diff -r 902822492a68 -r fe660c52c48f includes/common.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/includes/common.php Wed Jun 13 16:07:17 2007 -0400 @@ -0,0 +1,228 @@ + +
Hacking attempt using PHP $GLOBALS overwrite vulnerability detected, reported to admin
You're worse than this guy! Unless you are this guy...
Powered by Enano and valid XHTML 1.1
+ Powered by debugConsole'); +dc_here('common: including files'); +require_once(ENANO_ROOT.'/includes/functions.php'); +require_once(ENANO_ROOT.'/includes/dbal.php'); +require_once(ENANO_ROOT.'/includes/paths.php'); +require_once(ENANO_ROOT.'/includes/sessions.php'); +require_once(ENANO_ROOT.'/includes/template.php'); +require_once(ENANO_ROOT.'/includes/plugins.php'); +require_once(ENANO_ROOT.'/includes/comment.php'); +require_once(ENANO_ROOT.'/includes/wikiformat.php'); +require_once(ENANO_ROOT.'/includes/diff.php'); +require_once(ENANO_ROOT.'/includes/render.php'); +require_once(ENANO_ROOT.'/includes/stats.php'); +require_once(ENANO_ROOT.'/includes/pageutils.php'); +require_once(ENANO_ROOT.'/includes/js-compressor.php'); +require_once(ENANO_ROOT.'/includes/rijndael.php'); +require_once(ENANO_ROOT.'/includes/email.php'); +require_once(ENANO_ROOT.'/includes/search.php'); +require_once(ENANO_ROOT.'/includes/json.php'); +require_once(ENANO_ROOT.'/includes/wikiengine/Tables.php'); +require_once(ENANO_ROOT.'/includes/pageprocess.php'); + +strip_magic_quotes_gpc(); + +// Enano has five parts: the database abstraction layer (DBAL), the session manager, the path/URL manager, the template engine, and the plugin manager. +// Each part has its own class and a global var; nearly all Enano functions are handled by one of these five components. + +global $db, $session, $paths, $template, $plugins; // Common objects +global $enano_config; // A global used to cache config information without making loads of queries ;-) + // In addition, $enano_config is used to fetch config information if die_semicritical() is called. + +global $email; + +if(!isset($_SERVER['HTTP_HOST'])) grinding_halt('Cannot get hostname', 'Your web browser did not provide the HTTP Host: field. This site requires a modern browser that supports the HTTP 1.1 standard.
'); + +$db = new mysql(); +dc_here('common: calling $db->connect();'); +$db->connect(); // Redirects to install.php if an installation is not detected + +if(strstr(contentPath, '?')) $sep = '&'; +else $sep = '?'; +define('urlSeparator', $sep); +unset($sep); // save 10 bytes of memory... + +// See if any diagnostic actions have been requested +if ( isset($_GET['do']) && $_GET['do'] == 'diag' && isset($_GET['sub']) ) +{ + switch($_GET['sub']) + { + case 'cookie_destroy': + unset($_COOKIE['sid']); + setcookie('sid', '', time()-3600*24, scriptPath); + setcookie('sid', '', time()-3600*24, scriptPath.'/'); + die('Session cookie cleared. Continue'); + break; + } +} + +// Select and fetch the site configuration +dc_here('common: selecting global config data'); +$e = $db->sql_query('SELECT config_name, config_value FROM '.table_prefix.'config;'); +if(!$e) $db->_die('Some critical configuration information could not be selected.'); +else define('ENANO_CONFIG_FETCHED', ''); // Used in die_semicritical to figure out whether to call getConfig() or not + +dc_here('common: fetching $enano_config'); +$enano_config = Array(); +while($r = $db->fetchrow()) +{ + $enano_config[$r['config_name']] = $r['config_value']; +} + +$db->free_result(); + +if(enano_version(false, true) != $version) +{ + grinding_halt('Version mismatch', 'It seems that the Enano release we\'re trying to run ('.$version.') is different from the version specified in your database ('.enano_version().'). Perhaps you need to upgrade?
'); +} + +// Our list of tables included in Enano +$system_table_list = Array( + table_prefix.'categories', + table_prefix.'comments', + table_prefix.'config', + table_prefix.'logs', + table_prefix.'page_text', + table_prefix.'session_keys', + table_prefix.'pages', + table_prefix.'users', + table_prefix.'themes', + table_prefix.'buddies', + table_prefix.'banlist', + table_prefix.'files', + table_prefix.'privmsgs', + table_prefix.'sidebar', + table_prefix.'hits', + table_prefix.'search_index', + table_prefix.'groups', + table_prefix.'group_members', + table_prefix.'acl', + table_prefix.'search_cache' + ); + +dc_here('common: initializing base classes'); +$plugins = new pluginLoader(); + +// So where does the majority of Enano get executed? How about the next nine lines of code :) +dc_here('common: ok, we\'re set up, starting mainstream execution'); + +$plugins->loadAll(); +dc_here('common: loading plugins'); + global $plugins; + foreach($plugins->load_list as $f) { include_once $f; } // Can't be in object context when this is done + +$session = new sessionManager(); +$paths = new pathManager(); +$template = new template(); +$email = new EmailEncryptor(); + +define('ENANO_BASE_CLASSES_INITIALIZED', ''); + +$code = $plugins->setHook('base_classes_initted'); +foreach ( $code as $cmd ) +{ + eval($cmd); +} + +$p = RenderMan::strToPageId($paths->get_pageid_from_url()); +if( ( $p[1] == 'Admin' || $p[1] == 'Special' ) && function_exists('page_'.$p[1].'_'.$p[0].'_preloader')) +{ + @call_user_func('page_'.$p[1].'_'.$p[0].'_preloader'); +} + +$session->start(); +$paths->init(); + +define('ENANO_MAINSTREAM', ''); + +// If the site is disabled, bail out, unless we're trying to log in or administer the site +if(getConfig('site_disabled') == '1') +{ + if ( $paths->namespace == 'Admin' || ( $paths->namespace == 'Special' && ( $paths->cpage['urlname_nons'] == 'CSS' || $paths->cpage['urlname_nons'] == 'Administration' || $paths->cpage['urlname_nons'] == 'Login' ) ) ) + { + // do nothing; allow execution to continue + } + else + { + if(!$n = getConfig('site_disabled_notice')) $n = 'The administrator has disabled the site. Please check back later.'; + + $text = RenderMan::render($n) . ' +