/** * Sanitizes global GET, POST and COOKIE data. Also takes care of * magic_quotes and register_globals, if they have been enabled. * * @return void */ public function __construct() { // Use XSS clean? $this->use_xss_clean = (bool) Eight::config('core.global_xss_filtering'); if (self::$instance === nil) { // Convert all global variables to UTF-8. $_GET = Input::clean($_GET); $_POST = Input::clean($_POST); $_COOKIE = Input::clean($_COOKIE); $_SERVER = Input::clean($_SERVER); if (PHP_SAPI == 'cli') { // Convert command line arguments $_SERVER['argv'] = Input::clean($_SERVER['argv']); } // magic_quotes_runtime is enabled if (get_magic_quotes_runtime()) { exit('Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes'); } // magic_quotes_gpc is enabled if (get_magic_quotes_gpc()) { exit('Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes'); } // register_globals is enabled if (ini_get('register_globals')) { exit('Disable register_globals! It is evil and deprecated: http://php.net/register_globals'); } if (is_array($_GET)) { foreach ($_GET as $key => $val) { // Sanitize $_GET $_GET[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_GET = array(); } if (is_array($_POST)) { foreach ($_POST as $key => $val) { // Sanitize $_POST $_POST[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_POST = array(); } if (is_array($_COOKIE)) { foreach ($_COOKIE as $key => $val) { // Sanitize $_COOKIE $_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_COOKIE = array(); } // Create a singleton self::$instance = $this; Eight::log('debug', 'Global GET, POST and COOKIE data sanitized'); } // Assign global vars to request helper vars request::$get = $_GET; request::$post = $_POST; request::$input = array_merge(URI::instance()->segments(2, YES), $_REQUEST); }
/** * Sanitizes global GET, POST and COOKIE data. Also takes care of * magic_quotes and register_globals, if they have been enabled. * * @return void */ public function __construct() { // Use XSS clean? $this->use_xss_clean = (bool) Kohana::config('core.global_xss_filtering'); if (self::$instance === NULL) { // magic_quotes_runtime is enabled if (get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); Kohana::log('debug', 'Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes'); } // magic_quotes_gpc is enabled if (get_magic_quotes_gpc()) { $this->magic_quotes_gpc = TRUE; Kohana::log('debug', 'Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes'); } // register_globals is enabled if (ini_get('register_globals')) { if (isset($_REQUEST['GLOBALS'])) { // Prevent GLOBALS override attacks exit('Global variable overload attack.'); } // Destroy the REQUEST global $_REQUEST = array(); // These globals are standard and should not be removed $preserve = array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION'); // This loop has the same effect as disabling register_globals foreach (array_diff(array_keys($GLOBALS), $preserve) as $key) { global ${$key}; ${$key} = NULL; // Unset the global variable unset($GLOBALS[$key], ${$key}); } // Warn the developer about register globals Kohana::log('debug', 'Disable register_globals! It is evil and deprecated: http://php.net/register_globals'); } if (is_array($_GET)) { foreach ($_GET as $key => $val) { // Sanitize $_GET $_GET[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_GET = array(); } if (is_array($_POST)) { foreach ($_POST as $key => $val) { // Sanitize $_POST $_POST[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_POST = array(); } if (is_array($_COOKIE)) { foreach ($_COOKIE as $key => $val) { // Ignore special attributes in RFC2109 compliant cookies if ($key == '$Version' or $key == '$Path' or $key == '$Domain') { continue; } // Sanitize $_COOKIE $_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_COOKIE = array(); } // Create a singleton self::$instance = $this; Kohana::log('debug', 'Global GET, POST and COOKIE data sanitized'); } }
/** * Sanitizes global GET, POST and COOKIE data. Also takes care of * magic_quotes and register_globals, if they have been enabled. * * @return void */ public function __construct() { // Use XSS clean? $this->use_xss_clean = (bool) Eight::config('core.global_xss_filtering'); if (self::$instance === nil) { // Convert all global variables to UTF-8. $_GET = Input::clean($_GET); $_POST = Input::clean($_POST); $_COOKIE = Input::clean($_COOKIE); $_SERVER = Input::clean($_SERVER); if (PHP_SAPI == 'cli') { // Convert command line arguments $_SERVER['argv'] = Input::clean($_SERVER['argv']); } // magic_quotes_runtime is enabled if (get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); Eight::log('debug', 'Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes'); } // magic_quotes_gpc is enabled if (get_magic_quotes_gpc()) { $this->magic_quotes_gpc = YES; Eight::log('debug', 'Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes'); } // register_globals is enabled if (ini_get('register_globals')) { if (isset($_REQUEST['GLOBALS'])) { // Prevent GLOBALS override attacks exit('Global variable overload attack.'); } // Destroy the REQUEST global $_REQUEST = array(); // These globals are standard and should not be removed $preserve = array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION'); // This loop has the same effect as disabling register_globals foreach ($GLOBALS as $key => $val) { if (!in_array($key, $preserve)) { global ${$key}; ${$key} = nil; // Unset the global variable unset($GLOBALS[$key], ${$key}); } } // Warn the developer about register globals Eight::log('debug', 'Disable register_globals! It is evil and deprecated: http://php.net/register_globals'); } if (is_array($_GET)) { foreach ($_GET as $key => $val) { // Sanitize $_GET $_GET[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_GET = array(); } if (is_array($_POST)) { foreach ($_POST as $key => $val) { // Sanitize $_POST $_POST[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_POST = array(); } if (is_array($_COOKIE)) { foreach ($_COOKIE as $key => $val) { // Sanitize $_COOKIE $_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_COOKIE = array(); } // Create a singleton self::$instance = $this; Eight::log('debug', 'Global GET, POST and COOKIE data sanitized'); } // Assign global vars to request helper vars request::$get = $_GET; request::$post = $_POST; request::$input = array_merge(URI::instance()->segments(2, YES), $_REQUEST); }