From a3b99374187900be1a377c765292a06a094d0d0f Mon Sep 17 00:00:00 2001 From: tokul Date: Thu, 6 Apr 2006 18:36:19 +0000 Subject: [PATCH] fixed register_globals test. if configuration set with php_value, ini_get returns 'off' string (boolean true). git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11035 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- include/init.php | 5 +++-- src/configtest.php | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/include/init.php b/include/init.php index 3b056dc5..85b7b94d 100644 --- a/include/init.php +++ b/include/init.php @@ -21,8 +21,10 @@ error_reporting(E_ALL); /** * If register_globals are on, unregister globals. * Code requires PHP 4.1.0 or newer. + * Second test covers boolean set as string (php_value register_globals off). */ -if ((bool) @ini_get('register_globals')) { +if ((bool) @ini_get('register_globals') && + strtolower(ini_get('register_globals'))!='off') { /** * Remove all globals from $_GET, $_POST, and $_COOKIE. */ @@ -418,7 +420,6 @@ if (version_compare(PHP_VERSION, "4.3.0", ">=")) { * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see functions/constants.php}) * @since 1.5.1 */ - function checkForJavascript($reset = FALSE) { global $data_dir, $username, $javascript_on, $javascript_setting; diff --git a/src/configtest.php b/src/configtest.php index 7377d0c4..5b6436b2 100644 --- a/src/configtest.php +++ b/src/configtest.php @@ -111,7 +111,9 @@ if(!check_php_version(4,1,0)) { } echo $IND . 'PHP version ' . PHP_VERSION . ' OK. (You have: ' . phpversion() . ". Minimum: 4.1.0)
\n"; -if ((bool) ini_get('register_globals')) { +/* test for boolean false and any string that is not equal to 'off' */ +if ((bool) ini_get('register_globals') && + strtolower(ini_get('register_globals'))!='off') { do_err('You have register_globals turned on. This is not an error, but it CAN be a security hazard. Consider turning register_globals off.', false); } $php_exts = array('session','pcre'); -- 2.25.1