<?
-/* $Id: index.php,v 1.10 2004/07/25 03:31:52 nighty Exp $ */
- $min_lvl=800;
require("../../../php_includes/cmaster.inc");
std_connect();
+ $min_lvl=800;
$user_id = std_security_chk($auth);
$admin = std_admin();
$cTheme = get_theme_info();
?>
</body>
</html>
-
-
die;
}
+define("REGISTER_GLOBALS_BLACKLIST", array("min_lvl", "edit_lvl"));
+define("REGISTER_GLOBALS_COOKIE_WHITELIST", array("auth", "sauth", "totp", "csess", "rlogin", "sepoch", "cstheme"));
+
// Ugly hack, but this code will never be fixed not to require register_globals which was
// deprecated in PHP 5.4.
function register_global_array( $sg ) {
Global ${$superGlobals[$sg]};
foreach( ${$superGlobals[$sg]} as $key => $val ) {
+ if (in_array(strtolower($key), REGISTER_GLOBALS_BLACKLIST)) {
+ continue;
+ }
if ($superGlobals[$sg] == "_GET" || $superGlobals[$sg] == "_POST") {
$val = pg_escape_string($val);
+ } elseif ($superGlobals[$sg] == "__COOKIE") {
+ if (!in_array(strtolower($key), REGISTER_GLOBALS_COOKIE_WHITELIST)) {
+ continue;
+ }
}
+
$GLOBALS[$key] = $val;
}
}