Home Explore Help
Sign In
necklace
/
online-bookmarks-2
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0
Branch: master
Branches Tags
online-bookm...
/
lib
/
webstart.php

webstart.php 1.5 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. <?php
    2. 

  2. 

  3. if ( ini_get( 'register_globals' ) ) {
    4. 

  4.         if ( isset( $_REQUEST['GLOBALS'] ) ) {
    5. 

  5.                 die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
    6. 

  6.         }
    7. 

  7.         $verboten = array(
    8. 

  8.                 'GLOBALS',
    9. 

  9.                 '_SERVER',
    10. 

  10.                 'HTTP_SERVER_VARS',
    11. 

  11.                 '_GET',
    12. 

  12.                 'HTTP_GET_VARS',
    13. 

  13.                 '_POST',
    14. 

  14.                 'HTTP_POST_VARS',
    15. 

  15.                 '_COOKIE',
    16. 

  16.                 'HTTP_COOKIE_VARS',
    17. 

  17.                 '_FILES',
    18. 

  18.                 'HTTP_POST_FILES',
    19. 

  19.                 '_ENV',
    20. 

  20.                 'HTTP_ENV_VARS',
    21. 

  21.                 '_REQUEST',
    22. 

  22.                 '_SESSION',
    23. 

  23.                 'HTTP_SESSION_VARS'
    24. 

  24.         );
    25. 

  25.         foreach ( $_REQUEST as $name => $value ) {
    26. 

  26.                 if( in_array( $name, $verboten ) ) {
    27. 

  27.                         header( "HTTP/1.x 500 Internal Server Error" );
    28. 

  28.                         echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
    29. 

  29.                         die( -1 );
    30. 

  30.                 }
    31. 

  31.                 unset( $GLOBALS[$name] );
    32. 

  32.         }
    33. 

  33. }
    34. 

  34. 

  35. function &fix_magic_quotes( &$arr ) {
    36. 

  36. 	if ( get_magic_quotes_gpc() ) {
    37. 

  37. 		foreach( $arr as $key => $val ) {
    38. 

  38. 			if( is_array( $val ) ) {
    39. 

  39. 				fix_magic_quotes( $arr[$key] );
    40. 

  40. 			} else {
    41. 

  41. 				$arr[$key] = stripslashes( $val );
    42. 

  42. 			}
    43. 

  43. 		}
    44. 

  44. 	}
    45. 

  45. 	return $arr;
    46. 

  46. }
    47. 

  47. 

  48. fix_magic_quotes( $_COOKIE );
    49. 

  49. fix_magic_quotes( $_ENV );
    50. 

  50. fix_magic_quotes( $_GET );
    51. 

  51. fix_magic_quotes( $_POST );
    52. 

  52. fix_magic_quotes( $_REQUEST );
    53. 

  53. 

  54. 

  55. ?>
    56.