Fix #3004

1 files changed, 51 insertions, 3 deletions

diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index df5fa3b02..4f625b143 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -65,6 +65,57 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  */
 	require_once(BASEPATH.'core/Common.php');
 
+
+/*
+ * ------------------------------------------------------
+ * Security procedures
+ * ------------------------------------------------------
+ */
+
+if ( ! is_php('5.4'))
+{
+	ini_set('magic_quotes_runtime', 0);
+
+	if ((bool) ini_get('register_globals'))
+	{
+		$_protected = array(
+			'_SERVER',
+			'_GET',
+			'_POST',
+			'_FILES',
+			'_REQUEST',
+			'_SESSION',
+			'_ENV',
+			'_COOKIE',
+			'GLOBALS',
+			'HTTP_RAW_POST_DATA',
+			'system_folder',
+			'application_folder',
+			'view_folder',
+			'_protected',
+			'_registered'
+		);
+
+		$_registered = ini_get('variables_order');
+		foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal)
+		{
+			if (strpos($_registered, $key) === FALSE)
+			{
+				continue;
+			}
+
+			foreach (array_keys($$superglobal) as $var)
+			{
+				if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE))
+				{
+					$GLOBALS[$var] = NULL;
+				}
+			}
+		}
+	}
+}
+
+
 /*
  * ------------------------------------------------------
  *  Define a custom error handler so we can log PHP errors
@@ -73,9 +124,6 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 	set_error_handler('_exception_handler');
 	register_shutdown_function('_shutdown_handler');
 
-	// Kill magic quotes
-	is_php('5.4') OR ini_set('magic_quotes_runtime', 0);
-
 /*
  * ------------------------------------------------------
  *  Set the subclass_prefix