MegaSecurityPatch from DrDios:
in includes/library.php:
____FIND______
function returnGlobal($var,$type)
{
if (phpversion() >= "4.1.0")
{
if ($type == "SERVER")
{
return $_SERVER[$var];
}
if ($type == "POST")
{
return $_POST[$var];
}
if ($type == "GET")
{
return $_GET[$var];
}
if ($type == "SESSION")
{
return $_SESSION[$var];
}
if ($type == "REQUEST")
{
return $_REQUEST[$var];
}
if ($type == "COOKIE")
{
return $_COOKIE[$var];
}
}
else
{
global $$var;
return $$var;
}
}
// register_globals cheat code
if (ini_get(register_globals) != "1")
{
//GET and POST VARS
while (list($key, $val) = @each($_REQUEST))
{
$GLOBALS[$key] = $val;
}
//$HTTP_SESSION_VARS
while (list($key, $val) = @each($_SESSION))
{
$GLOBALS[$key] = $val;
}
//$HTTP_SERVER_VARS
while (list($key, $val) = @each($_SERVER))
{
$GLOBALS[$key] = $val;
}
}
$msg = returnGlobal('msg','GET');
$session = returnGlobal('session','GET');
$logout = returnGlobal('logout','GET');
$idSession = returnGlobal('idSession','SESSION');
$dateunixSession = returnGlobal('dateunixSession','SESSION');
$loginSession = returnGlobal('loginSession','SESSION');
$profilSession = returnGlobal('profilSession','SESSION');
$logouttimeSession = returnGlobal('logouttimeSession','SESSION');
____REPLACE_____
Function spechars ($return)
{ $return= str_replace('"','"',$return);
$return= str_replace("'",''',$return);
$return= str_replace('=','=',$return);
$return= str_replace('$','$',$return);
$return= str_replace("\\",'\',$return);
return $return;
}
function returnGlobal($var,$type)
{
if (phpversion() >= "4.1.0")
{
if ($type == "SERVER")
{
$return= $_SERVER[$var];
}
if ($type == "POST")
{
$return= $_POST[$var];
}
if ($type == "GET")
{
$return= $_GET[$var];
}
if ($type == "SESSION")
{
$return= $_SESSION[$var];
}
if ($type == "REQUEST")
{
$return= $_REQUEST[$var];
}
if ($type == "COOKIE")
{
$return= $_COOKIE[$var];
}
return spechars($return);
}
else
{
global $$var;
return $$var;
}
}
// register_globals cheat code
//GET and POST VARS
while (list($key, $val) = @each($_REQUEST))
{
$GLOBALS[$key] = spechars($val);
}
//$HTTP_SESSION_VARS
while (list($key, $val) = @each($_SESSION))
{
$GLOBALS[$key] = spechars($val);
}
//$HTTP_SERVER_VARS
while (list($key, $val) = @each($_SERVER))
{
$GLOBALS[$key] = spechars($val);
}
____! set register_globals = 0 _____
in php.ini
register_globals=0;
or create file .htaccess witch text:
php_value register_globals 1