Changeset 2783 for branches/1.5

Show
Ignore:
Timestamp:
08/15/05 03:57:54 (3 years ago)
Author:
matt
Message:

Typos and more secure unsetting.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/1.5/wp-settings.php

    r2779 r2783  
    11<?php 
    22// Turn register globals off 
    3 if ( ini_get('register_globals') ) { 
    4     $superglobals = array($_SERVER, $_ENV, $_FILES, $_COOKIE, $_POST, $_GET); 
    5     if ( isset($_SESSION) ) 
    6         array_unshift($superglobals, $_SESSION); 
     3function unregister_GLOBALS() { 
     4    if ( !ini_get('register_globals') ) 
     5        return; 
     6 
     7    if ( isset($_REQUEST['GLOBALS']) ) 
     8        die('GLOBALS overwrite attempt detected'); 
     9 
     10    // Variables that shouldn't be unset 
     11    $noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix'); 
    712     
    8     foreach ( $superglobals as $superglobal ) 
    9        foreach ( $superglobal as $global => $value ) 
    10            if ( 'table_prefix' != $global
    11                unset( $GLOBALS[$global] ); 
     13    $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); 
     14    foreach ( $input as $k => $v )  
     15        if ( !in_array($k, $noUnset) && isset($GLOBALS[$k])
     16            unset($GLOBALS[$k]); 
    1217} 
     18 
     19unregister_GLOBALS();  
    1320 
    1421$HTTP_HOST = getenv('HTTP_HOST');  /* domain name */ 
    1522$REMOTE_ADDR = getenv('REMOTE_ADDR'); /* visitor's IP */ 
    1623$HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); /* visitor's browser */ 
     24unset( $wp_filter, $cache_userdata, $cache_lastcommentmodified, $cache_lastpostdate, $cache_settings, $category_cache, $cache_categories ); 
    1725 
    1826// Fix for IIS, which doesn't set REQUEST_URI