diff options
| author | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-04-21 06:39:00 +0000 |
|---|---|---|
| committer | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-04-21 06:39:00 +0000 |
| commit | 8e4524c0d81c11477d0f46985cc3f4844a85c61f (patch) | |
| tree | 7798f8b3bf780bddc5c6d301ad84c8add49eb110 | |
| parent | b9c4901d86955b8187d4fe90f15cd183ef97cff1 (diff) | |
| download | brdo-8e4524c0d81c11477d0f46985cc3f4844a85c61f.tar.gz brdo-8e4524c0d81c11477d0f46985cc3f4844a85c61f.tar.bz2 | |
#59378, unset disallowed globals in case register_globals is on, patch by chx
| -rw-r--r-- | includes/bootstrap.inc | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 15d2ba52d..110d496c4 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -132,11 +132,24 @@ function conf_path() { } /** + * Unsets all disallowed global variables. See $allowed for what's allowed. + */ +function drupal_unset_globals() { + if (ini_get('register_globals')) { + $allowed = array('_ENV' => 1, '_GET' => 1, '_POST' => 1, '_COOKIE' => 1, '_FILES' => 1, '_SERVER' => 1, '_REQUEST' => 1, 'access_check' => 1); + foreach ($GLOBALS as $key => $value) { + if (!isset($allowed[$key])) { + unset($GLOBALS[$key]); + } + } + } +} + +/** * Loads the configuration and sets the base URL correctly. */ function conf_init() { global $db_url, $db_prefix, $base_url, $base_path, $base_root, $conf; - $conf = array(); require_once './'. conf_path() .'/settings.php'; @@ -720,6 +733,7 @@ function _drupal_bootstrap($phase) { switch ($phase) { case DRUPAL_BOOTSTRAP_DATABASE: + drupal_unset_globals(); // Initialize the configuration conf_init(); // Initialize the default database. |