$value) { // PHP GLOBALS injection bug $failed = in_array(strtolower($key),$banned); // PHP Zend_Hash_Del_Key_Or_Index bug $failed |= is_numeric($key); if($failed) { die('Запрещенная переменная '.implode(' или ',$banned).' в скрипте.'); } if($globalise) { $GLOBALS[$key] = $value; } } } /** * Emulates register globals = off */ function unregisterGlobals() { checkInputArray($_FILES); checkInputArray($_ENV); checkInputArray($_GET); checkInputArray($_POST); checkInputArray($_COOKIE); checkInputArray($_SERVER); if(isset($_SESSION)) { checkInputArray($_SESSION); } $REQUEST = $_REQUEST; $GET = $_GET; $POST = $_POST; $COOKIE = $_COOKIE; if(isset($_SESSION)) { $SESSION = $_SESSION; } $FILES = $_FILES; $ENV = $_ENV; $SERVER = $_SERVER; foreach($GLOBALS as $key => $value) { if($key != 'GLOBALS') { unset($GLOBALS[$key]); } } $_REQUEST = $REQUEST; $_GET = $GET; $_POST = $POST; $_COOKIE = $COOKIE; if(isset($SESSION)) { $_SESSION = $SESSION; } $_FILES = $FILES; $_ENV = $ENV; $_SERVER = $SERVER; } /** * Emulates register globals = on */ function registerGlobals() { checkInputArray($_FILES,true); checkInputArray($_ENV,true); checkInputArray($_GET,true); checkInputArray($_POST,true); checkInputArray($_COOKIE,true); checkInputArray($_SERVER,true); if(isset($_SESSION)) { checkInputArray($_SESSION,true); } foreach($_FILES as $key => $value) { $GLOBALS[$key] = $_FILES[$key]['tmp_name']; foreach($value as $ext => $value2) { $key2 = $key.'_'.$ext; $GLOBALS[$key2] = $value2; } } } if(RG_EMULATION == 0) { // force register_globals = off unregisterGlobals(); if(file_exists(dirname(__file__).'/configuration.php')) { require (dirname(__file__).'/configuration.php'); } } else if(ini_get('register_globals') == 0) { // php.ini has register_globals = off and emulate = on registerGlobals(); } else { // php.ini has register_globals = on and emulate = on // just check for spoofing checkInputArray($_FILES); checkInputArray($_ENV); checkInputArray($_GET); checkInputArray($_POST); checkInputArray($_COOKIE); checkInputArray($_SERVER); if(isset($_SESSION)) { checkInputArray($_SESSION); } } ?>