Commit 8e4524c0 authored by Gerhard Killesreiter's avatar Gerhard Killesreiter
Browse files

#59378, unset disallowed globals in case register_globals is on, patch by chx

parent b9c4901d
...@@ -131,12 +131,25 @@ function conf_path() { ...@@ -131,12 +131,25 @@ function conf_path() {
return $conf; return $conf;
} }
/**
* Unsets all disallowed global variables. See $allowed for what's allowed.
*/
function drupal_unset_globals() {
if (ini_get('register_globals')) {
$allowed = array('_ENV' => 1, '_GET' => 1, '_POST' => 1, '_COOKIE' => 1, '_FILES' => 1, '_SERVER' => 1, '_REQUEST' => 1, 'access_check' => 1);
foreach ($GLOBALS as $key => $value) {
if (!isset($allowed[$key])) {
unset($GLOBALS[$key]);
}
}
}
}
/** /**
* Loads the configuration and sets the base URL correctly. * Loads the configuration and sets the base URL correctly.
*/ */
function conf_init() { function conf_init() {
global $db_url, $db_prefix, $base_url, $base_path, $base_root, $conf; global $db_url, $db_prefix, $base_url, $base_path, $base_root, $conf;
$conf = array(); $conf = array();
require_once './'. conf_path() .'/settings.php'; require_once './'. conf_path() .'/settings.php';
...@@ -720,6 +733,7 @@ function _drupal_bootstrap($phase) { ...@@ -720,6 +733,7 @@ function _drupal_bootstrap($phase) {
switch ($phase) { switch ($phase) {
case DRUPAL_BOOTSTRAP_DATABASE: case DRUPAL_BOOTSTRAP_DATABASE:
drupal_unset_globals();
// Initialize the configuration // Initialize the configuration
conf_init(); conf_init();
// Initialize the default database. // Initialize the default database.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment