nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prepare removal of grab_globals

Browse Source
This commit is contained in:
Marc Delisle
2005-12-11 13:06:02 +00:00
parent 7f86d41fa9
commit ee3825013d
2 changed files with 38 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
libraries/common.lib.php
View File

@@ -4,7 +4,7 @@
/** /**
* Misc stuff and functions used by almost all the scripts. * Misc stuff and functions used by almost all the scripts.
* Among other things, it contains the advanced authentification work. * Among other things, it contains the advanced authentication work.
*/ */
/** /**
@@ -2484,6 +2484,43 @@ window.parent.updateTableTitle( '<?php echo $uni_tbl; ?>', '<?php echo PMA_jsFor
/******************************************************************************/ /******************************************************************************/
/* start procedural code label_start_procedural */ /* start procedural code label_start_procedural */
/**
* just to be sure there was no import (registering) before here
* we empty the global space
*/
$variables_whitelist = array (
'GLOBALS',
'_SERVER',
'_GET',
'_POST',
'_REQUEST',
'_FILES',
'_ENV',
'_COOKIE',
'_SESSION',
);
foreach ( get_defined_vars() as $key => $value ) {
if ( ! in_array( $key, $variables_whitelist ) ) {
unset( $$key );
}
}
unset( $key, $value );
/**
* protect against older PHP versions' bug about GLOBALS overwrite
* (no need to localize this message :) )
* but what if script.php?GLOBALS[admin]=1&GLOBALS[_REQUEST]=1 ???
*/
if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] )
|| isset( $_SERVER['GLOBALS'] ) || isset( $_COOKIE['GLOBALS'] )
|| isset( $_ENV['GLOBALS'] ) ) {
die( 'GLOBALS overwrite attempt' );
}
require_once './libraries/session.inc.php';
// grab_globals.lib.php should really go before common.lib.php // grab_globals.lib.php should really go before common.lib.php
require_once('./libraries/grab_globals.lib.php'); require_once('./libraries/grab_globals.lib.php');

39
libraries/grab_globals.lib.php
View File

@@ -12,45 +12,6 @@
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ * loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
*/ */
/**
* just to be sure there was no import (registering) before here
* we empty the global space
*/
$variables_whitelist = array (
'GLOBALS',
'_SERVER',
'_GET',
'_POST',
'_REQUEST',
'_FILES',
'_ENV',
'_COOKIE',
'_SESSION',
);
foreach ( get_defined_vars() as $key => $value ) {
if ( ! in_array( $key, $variables_whitelist ) ) {
unset( $$key );
}
}
unset( $key, $value );
/**
* protect against older PHP versions' bug about GLOBALS overwrite
* (no need to translate this one :) )
* but what if script.php?GLOBALS[admin]=1&GLOBALS[_REQUEST]=1 ???
*/
if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] )
|| isset( $_SERVER['GLOBALS'] ) || isset( $_COOKIE['GLOBALS'] )
|| isset( $_ENV['GLOBALS'] ) ) {
die( 'GLOBALS overwrite attempt' );
}
require_once './libraries/session.inc.php';
/** /**
* check if a subform is submitted * check if a subform is submitted
*/ */