Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Remove JRequest:clean().

This means we don't support register globals anymore.
  • Loading branch information...
commit a76ed4bf055c583e29d85c3f02099f6c20da028a 1 parent f9679ba
@realityking realityking authored
Showing with 5 additions and 79 deletions.
  1. +5 −24 libraries/import.php
  2. +0 −55 libraries/joomla/environment/request.php
View
29 libraries/import.php
@@ -50,34 +50,15 @@ class_exists('JLoader') or die;
// Setup the autoloaders.
JLoader::setup();
-/**
- * Import the base Joomla Platform libraries.
- */
-
-// Import the factory library.
+// Import the base Joomla Platform libraries.
JLoader::import('joomla.factory');
-
-// Import the exception and error handling libraries.
JLoader::import('joomla.error.exception');
-
-/*
- * If the HTTP_HOST environment variable is set we assume a Web request and
- * thus we import the request library and most likely clean the request input.
- */
-if (isset($_SERVER['HTTP_HOST']))
-{
- JLoader::register('JRequest', JPATH_PLATFORM . '/joomla/environment/request.php');
-
- // If an application flags it doesn't want this, adhere to that.
- if (!defined('_JREQUEST_NO_CLEAN') && (bool) ini_get('register_globals'))
- {
- JRequest::clean();
- }
-}
-
-// Import the base object library.
JLoader::import('joomla.base.object');
+// Register JRequest for legacy reasons
+JLoader::register('JRequest', JPATH_PLATFORM . '/joomla/environment/request.php');
+
// Register classes that don't follow one file per class naming conventions.
JLoader::register('JText', JPATH_PLATFORM . '/joomla/methods.php');
JLoader::register('JRoute', JPATH_PLATFORM . '/joomla/methods.php');
+
View
55 libraries/joomla/environment/request.php
@@ -533,61 +533,6 @@ public static function checkToken($method = 'post')
}
/**
- * Cleans the request from script injection.
- *
- * @return void
- *
- * @since 11.1
- *
- * @deprecated 12.1
- */
- public static function clean()
- {
- // Only run this if register globals is on.
- // Remove this code when PHP 5.4 becomes the minimum requirement.
- if (!(bool) ini_get('register_globals'))
- {
- return;
- }
-
- $REQUEST = $_REQUEST;
- $GET = $_GET;
- $POST = $_POST;
- $COOKIE = $_COOKIE;
- $FILES = $_FILES;
- $ENV = $_ENV;
- $SERVER = $_SERVER;
-
- if (isset($_SESSION))
- {
- $SESSION = $_SESSION;
- }
-
- foreach ($GLOBALS as $key => $value)
- {
- if ($key != 'GLOBALS')
- {
- unset($GLOBALS[$key]);
- }
- }
- $_REQUEST = $REQUEST;
- $_GET = $GET;
- $_POST = $POST;
- $_COOKIE = $COOKIE;
- $_FILES = $FILES;
- $_ENV = $ENV;
- $_SERVER = $SERVER;
-
- if (isset($SESSION))
- {
- $_SESSION = $SESSION;
- }
-
- // Make sure the request hash is clean on file inclusion
- $GLOBALS['_JREQUEST'] = array();
- }
-
- /**
* Clean up an input variable.
*
* @param mixed $var The input variable.
Please sign in to comment.
Something went wrong with that request. Please try again.