punbb-1.2.12/upload/admin_options.php |
punbb-1.2.13/upload/admin_options.php |
63: if (substr($form['base_url'], -1) == '/') | 63: if (substr($form['base_url'], -1) == '/') |
64: $form['base_url'] = substr($form['base_url'], 0, -1); | 64: $form['base_url'] = substr($form['base_url'], 0, -1); |
65: | 65: |
| 66: // Clean avatars_dir |
| 67: $form['avatars_dir'] = str_replace("\0", '', $form['avatars_dir']); |
| 68: |
66: // Make sure avatars_dir doesn't end with a slash | 69: // Make sure avatars_dir doesn't end with a slash |
67: if (substr($form['avatars_dir'], -1) == '/') | 70: if (substr($form['avatars_dir'], -1) == '/') |
68: $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1); | 71: $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1); |
punbb-1.2.12/upload/include/functions.php |
punbb-1.2.13/upload/include/functions.php |
138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) | 138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) |
139: // @header('P3P: CP="CUR ADM"'); | 139: // @header('P3P: CP="CUR ADM"'); |
140: | 140: |
141: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure); | 141: if (version_compare(PHP_VERSION, '5.2.0', '>=')) |
| 142: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true); |
| 143: else |
| 144: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure); |
142: } | 145: } |
143: | 146: |
144: | 147: |
1031: // | 1034: // |
1032: // Unset any variables instantiated as a result of register_globals being enabled | 1035: // Unset any variables instantiated as a result of register_globals being enabled |
1033: // | 1036: // |
1034: function unregister_globals() | 1037: function unregister_globals() |
1035: { | 1038: { |
1036: // Prevent script.php?GLOBALS[foo]=bar | 1039: // Prevent script.php?GLOBALS[foo]=bar |
1037: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) | 1040: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) |
1038: exit('I\'ll have a steak sandwich and... a steak sandwich.'); | 1041: exit('I\'ll have a steak sandwich and... a steak sandwich.'); |
1039: | 1042: |
1040: // Variables that shouldn't be unset | 1043: // Variables that shouldn't be unset |
1041: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); | 1044: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); |
1042: | 1045: |
1043: // Remove elements in $GLOBALS that are present in any of the superglobals | 1046: // Remove elements in $GLOBALS that are present in any of the superglobals |
1044: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); | 1047: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); |
1045: foreach ($input as $k => $v) | 1048: foreach ($input as $k => $v) |
1046: { | 1049: { |
1047: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) | 1050: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) |
1048: unset($GLOBALS[$k]); | 1051: unset($GLOBALS[$k]); |
1049: } | 1052: } |
1050: } | 1053: } |
1051: | 1054: |
1052: | 1055: |