Typos and more secure unsetting. Hat tip: Stefen Esser

git-svn-id: https://develop.svn.wordpress.org/trunk@2784 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Matt Mullenweg 2005-08-15 04:02:19 +00:00
parent 2f2b05ed34
commit 0c8967b8b2

View File

@ -1,19 +1,25 @@
<?php <?php
// Turn register globals off // Turn register globals off
if ( ini_get('register_globals') ) { function unregister_GLOBALS() {
$superglobals = array($_SERVER, $_ENV, $_FILES, $_COOKIE, $_POST, $_GET); if ( !ini_get('register_globals') )
if ( isset($_SESSION) ) return;
array_unshift($superglobals, $_SESSION);
if ( isset($_REQUEST['GLOBALS']) )
die('GLOBALS overwrite attempt detected');
// Variables that shouldn't be unset
$noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix');
foreach ( $superglobals as $superglobal ) $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
foreach ( $superglobal as $global => $value ) foreach ( $input as $k => $v )
if ( 'table_prefix' != $global ) if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) )
unset( $GLOBALS[$global] ); unset($GLOBALS[$k]);
} }
$HTTP_HOST = getenv('HTTP_HOST'); /* domain name */ unregister_GLOBALS();
$REMOTE_ADDR = getenv('REMOTE_ADDR'); /* visitor's IP */
$HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); /* visitor's browser */ $HTTP_USER_AGENT = getenv('HTTP_USER_AGENT');
unset( $wp_filter, $cache_userdata, $cache_lastcommentmodified, $cache_lastpostdate, $cache_settings, $category_cache, $cache_categories );
// Fix for IIS, which doesn't set REQUEST_URI // Fix for IIS, which doesn't set REQUEST_URI
if ( empty( $_SERVER['REQUEST_URI'] ) ) { if ( empty( $_SERVER['REQUEST_URI'] ) ) {