diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-12-21 20:05:27 -0800 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-12-21 20:05:27 -0800 |
| commit | 9285c8c66c530196399eb05bb5561c3fa5538335 (patch) | |
| tree | 7cec68583c01b5b365e7669fefc1adc6360e89a5 /system/core/Kohana.php | |
| parent | 9c5df1d31bd214fab051b71d092c751a1da20ecc (diff) | |
Updated Kohana to r4724
Diffstat (limited to 'system/core/Kohana.php')
| -rw-r--r-- | system/core/Kohana.php | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/system/core/Kohana.php b/system/core/Kohana.php index 5258d635..740adb80 100644 --- a/system/core/Kohana.php +++ b/system/core/Kohana.php @@ -2,7 +2,7 @@ /** * Provides Kohana-specific helper functions. This is where the magic happens! * - * $Id: Kohana.php 4679 2009-11-10 01:45:52Z isaiah $ + * $Id: Kohana.php 4724 2009-12-21 16:28:54Z isaiah $ * * @package Core * @author Kohana Team @@ -45,6 +45,9 @@ abstract class Kohana_Core { protected static $internal_cache_key; protected static $internal_cache_encrypt; + // Server API that PHP is using. Allows testing of different APIs. + public static $server_api = PHP_SAPI; + /** * Sets up the PHP environment. Adds error/exception handling, output * buffering, and adds an auto-loading method for loading classes. @@ -162,6 +165,35 @@ abstract class Kohana_Core { // Set and validate the timezone date_default_timezone_set(Kohana::config('locale.timezone')); + // register_globals is enabled + if (ini_get('register_globals')) + { + if (isset($_REQUEST['GLOBALS'])) + { + // Prevent GLOBALS override attacks + exit('Global variable overload attack.'); + } + + // Destroy the REQUEST global + $_REQUEST = array(); + + // These globals are standard and should not be removed + $preserve = array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION'); + + // This loop has the same effect as disabling register_globals + foreach (array_diff(array_keys($GLOBALS), $preserve) as $key) + { + global $$key; + $$key = NULL; + + // Unset the global variable + unset($GLOBALS[$key], $$key); + } + + // Warn the developer about register globals + Kohana_Log::add('debug', 'Disable register_globals! It is evil and deprecated: http://php.net/register_globals'); + } + // Enable Kohana routing Event::add('system.routing', array('Router', 'find_uri')); Event::add('system.routing', array('Router', 'setup')); @@ -602,7 +634,7 @@ abstract class Kohana_Core { header('Content-Encoding: '.$compress); // Sending Content-Length in CGI can result in unexpected behavior - if (stripos(PHP_SAPI, 'cgi') === FALSE) + if (stripos(Kohana::$server_api, 'cgi') === FALSE) { header('Content-Length: '.strlen($output)); } @@ -876,9 +908,6 @@ abstract class Kohana_Core { $group = explode('.', $key, 2); $group = $group[0]; - // Get locale name - $locale = Kohana::config('locale.language.0'); - if ( ! isset(Kohana::$internal_cache['messages'][$group])) { // Messages for this group |