Typos and more secure unsetting. Hat tip: Stefen Esser

git-svn-id: https://develop.svn.wordpress.org/trunk@2784 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Matt Mullenweg 2005-08-15 04:02:19 +00:00
parent 2f2b05ed34
commit 0c8967b8b2

View File

@ -1,19 +1,25 @@
<?php
// Turn register globals off
if ( ini_get('register_globals') ) {
$superglobals = array($_SERVER, $_ENV, $_FILES, $_COOKIE, $_POST, $_GET);
if ( isset($_SESSION) )
array_unshift($superglobals, $_SESSION);
function unregister_GLOBALS() {
if ( !ini_get('register_globals') )
return;
if ( isset($_REQUEST['GLOBALS']) )
die('GLOBALS overwrite attempt detected');
// Variables that shouldn't be unset
$noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix');
foreach ( $superglobals as $superglobal )
foreach ( $superglobal as $global => $value )
if ( 'table_prefix' != $global )
unset( $GLOBALS[$global] );
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
foreach ( $input as $k => $v )
if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) )
unset($GLOBALS[$k]);
}
$HTTP_HOST = getenv('HTTP_HOST'); /* domain name */
$REMOTE_ADDR = getenv('REMOTE_ADDR'); /* visitor's IP */
$HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); /* visitor's browser */
unregister_GLOBALS();
$HTTP_USER_AGENT = getenv('HTTP_USER_AGENT');
unset( $wp_filter, $cache_userdata, $cache_lastcommentmodified, $cache_lastpostdate, $cache_settings, $category_cache, $cache_categories );
// Fix for IIS, which doesn't set REQUEST_URI
if ( empty( $_SERVER['REQUEST_URI'] ) ) {