X-Git-Url: http://git.vanrenterghem.biz/www.vanrenterghem.biz.git/blobdiff_plain/4b1ce0d83844cfd7c55e75a60ccb239882cd62e3..83ab5456767602f2a9860a7db7247f002ec96945:/phpBB2/common.php diff --git a/phpBB2/common.php b/phpBB2/common.php deleted file mode 100644 index 1588481..0000000 --- a/phpBB2/common.php +++ /dev/null @@ -1,236 +0,0 @@ -= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off')) -{ - $HTTP_POST_VARS = $_POST; - $HTTP_GET_VARS = $_GET; - $HTTP_SERVER_VARS = $_SERVER; - $HTTP_COOKIE_VARS = $_COOKIE; - $HTTP_ENV_VARS = $_ENV; - $HTTP_POST_FILES = $_FILES; - - // _SESSION is the only superglobal which is conditionally set - if (isset($_SESSION)) - { - $HTTP_SESSION_VARS = $_SESSION; - } -} - -// Protect against GLOBALS tricks -if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) -{ - die("Hacking attempt"); -} - -// Protect against HTTP_SESSION_VARS tricks -if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)) -{ - die("Hacking attempt"); -} - -if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') -{ - // PHP4+ path - $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); - - // Not only will array_merge give a warning if a parameter - // is not an array, it will actually fail. So we check if - // HTTP_SESSION_VARS has been initialised. - if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS)) - { - $HTTP_SESSION_VARS = array(); - } - - // Merge all into one extremely huge array; unset - // this later - $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES); - - unset($input['input']); - unset($input['not_unset']); - - while (list($var,) = @each($input)) - { - if (in_array($var, $not_unset)) - { - die('Hacking attempt!'); - } - unset($$var); - } - - unset($input); -} - -// -// addslashes to vars if magic_quotes_gpc is off -// this is a security precaution to prevent someone -// trying to break out of a SQL statement. -// -if( !get_magic_quotes_gpc() ) -{ - if( is_array($HTTP_GET_VARS) ) - { - while( list($k, $v) = each($HTTP_GET_VARS) ) - { - if( is_array($HTTP_GET_VARS[$k]) ) - { - while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) ) - { - $HTTP_GET_VARS[$k][$k2] = addslashes($v2); - } - @reset($HTTP_GET_VARS[$k]); - } - else - { - $HTTP_GET_VARS[$k] = addslashes($v); - } - } - @reset($HTTP_GET_VARS); - } - - if( is_array($HTTP_POST_VARS) ) - { - while( list($k, $v) = each($HTTP_POST_VARS) ) - { - if( is_array($HTTP_POST_VARS[$k]) ) - { - while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) ) - { - $HTTP_POST_VARS[$k][$k2] = addslashes($v2); - } - @reset($HTTP_POST_VARS[$k]); - } - else - { - $HTTP_POST_VARS[$k] = addslashes($v); - } - } - @reset($HTTP_POST_VARS); - } - - if( is_array($HTTP_COOKIE_VARS) ) - { - while( list($k, $v) = each($HTTP_COOKIE_VARS) ) - { - if( is_array($HTTP_COOKIE_VARS[$k]) ) - { - while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) ) - { - $HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2); - } - @reset($HTTP_COOKIE_VARS[$k]); - } - else - { - $HTTP_COOKIE_VARS[$k] = addslashes($v); - } - } - @reset($HTTP_COOKIE_VARS); - } -} - -// -// Define some basic configuration arrays this also prevents -// malicious rewriting of language and otherarray values via -// URI params -// -$board_config = array(); -$userdata = array(); -$theme = array(); -$images = array(); -$lang = array(); -$nav_links = array(); -$dss_seeded = false; -$gen_simple_header = FALSE; - -include($phpbb_root_path . 'config.'.$phpEx); - -if( !defined("PHPBB_INSTALLED") ) -{ - header('Location: ' . $phpbb_root_path . 'install/install.' . $phpEx); - exit; -} - -include($phpbb_root_path . 'includes/constants.'.$phpEx); -include($phpbb_root_path . 'includes/template.'.$phpEx); -include($phpbb_root_path . 'includes/sessions.'.$phpEx); -include($phpbb_root_path . 'includes/auth.'.$phpEx); -include($phpbb_root_path . 'includes/functions.'.$phpEx); -include($phpbb_root_path . 'includes/db.'.$phpEx); - -// We do not need this any longer, unset for safety purposes -unset($dbpasswd); - -// -// Obtain and encode users IP -// -// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as -// private range IP's appearing instead of the guilty routable IP, tough, don't -// even bother complaining ... go scream and shout at the idiots out there who feel -// "clever" is doing harm rather than good ... karma is a great thing ... :) -// -$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); -$user_ip = encode_ip($client_ip); - -// -// Setup forum wide options, if this fails -// then we output a CRITICAL_ERROR since -// basic forum information is not available -// -$sql = "SELECT * - FROM " . CONFIG_TABLE; -if( !($result = $db->sql_query($sql)) ) -{ - message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql); -} - -while ( $row = $db->sql_fetchrow($result) ) -{ - $board_config[$row['config_name']] = $row['config_value']; -} - -if (file_exists('install') || file_exists('contrib')) -{ - message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib'); -} - -// -// Show 'Board is disabled' message if needed. -// -if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") ) -{ - message_die(GENERAL_MESSAGE, 'Board_disable', 'Information'); -} - -?> \ No newline at end of file