From b78a8c7d40446a3e2e36772706662fd033fe7d1d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 15 Apr 2014 17:21:16 +0300 Subject: Fix #3004 --- system/core/CodeIgniter.php | 54 ++++++++++++++++++++++++++++++++++++++++++--- system/core/Input.php | 51 +----------------------------------------- 2 files changed, 52 insertions(+), 53 deletions(-) (limited to 'system/core') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index df5fa3b02..4f625b143 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -65,6 +65,57 @@ defined('BASEPATH') OR exit('No direct script access allowed'); */ require_once(BASEPATH.'core/Common.php'); + +/* + * ------------------------------------------------------ + * Security procedures + * ------------------------------------------------------ + */ + +if ( ! is_php('5.4')) +{ + ini_set('magic_quotes_runtime', 0); + + if ((bool) ini_get('register_globals')) + { + $_protected = array( + '_SERVER', + '_GET', + '_POST', + '_FILES', + '_REQUEST', + '_SESSION', + '_ENV', + '_COOKIE', + 'GLOBALS', + 'HTTP_RAW_POST_DATA', + 'system_folder', + 'application_folder', + 'view_folder', + '_protected', + '_registered' + ); + + $_registered = ini_get('variables_order'); + foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal) + { + if (strpos($_registered, $key) === FALSE) + { + continue; + } + + foreach (array_keys($$superglobal) as $var) + { + if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE)) + { + $GLOBALS[$var] = NULL; + } + } + } + } +} + + /* * ------------------------------------------------------ * Define a custom error handler so we can log PHP errors @@ -73,9 +124,6 @@ defined('BASEPATH') OR exit('No direct script access allowed'); set_error_handler('_exception_handler'); register_shutdown_function('_shutdown_handler'); - // Kill magic quotes - is_php('5.4') OR ini_set('magic_quotes_runtime', 0); - /* * ------------------------------------------------------ * Set the subclass_prefix diff --git a/system/core/Input.php b/system/core/Input.php index 6986bd4d3..b3bed724f 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -558,8 +558,7 @@ class CI_Input { * * Internal method serving for the following purposes: * - * - Unsets $_GET data (if query strings are not enabled) - * - Unsets all globals if register_globals is enabled + * - Unsets $_GET data, if query strings are not enabled * - Cleans POST, COOKIE and SERVER data * - Standardizes newline characters to PHP_EOL * @@ -567,54 +566,6 @@ class CI_Input { */ protected function _sanitize_globals() { - // It would be "wrong" to unset any of these GLOBALS. - $protected = array( - '_SERVER', - '_GET', - '_POST', - '_FILES', - '_REQUEST', - '_SESSION', - '_ENV', - 'GLOBALS', - 'HTTP_RAW_POST_DATA', - 'system_folder', - 'application_folder', - 'BM', - 'EXT', - 'CFG', - 'URI', - 'RTR', - 'OUT', - 'IN' - ); - - // Unset globals for security. - // This is effectively the same as register_globals = off - // PHP 5.4 no longer has the register_globals functionality. - if ( ! is_php('5.4')) - { - foreach (array($_GET, $_POST, $_COOKIE) as $global) - { - if (is_array($global)) - { - foreach ($global as $key => $val) - { - if ( ! in_array($key, $protected)) - { - global $$key; - $$key = NULL; - } - } - } - elseif ( ! in_array($global, $protected)) - { - global $$global; - $$global = NULL; - } - } - } - // Is $_GET data allowed? If not we'll set the $_GET to an empty array if ($this->_allow_get_array === FALSE) { -- cgit v1.2.3-24-g4f1b