Permalink
Browse files

Adding more obvious warnings re register_globals setting

  • Loading branch information...
1 parent 906b1fa commit 338cda06b98ab544477c4584c8ddbd0104c25684 Andrew Smith committed Oct 13, 2008
Showing with 89 additions and 79 deletions.
  1. +1 −1 gtd_constants.inc.php
  2. +24 −3 gtdfuncs.inc.php
  3. +1 −0 header.inc.php
  4. +4 −14 install.php
  5. +0 −2 preferences.php
  6. +59 −59 themes/menu_sidebar/style_screen.css
@@ -1,5 +1,5 @@
<?php
-define('_GTD_REVISION',551);
+define('_GTD_REVISION',553);
define('_GTD_VERSION','0.8z.07'); // DATABASE version
define('_GTDPHP_VERSION','0.9alpha'); // gtd-php version, as per the TRAC system
View
@@ -609,6 +609,24 @@ function saveConfig() { // store config preferences in the table
return $tst;
}
//----------------------------------------------------------------
+function checkRegisterGlobals() { // check php ini values are ok for utf-8
+ $out = (!ini_get('register_globals')) ? '' : <<<RGWARN
+<p class='warning'>
+<b>WARNING: Running in this configuration is not supported.</b> Your current
+PHP configuration has <tt>register globals</tt> set <tt>on</tt>. This creates
+security vulnerabilities, and may intefere with the running of gtd-php. You
+can continue, but the application will behave unpredictably and unreliably.
+You can switch <tt>register_globals</tt> off globally in php.ini, if you are
+confident that this will not intefere with any of the other PHP applications on
+this server. Or you can switch it off locally in the gtd-php installation
+directory by adding the following line to the <tt>.htaccess</tt> file in this
+directory:<br />
+<tt>php_flag register_globals off</tt>
+</p>
+RGWARN;
+ return $out;
+}
+//----------------------------------------------------------------
function checkUTF8() { // check php ini values are ok for utf-8
$passed=true;
@@ -620,17 +638,20 @@ function checkUTF8() { // check php ini values are ok for utf-8
}
if (stristr(ini_get('mbstring.http_input' ),'UTF-8')===false) {
- $_SESSION['message'][]='In php.ini, set mbstring.http_input=UTF-8,ASCII';
+ $_SESSION['message'][]="Either set mbstring.http_input=UTF-8,ASCII in php.ini;
+ or add this line to .htaccess: phpvalue mbstring.http_input UTF-8,ASCII";
$passed=false;
}
if (stristr(ini_get('mbstring.detect_order'),'UTF-8')===false) {
- $_SESSION['message'][]='In php.ini, set mbstring.detect_order=UTF-8,ASCII';
+ $_SESSION['message'][]="Either set mbstring.detect_order=UTF-8,ASCII in php.ini;
+ or add this line to .htaccess: phpvalue mbstring.detect_order UTF-8,ASCII";
$passed=false;
}
if (!(ini_get('mbstring.func_overload') & 6)) {
- $_SESSION['message'][]='In php.ini, set mbstring.func_overload=6';
+ $_SESSION['message'][]="Either set mbstring.func_overload=6 in php.ini;
+ or add this line to .htaccess: phpvalue mbstring.func_overload 6";
$passed=false;
}
View
@@ -5,4 +5,5 @@
echo "<div id='main'>\n";
log_array('$_SESSION','$_POST');
include_once 'showMessage.inc.php';
+echo checkRegisterGlobals();
?>
View
@@ -213,22 +213,12 @@ function checkInstall() {
global $versions,$tablelist,$checkState,$tablesByVersion;
register_shutdown_function('failDuringCheck');
$goodToGo=true; // assume we'll be able to upgrade, until we find something to stop us
+ require_once 'gtdfuncs.inc.php';
// check for register globals - instruct user to turn it off in .htaccess if it's on
$checkState='preflight';
- if(ini_get('register_globals')) {
- echo "<p class='warning'>Your current PHP configuration has <tt>register globals</tt> set <tt>on</tt>.",
- " This creates security vulnerabilities, and may intefere with the running of gtd-php. ",
- " You can continue with installation, but the application may behave unpredictably and unreliably. ",
- " Running in this configuration is not supported. ",
- " You can switch <tt>register_globals</tt> off globally in php.ini, if you are confident ",
- " that this will not intefere with any of the other PHP applications on this server. ",
