golem
/
twentyGOLEM
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Typos and more secure unsetting. Hat tip: Stefen Esser 

git-svn-id: http://svn.automattic.com/wordpress/trunk@2784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
matt 2005-08-15 04:02:19 +00:00
parent 87a7399de2
commit dce5220c15
1 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
wp-settings.php
View File

@ -1,19 +1,25 @@
<?php <?php
// Turn register globals off // Turn register globals off
if ( ini_get('register_globals') ) { function unregister_GLOBALS() {
$superglobals = array($_SERVER, $_ENV, $_FILES, $_COOKIE, $_POST, $_GET); if ( !ini_get('register_globals') )
if ( isset($_SESSION) ) return;
array_unshift($superglobals, $_SESSION);
if ( isset($_REQUEST['GLOBALS']) )
die('GLOBALS overwrite attempt detected');
// Variables that shouldn't be unset
$noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix');
foreach ( $superglobals as $superglobal ) $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
foreach ( $superglobal as $global => $value ) foreach ( $input as $k => $v )
if ( 'table_prefix' != $global ) if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) )
unset( $GLOBALS[$global] ); unset($GLOBALS[$k]);
} }
$HTTP_HOST = getenv('HTTP_HOST'); /* domain name */ unregister_GLOBALS();
$REMOTE_ADDR = getenv('REMOTE_ADDR'); /* visitor's IP */
$HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); /* visitor's browser */ $HTTP_USER_AGENT = getenv('HTTP_USER_AGENT');
unset( $wp_filter, $cache_userdata, $cache_lastcommentmodified, $cache_lastpostdate, $cache_settings, $category_cache, $cache_categories );
// Fix for IIS, which doesn't set REQUEST_URI // Fix for IIS, which doesn't set REQUEST_URI
if ( empty( $_SERVER['REQUEST_URI'] ) ) { if ( empty( $_SERVER['REQUEST_URI'] ) ) {