File: includes/startup.php
Unmodified
Added
Modified
Removed
Line 69 | Line 69 |
---|
{ if (isset($not_unset[$varname])) {
|
{ if (isset($not_unset[$varname])) {
|
// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
| // Hacking attempt. No point in continuing. if (isset($_COOKIE[$varname]))
|
{
|
{
|
| echo "Clear your cookies. "; } echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
|
exit;
|
exit;
|
} else { $cookie = &$_COOKIE; while (isset($cookie['GLOBALS'])) { if (!is_array($cookie['GLOBALS'])) { break; }
foreach ($cookie['GLOBALS'] as $registered_var => $value) { if (!isset($not_unset[$registered_var])) { unset($GLOBALS[$registered_var]); } } $cookie = &$cookie['GLOBALS']; } }
| |
}
unset($GLOBALS[$varname]);
| }
unset($GLOBALS[$varname]);
|
Line 112 | Line 94 |
---|
} else {
|
} else {
|
| if (get_magic_quotes_runtime()) { // Deactivate
|
@set_magic_quotes_runtime(0);
|
@set_magic_quotes_runtime(0);
|
| }
|
// Be paranoid with passed vars if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
| // Be paranoid with passed vars if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
|