- " Or you can switch it off locally in the gtd-php installation directory by adding the following line ",
- " to the <tt>.htaccess</tt> file in this directory:<br />"
- ,"<tt>php_flag register_globals off</tt></p>";
- }
-
- echo "<p>Read the <a href='INSTALL'>INSTALL</a> file for information on using this install/upgrade program</p>\n";
+
+ echo "<p>Read the <a href='INSTALL'>INSTALL</a> file for information on using this install/upgrade program</p>\n",checkRegisterGlobals();
if (_DEBUG) {
$included_files = get_included_files();
@@ -557,7 +547,7 @@ function doInstall($installType,$fromPrefix) {
if ($install_success) {
$title='Installation Complete';
require_once 'headerMenu.inc.php';
- echo "<div id='main'><p>Installation completed:
+ echo "<div id='main'>",checkRegisterGlobals(),"<p>Installation completed:
<a href='preferences.php'>Now check the preferences</a>,
and make any necessary changes</p>";
} else {
View
@@ -54,8 +54,6 @@ function makeOptionsTab($array,$values,$tabname,$varprefix='',$textsize=10) {
$menu='';
include_once 'header.inc.php';
retrieveConfig(); // force retrieval of preferences from db upon entering this screen, to avoid inter-session contamination
-if (ini_get('register_globals'))
- echo "<p class='warning'>Please turn register_globals off in php.ini or in .htaccess</p>";
$checkboxes='';
// get a list of theme sub-directories, to go into the dropdown selector
$themes=array();
@@ -1,59 +1,59 @@
-/*===================================================================================*/
-/* Layout code - float/position, display, margin, padding, width, height, text-align */
-/*===================================================================================*/
-
-#menulist a,
-#menulist a:link,
-#menulist a:visited {
- display: block;
- background: #fff;
- text-decoration: none;
-}
-#menulist a:hover {
- background: #eed;
- text-decoration: none;
-}
-
-
-#menulist {
- list-style: none;
- font-weight: bold;
- margin-top: -.5em;
- padding-right: 10px;
-}
-
-#menulist li {
- margin-left: 0;
- margin-bottom: 1em;
-}
-
-#menudiv .menuseparator {
- border-top: 1px solid #39c;
-}
-
-#menulist li ul li {
- list-style: none;
- font-weight: bold;
- margin: 0;
- padding: 1px;
- border-bottom: 1px solid #eed;
-}
-
-#menulist li ul {
- list-style: none;
- font-weight: bold;
- margin: 0;
- padding-left: 10px;
-}
-
-/*
-#main {
- overflow-x: scroll;
-}
-*/
-
-/*===================================================================================================*/
-/* non-layout code - font family, font size, font-weight, color, border, background, text decoration */
-/*===================================================================================================*/
-
-
+/*===================================================================================*/
+/* Layout code - float/position, display, margin, padding, width, height, text-align */
+/*===================================================================================*/
+
+#menulist a,
+#menulist a:link,
+#menulist a:visited {
+ display: block;
+ background: #fff;
+ text-decoration: none;
+}
+#menulist a:hover {
+ background: #eed;
+ text-decoration: none;
+}
+
+
+#menulist {
+ list-style: none;
+ font-weight: bold;
+ margin-top: -.5em;
+ padding-right: 10px;
+}
+
+#menulist li {
+ margin-left: 0;
+ margin-bottom: 1em;
+}
+
+#menudiv .menuseparator {
+ border-top: 1px solid #39c;
+}
+
+#menulist li ul li {
+ list-style: none;
+ font-weight: bold;
+ margin: 0;
+ padding: 1px;
+ border-bottom: 1px solid #eed;
+}
+
+#menulist li ul {
+ list-style: none;
+ font-weight: bold;
+ margin: 0;
+ padding-left: 10px;
+}
+
+/*
+#main {
+ overflow-x: scroll;
+}
+*/
+
+/*===================================================================================================*/
+/* non-layout code - font family, font size, font-weight, color, border, background, text decoration */
+/*===================================================================================================*/
+
+

0 comments on commit 338cda0

Please sign in to comment.