Remove references to 'register_globals' directive

The PHP directive 'register_globals' has been deprecated in PHP 5.3 and removed in 5.4 [1]. Since we now require PHP 5.5, references to it can be removed from the MantisBT code base. [1] http://php.net/manual/en/security.globals.php Fixes #22237
mantisbt · Jan 24, 2017 · 3c01d50 · 3c01d50
1 parent 8e3e814
commit 3c01d50
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 31 deletions.
diff --git a/admin/check/check_php_inc.php b/admin/check/check_php_inc.php
@@ -89,12 +89,6 @@
 	array( false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.' )
 );
 
-check_print_test_row(
-	'register_globals php.ini directive is disabled',
-	!ini_get_bool( 'register_globals' ),
-	array( false => 'PHP\'s register globals feature is <a href="http://php.net/manual/en/security.globals.php">deprecated in PHP 5.3.0</a> and should not be used.' )
-);
-
 check_print_test_warn_row(
 	'register_argc_argv php.ini directive is disabled',
 	!ini_get_bool( 'register_argc_argv' ),
@@ -154,7 +148,7 @@
 
 check_print_info_row(
 	'php.ini directive: upload_max_filesize',
-	check_format_number( ini_get_number( 'upload_max_filesize' ) ) 
+	check_format_number( ini_get_number( 'upload_max_filesize' ) )
 );
 
 check_print_test_row(

diff --git a/admin/install.php b/admin/install.php
@@ -1203,10 +1203,6 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
 <div class="table-responsive">
 <table class="table table-bordered table-condensed">
 
-
-<!-- Checking register_globals are off -->
-<?php print_test( 'Checking for register_globals are off for mantis', !ini_get_bool( 'register_globals' ), false, 'change php.ini to disable register_globals setting' )?>
-
 <tr>
 	<td>
 		Attempting to connect to database as user

diff --git a/core/custom_field_api.php b/core/custom_field_api.php
@@ -82,11 +82,6 @@ function custom_field_allow_manage_display( $p_type, $p_display ) {
 	return false;
 }
 
-
-# ########################################
-# SECURITY NOTE: cache globals are initialized here to prevent them
-#   being spoofed if register_globals is turned on
-
 $g_cache_custom_field = array();
 $g_cache_cf_list = null;
 $g_cache_cf_linked = array();
@@ -597,7 +592,7 @@ function custom_field_update( $p_field_id, array $p_def_array ) {
 		return true;
 	}
 
-	# Reset the parameter count manually since the query was not executed	
+	# Reset the parameter count manually since the query was not executed
 	db_param_pop();
 
 	return false;

diff --git a/core/filter_api.php b/core/filter_api.php
@@ -1544,8 +1544,8 @@ function filter_get_bug_rows_query_clauses( array $p_filter, $p_project_id = nul
 		$t_where_params[] = strtotime( $t_end_string );
 		array_push( $t_project_where_clauses, '({bug}.date_submitted BETWEEN ' . db_param() . ' AND ' . db_param() . ' )' );
 	}
-	
-	
+
+
 	# last update date filter
 	if( ( 'on' == $t_filter[FILTER_PROPERTY_FILTER_BY_LAST_UPDATED_DATE] )
 			&& is_numeric( $t_filter[FILTER_PROPERTY_LAST_UPDATED_START_MONTH] )
@@ -2503,7 +2503,7 @@ function filter_draw_selection_area2( $p_page_number, $p_for_screen = true, $p_e
 
 	# expanded
 	echo '<div class="form-inline">';
-	echo '<input type="text" id="filter-search-txt" class="input-sm" size="16" name="', FILTER_PROPERTY_SEARCH, '" 
+	echo '<input type="text" id="filter-search-txt" class="input-sm" size="16" name="', FILTER_PROPERTY_SEARCH, '"
 		placeholder="' . lang_get( 'search' ) . '" value="', string_attribute( $t_filter[FILTER_PROPERTY_SEARCH] ), '" />';
 	?>
 	<input type="submit" class="btn btn-primary btn-sm btn-white btn-round no-float" name="filter" value="<?php echo lang_get( 'filter_button' )?>" />
@@ -2566,8 +2566,6 @@ function filter_draw_selection_area2( $p_page_number, $p_for_screen = true, $p_e
 # CACHING
 # ==========================================================================
 
-# @internal SECURITY NOTE: cache globals are initialized here to prevent them
-# being spoofed if register_globals is turned on.
 # We cache filter requests to reduce the number of SQL queries
 # @global array $g_cache_filter
 # @global array $g_cache_filter_db_filters
@@ -3180,7 +3178,7 @@ function filter_gpc_get( array $p_filter = null ) {
 	$f_last_updated_end_day				= gpc_get_int( FILTER_PROPERTY_LAST_UPDATED_END_DAY, $t_filter[FILTER_PROPERTY_LAST_UPDATED_END_DAY] );
 	$f_last_updated_start_year			= gpc_get_int( FILTER_PROPERTY_LAST_UPDATED_START_YEAR, $t_filter[FILTER_PROPERTY_LAST_UPDATED_START_YEAR] );
 	$f_last_updated_end_year			= gpc_get_int( FILTER_PROPERTY_LAST_UPDATED_END_YEAR, $t_filter[FILTER_PROPERTY_LAST_UPDATED_END_YEAR] );
-	
+
 	$f_search				= gpc_get_string( FILTER_PROPERTY_SEARCH, $t_filter[FILTER_PROPERTY_SEARCH] );
 	$f_view_state			= gpc_get_int( FILTER_PROPERTY_VIEW_STATE, $t_filter[FILTER_PROPERTY_VIEW_STATE] );
 

diff --git a/core/sponsorship_api.php b/core/sponsorship_api.php
@@ -92,10 +92,6 @@ class SponsorshipData {
 	public $last_updated = '';
 }
 
-# ########################################
-# SECURITY NOTE: cache globals are initialized here to prevent them
-#   being spoofed if register_globals is turned on
-
 $g_cache_sponsorships = array();
 
 /**

diff --git a/core/user_pref_api.php b/core/user_pref_api.php
@@ -279,10 +279,6 @@ function Get( $p_string ) {
 	}
 }
 
-# ########################################
-# SECURITY NOTE: cache globals are initialized here to prevent them
-#   being spoofed if register_globals is turned on
-
 $g_cache_user_pref = array();
 $g_cache_current_user_pref = array();