summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-04-15 16:21:16 +0200
committerAndrey Andreev <narf@devilix.net>2014-04-15 16:21:16 +0200
commitb78a8c7d40446a3e2e36772706662fd033fe7d1d (patch)
tree3485bef4c7866ba3853154731491ae4feaa96a78
parentefc08e99f99657623c5add39b1e91bb452ae1ab5 (diff)
Fix #3004
-rw-r--r--system/core/CodeIgniter.php54
-rw-r--r--system/core/Input.php51
2 files changed, 52 insertions, 53 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index df5fa3b02..4f625b143 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -65,6 +65,57 @@ defined('BASEPATH') OR exit('No direct script access allowed');
*/
require_once(BASEPATH.'core/Common.php');
+
+/*
+ * ------------------------------------------------------
+ * Security procedures
+ * ------------------------------------------------------
+ */
+
+if ( ! is_php('5.4'))
+{
+ ini_set('magic_quotes_runtime', 0);
+
+ if ((bool) ini_get('register_globals'))
+ {
+ $_protected = array(
+ '_SERVER',
+ '_GET',
+ '_POST',
+ '_FILES',
+ '_REQUEST',
+ '_SESSION',
+ '_ENV',
+ '_COOKIE',
+ 'GLOBALS',
+ 'HTTP_RAW_POST_DATA',
+ 'system_folder',
+ 'application_folder',
+ 'view_folder',
+ '_protected',
+ '_registered'
+ );
+
+ $_registered = ini_get('variables_order');
+ foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal)
+ {
+ if (strpos($_registered, $key) === FALSE)
+ {
+ continue;
+ }
+
+ foreach (array_keys($$superglobal) as $var)
+ {
+ if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE))
+ {
+ $GLOBALS[$var] = NULL;
+ }
+ }
+ }
+ }
+}
+
+
/*
* ------------------------------------------------------
* Define a custom error handler so we can log PHP errors
@@ -73,9 +124,6 @@ defined('BASEPATH') OR exit('No direct script access allowed');
set_error_handler('_exception_handler');
register_shutdown_function('_shutdown_handler');
- // Kill magic quotes
- is_php('5.4') OR ini_set('magic_quotes_runtime', 0);
-
/*
* ------------------------------------------------------
* Set the subclass_prefix
diff --git a/system/core/Input.php b/system/core/Input.php
index 6986bd4d3..b3bed724f 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -558,8 +558,7 @@ class CI_Input {
*
* Internal method serving for the following purposes:
*
- * - Unsets $_GET data (if query strings are not enabled)
- * - Unsets all globals if register_globals is enabled
+ * - Unsets $_GET data, if query strings are not enabled
* - Cleans POST, COOKIE and SERVER data
* - Standardizes newline characters to PHP_EOL
*
@@ -567,54 +566,6 @@ class CI_Input {
*/
protected function _sanitize_globals()
{
- // It would be "wrong" to unset any of these GLOBALS.
- $protected = array(
- '_SERVER',
- '_GET',
- '_POST',
- '_FILES',
- '_REQUEST',
- '_SESSION',
- '_ENV',
- 'GLOBALS',
- 'HTTP_RAW_POST_DATA',
- 'system_folder',
- 'application_folder',
- 'BM',
- 'EXT',
- 'CFG',
- 'URI',
- 'RTR',
- 'OUT',
- 'IN'
- );
-
- // Unset globals for security.
- // This is effectively the same as register_globals = off
- // PHP 5.4 no longer has the register_globals functionality.
- if ( ! is_php('5.4'))
- {
- foreach (array($_GET, $_POST, $_COOKIE) as $global)
- {
- if (is_array($global))
- {
- foreach ($global as $key => $val)
- {
- if ( ! in_array($key, $protected))
- {
- global $$key;
- $$key = NULL;
- }
- }
- }
- elseif ( ! in_array($global, $protected))
- {
- global $$global;
- $$global = NULL;
- }
- }
- }
-
// Is $_GET data allowed? If not we'll set the $_GET to an empty array
if ($this->_allow_get_array === FALSE)
{