+++ b/3
@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 2003-11-19 Alexander M. Turek  <rabus@users.sourceforge.net>
    * libraries/grab_globals.lib.php3: Do not use $HTTP_*_VARS arrays anymore.
 2003-11-18 Alexander M. Turek  <rabus@users.sourceforge.net>
    * libraries/common.lib.php: Recognizing new 2.x config.inc.php revisions.
--- a/libraries/grab_globals.lib.php
+++ b/libraries/grab_globals.lib.php
@@ -38,14 +38,10 @@ if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
    if (!empty($_GET)) {
        PMA_gpc_extract($_GET, $GLOBALS);
    } else if (!empty($HTTP_GET_VARS)) {
        PMA_gpc_extract($HTTP_GET_VARS, $GLOBALS);
    } // end if
    if (!empty($_POST)) {
        PMA_gpc_extract($_POST, $GLOBALS);
    } else if (!empty($HTTP_POST_VARS)) {
        PMA_gpc_extract($HTTP_POST_VARS, $GLOBALS);
    } // end if
    if (!empty($_FILES)) {
@@ -53,11 +49,6 @@ if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
            $$name = $value['tmp_name'];
            ${$name . '_name'} = $value['name'];
        }
    } else if (!empty($HTTP_POST_FILES)) {
        while (list($name, $value) = each($HTTP_POST_FILES)) {
            $$name = $value['tmp_name'];
            ${$name . '_name'} = $value['name'];
        }
    } // end if
    if (!empty($_SERVER)) {
@@ -70,16 +61,6 @@ if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
        if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
            $HTTP_AUTHORIZATION = $_SERVER['HTTP_AUTHORIZATION'];
        }
    } else if (!empty($HTTP_SERVER_VARS)) {
        if (isset($HTTP_SERVER_VARS['PHP_SELF'])) {
            $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
        }
        if (isset($HTTP_SERVER_VARS['HTTP_ACCEPT_LANGUAGE'])) {
            $HTTP_ACCEPT_LANGUAGE = $HTTP_SERVER_VARS['HTTP_ACCEPT_LANGUAGE'];
        }
        if (isset($HTTP_SERVER_VARS['HTTP_AUTHORIZATION'])) {
            $HTTP_AUTHORIZATION = $HTTP_SERVER_VARS['HTTP_AUTHORIZATION'];
        }
    } // end if
    // Security fix: disallow accessing serious server files via "?goto="