diff -r 0931d60f5bdb -r 2b2084ca1e60 includes/common.php~ --- a/includes/common.php~ Wed Jun 13 16:32:27 2007 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,227 +0,0 @@ - -
Hacking attempt using PHP $GLOBALS overwrite vulnerability detected, reported to admin
You're worse than this guy! Unless you are this guy...
Powered by Enano and valid XHTML 1.1
- Powered by debugConsole'); -dc_here('common: including files'); -require_once(ENANO_ROOT.'/includes/functions.php'); -require_once(ENANO_ROOT.'/includes/dbal.php'); -require_once(ENANO_ROOT.'/includes/paths.php'); -require_once(ENANO_ROOT.'/includes/sessions.php'); -require_once(ENANO_ROOT.'/includes/template.php'); -require_once(ENANO_ROOT.'/includes/plugins.php'); -require_once(ENANO_ROOT.'/includes/comment.php'); -require_once(ENANO_ROOT.'/includes/wikiformat.php'); -require_once(ENANO_ROOT.'/includes/diff.php'); -require_once(ENANO_ROOT.'/includes/render.php'); -require_once(ENANO_ROOT.'/includes/stats.php'); -require_once(ENANO_ROOT.'/includes/pageutils.php'); -require_once(ENANO_ROOT.'/includes/js-compressor.php'); -require_once(ENANO_ROOT.'/includes/rijndael.php'); -require_once(ENANO_ROOT.'/includes/email.php'); -require_once(ENANO_ROOT.'/includes/search.php'); -require_once(ENANO_ROOT.'/includes/json.php'); -require_once(ENANO_ROOT.'/includes/wikiengine/Tables.php'); - -strip_magic_quotes_gpc(); - -// Enano has five parts: the database abstraction layer (DBAL), the session manager, the path/URL manager, the template engine, and the plugin manager. -// Each part has its own class and a global var; nearly all Enano functions are handled by one of these five components. - -global $db, $session, $paths, $template, $plugins; // Common objects -global $enano_config; // A global used to cache config information without making loads of queries ;-) - // In addition, $enano_config is used to fetch config information if die_semicritical() is called. - -global $email; - -if(!isset($_SERVER['HTTP_HOST'])) grinding_halt('Cannot get hostname', 'Your web browser did not provide the HTTP Host: field. This site requires a modern browser that supports the HTTP 1.1 standard.
'); - -$db = new mysql(); -dc_here('common: calling $db->connect();'); -$db->connect(); // Redirects to install.php if an installation is not detected - -if(strstr(contentPath, '?')) $sep = '&'; -else $sep = '?'; -define('urlSeparator', $sep); -unset($sep); // save 10 bytes of memory... - -// See if any diagnostic actions have been requested -if ( isset($_GET['do']) && $_GET['do'] == 'diag' && isset($_GET['sub']) ) -{ - switch($_GET['sub']) - { - case 'cookie_destroy': - unset($_COOKIE['sid']); - setcookie('sid', '', time()-3600*24, scriptPath); - setcookie('sid', '', time()-3600*24, scriptPath.'/'); - die('Session cookie cleared. Continue'); - break; - } -} - -// Select and fetch the site configuration -dc_here('common: selecting global config data'); -$e = $db->sql_query('SELECT config_name, config_value FROM '.table_prefix.'config;'); -if(!$e) $db->_die('Some critical configuration information could not be selected.'); -else define('ENANO_CONFIG_FETCHED', ''); // Used in die_semicritical to figure out whether to call getConfig() or not - -dc_here('common: fetching $enano_config'); -$enano_config = Array(); -while($r = $db->fetchrow()) -{ - $enano_config[$r['config_name']] = $r['config_value']; -} - -$db->free_result(); - -if(enano_version(false, true) != $version) -{ - grinding_halt('Version mismatch', 'It seems that the Enano release we\'re trying to run ('.$version.') is different from the version specified in your database ('.enano_version().'). Perhaps you need to upgrade?
'); -} - -// Our list of tables included in Enano -$system_table_list = Array( - table_prefix.'categories', - table_prefix.'comments', - table_prefix.'config', - table_prefix.'logs', - table_prefix.'page_text', - table_prefix.'session_keys', - table_prefix.'pages', - table_prefix.'users', - table_prefix.'themes', - table_prefix.'buddies', - table_prefix.'banlist', - table_prefix.'files', - table_prefix.'privmsgs', - table_prefix.'sidebar', - table_prefix.'hits', - table_prefix.'search_index', - table_prefix.'groups', - table_prefix.'group_members', - table_prefix.'acl', - table_prefix.'search_cache' - ); - -dc_here('common: initializing base classes'); -$plugins = new pluginLoader(); - -// So where does the majority of Enano get executed? How about the next nine lines of code :) -dc_here('common: ok, we\'re set up, starting mainstream execution'); - -$plugins->loadAll(); -dc_here('common: loading plugins'); - global $plugins; - foreach($plugins->load_list as $f) { include_once $f; } // Can't be in object context when this is done - -$session = new sessionManager(); -$paths = new pathManager(); -$template = new template(); -$email = new EmailEncryptor(); - -define('ENANO_BASE_CLASSES_INITIALIZED', ''); - -$code = $plugins->setHook('base_classes_initted'); -foreach ( $code as $cmd ) -{ - eval($cmd); -} - -$p = RenderMan::strToPageId($paths->get_pageid_from_url()); -if( ( $p[1] == 'Admin' || $p[1] == 'Special' ) && function_exists('page_'.$p[1].'_'.$p[0].'_preloader')) -{ - @call_user_func('page_'.$p[1].'_'.$p[0].'_preloader'); -} - -$session->start(); -$paths->init(); - -define('ENANO_MAINSTREAM', ''); - -// If the site is disabled, bail out, unless we're trying to log in or administer the site -if(getConfig('site_disabled') == '1') -{ - if ( $paths->namespace == 'Admin' || ( $paths->namespace == 'Special' && ( $paths->cpage['urlname_nons'] == 'CSS' || $paths->cpage['urlname_nons'] == 'Administration' || $paths->cpage['urlname_nons'] == 'Login' ) ) ) - { - // do nothing; allow execution to continue - } - else - { - if(!$n = getConfig('site_disabled_notice')) $n = 'The administrator has disabled the site. Please check back later.'; - - $text = RenderMan::render($n) . ' -