[Sommaire] [Imprimer]

   1  <?php
   2  /**
   3   * @version $Id: globals.php 7424 2007-05-17 15:56:10Z robs $
   4   * @package Joomla
   5   * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
   6   * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
   7   * Joomla! is free software and parts of it may contain or be derived from the
   8   * GNU General Public License or other free or open source software licenses.
   9   * See COPYRIGHT.php for copyright notices and details.
  10   */
  11  
  12  // no direct access
  13  defined( '_VALID_MOS' ) or die( 'Restricted access' );
  14  
  15  /**
  16   * Register Globals Emulation is no longer configured
  17   * in this file.  It is not configured via Joomla!'s
  18   * Global Configuration screen in the Administrator site.
  19   */
  20  if( defined( 'RG_EMULATION' ) === false ) {
  21      if( file_exists( dirname(__FILE__).'/configuration.php' ) ) {
  22          require( dirname(__FILE__).'/configuration.php' );
  23      }
  24  
  25      if( defined( 'RG_EMULATION' ) === false ) {
  26          // The configuration file is old so default to on
  27          define( 'RG_EMULATION', 1 );
  28      }
  29  }
  30  
  31  /**
  32   * Adds an array to the GLOBALS array and checks that the GLOBALS variable is
  33   * not being attacked
  34   * @param array
  35   * @param boolean True if the array is to be added to the GLOBALS
  36   */
  37  function checkInputArray( &$array, $globalise=false ) {
  38      static $banned = array( '_files', '_env', '_get', '_post', '_cookie', '_server', '_session', 'globals' );
  39  
  40      foreach ($array as $key => $value) {
  41          $intval = intval( $key );
  42          // PHP GLOBALS injection bug
  43          $failed = in_array( strtolower( $key ), $banned );
  44          // PHP Zend_Hash_Del_Key_Or_Index bug
  45          $failed |= is_numeric( $key );
  46          if ($failed) {
  47              die( 'Illegal variable <b>' . implode( '</b> or <b>', $banned ) . '</b> passed to script.' );
  48          }
  49          if ($globalise) {
  50              $GLOBALS[$key] = $value;
  51          }
  52      }
  53  }
  54  
  55  /**
  56   * Emulates register globals = off
  57   */
  58  function unregisterGlobals () {
  59      checkInputArray( $_FILES );
  60      checkInputArray( $_ENV );
  61      checkInputArray( $_GET );
  62      checkInputArray( $_POST );
  63      checkInputArray( $_COOKIE );
  64      checkInputArray( $_SERVER );
  65  
  66      if (isset( $_SESSION )) {
  67          checkInputArray( $_SESSION );
  68      }
  69  
  70      $REQUEST = $_REQUEST;
  71      $GET = $_GET;
  72      $POST = $_POST;
  73      $COOKIE = $_COOKIE;
  74      if (isset ( $_SESSION )) {
  75          $SESSION = $_SESSION;
  76      }
  77      $FILES = $_FILES;
  78      $ENV = $_ENV;
  79      $SERVER = $_SERVER;
  80      foreach ($GLOBALS as $key => $value) {
  81          if ( $key != 'GLOBALS' ) {
  82              unset ( $GLOBALS [ $key ] );
  83          }
  84      }
  85      $_REQUEST = $REQUEST;
  86      $_GET = $GET;
  87      $_POST = $POST;
  88      $_COOKIE = $COOKIE;
  89      if (isset ( $SESSION )) {
  90          $_SESSION = $SESSION;
  91      }
  92      $_FILES = $FILES;
  93      $_ENV = $ENV;
  94      $_SERVER = $SERVER;
  95  }
  96  
  97  /**
  98   * Emulates register globals = on
  99   */
 100  function registerGlobals() {
 101      checkInputArray( $_FILES, true );
 102      checkInputArray( $_ENV, true );
 103      checkInputArray( $_GET, true );
 104      checkInputArray( $_POST, true );
 105      checkInputArray( $_COOKIE, true );
 106      checkInputArray( $_SERVER, true );
 107  
 108      if (isset( $_SESSION )) {
 109          checkInputArray( $_SESSION, true );
 110      }
 111  
 112      foreach ($_FILES as $key => $value){
 113          $GLOBALS[$key] = $_FILES[$key]['tmp_name'];
 114          foreach ($value as $ext => $value2){
 115              $key2 = $key . '_' . $ext;
 116              $GLOBALS[$key2] = $value2;
 117          }
 118      }
 119  }
 120  
 121  if (RG_EMULATION == 0) {
 122      // force register_globals = off
 123      unregisterGlobals();
 124  
 125      if( file_exists( dirname(__FILE__).'/configuration.php' ) ) {
 126          require( dirname(__FILE__).'/configuration.php' );
 127      }
 128  } else if (ini_get('register_globals') == 0) {
 129      // php.ini has register_globals = off and emulate = on
 130      registerGlobals();
 131  } else {
 132      // php.ini has register_globals = on and emulate = on
 133      // just check for spoofing
 134      checkInputArray( $_FILES );
 135      checkInputArray( $_ENV );
 136      checkInputArray( $_GET );
 137      checkInputArray( $_POST );
 138      checkInputArray( $_COOKIE );
 139      checkInputArray( $_SERVER );
 140  
 141      if (isset( $_SESSION )) {
 142          checkInputArray( $_SESSION );
 143      }
 144  }
 145  
 146  ?>