Rewrites on security functions (do not call them for your own)
authorRoland Häder <roland@mxchange.org>
Sun, 14 Feb 2010 12:55:45 +0000 (12:55 +0000)
committerRoland Häder <roland@mxchange.org>
Sun, 14 Feb 2010 12:55:45 +0000 (12:55 +0000)
inc/db/lib-mysql3.php
inc/libs/security_functions.php

index a3b5af0..c7cc26c 100644 (file)
@@ -225,7 +225,7 @@ function SQL_CONNECT ($host, $login, $password, $F, $L) {
        SQL_SET_LINK($connect);
 
        // Destroy cache
-       unset($GLOBALS['sql_link_res']);
+       unset($GLOBALS['is_sql_link_up']);
 }
 
 // SQL select database
@@ -252,7 +252,7 @@ function SQL_CLOSE ($F, $L) {
        SQL_SET_LINK(null);
 
        // Destroy cache
-       unset($GLOBALS['sql_link_res']);
+       unset($GLOBALS['is_sql_link_up']);
 
        // Return the result
        return $close;
@@ -530,15 +530,15 @@ function SQL_IS_LINK_UP () {
        $linkUp = false;
 
        // Do we have cached this?
-       if (isset($GLOBALS['sql_link_res'])) {
+       if (isset($GLOBALS['is_sql_link_up'])) {
                // Then use this
-               $linkUp = $GLOBALS['sql_link_res'];
+               $linkUp = $GLOBALS['is_sql_link_up'];
        } else {
                // Get it
                $linkUp = is_resource(SQL_GET_LINK());
 
                // And cache it
-               $GLOBALS['sql_link_res'] = $linkUp;
+               $GLOBALS['is_sql_link_up'] = $linkUp;
        }
 
        // Return the result
index 1d13273..da415b9 100644 (file)
@@ -37,7 +37,7 @@
  * MA  02110-1301  USA                                                  *
  ************************************************************************/
 
-// Run only once this security check/exchange
+// Run only once this security check/replacement
 if (defined('__SECURITY')) return;
 
 // Some security stuff...
@@ -69,6 +69,68 @@ function secureString ($str, $strip = true, $encode = false) {
        return $str;
 }
 
+/**
+ * Secures $_SERVER['PHP_SELF'] against attacks
+ *
+ * @return     void
+ */
+function securePhpSelf () {
+       // Did it run before?
+       if (isset($GLOBALS['php_self_secured'])) {
+               // Please do not call this twice!
+               die('PHP_SELF is already secured. Please do not call ' . __FUNCTION__ . ' for your self.');
+       } // END - if
+
+       // Secure the string
+       $_SERVER['PHP_SELF'] = secureString($_SERVER['PHP_SELF']);
+
+       // Split it up into path and filename
+       $phpSelfDirectory = dirname($_SERVER['PHP_SELF']);
+       $phpSelfFile      = basename($_SERVER['PHP_SELF']);
+
+       // Check for a .php inside the $phpSelfDirectory...
+       while (ereg('.php', $phpSelfDirectory)) {
+               // Correct the dirname
+               $phpSelfDirectory = substr($phpSelfDirectory, 0, (strpos($phpSelfDirectory, '.php') + 4));
+               // Rewrite filename...
+               $phpSelfFile = basename($phpSelfDirectory);
+               // ... and dirname
+               $phpSelfDirectory = dirname($phpSelfDirectory);
+       } // END - while
+
+       // Put both together again and let's pray it is secured now...
+       $_SERVER['PHP_SELF'] = $phpSelfDirectory . '/' . $phpSelfFile;
+
+       // Did run...
+       $GLOBALS['php_self_secured'] = true;
+
+       // Remove uneccessary variables
+       unset($phpSelfDirectory);
+       unset($phpSelfFile);
+}
+
+/**
+ * Detects caching in PHP
+ *
+ * @return     void
+ */
+function detectPhpCaching () {
+       // Activate caching or transparent compressing when it is not already done
+       if (phpversion() >= '4.0.4pl1' && (strstr(getenv('HTTP_USER_AGENT'),'compatible') || (strstr(getenv('HTTP_USER_AGENT'), 'Mozilla')))) {
+               if ((extension_loaded('zlib')) && (function_exists('ob_start'))) {
+                       // Start caching
+                       $GLOBALS['php_caching'] = 'on';
+                       ob_start();
+               } else {
+                       // Extension not loaded or required function is missing
+                       $GLOBALS['php_caching'] = '404';
+               }
+       } else {
+               // Old PHP version
+               $GLOBALS['php_caching'] = 'old';
+       }
+}
+
 // Runtime/GPC quoting is off now...
 set_magic_quotes_runtime(false);
 ini_set('magic_quotes_gpc', false); // This may not work on some systems
@@ -149,44 +211,11 @@ if (is_array($_GET)) {
        } // END - foreach
 } // END - if
 
-// Activate caching or transparent compressing when it is not already done
-if (phpversion() >= '4.0.4pl1' && (strstr(getenv('HTTP_USER_AGENT'),'compatible') || (strstr(getenv('HTTP_USER_AGENT'), 'Mozilla')))) {
-       if ((extension_loaded('zlib')) && (function_exists('ob_start'))) {
-               // Start caching
-               $GLOBALS['php_caching'] = 'on';
-               ob_start();
-       } else {
-               // Extension not loaded or required function is missing
-               $GLOBALS['php_caching'] = '404';
-       }
-} else {
-       // Old PHP version
-       $GLOBALS['php_caching'] = 'old';
-}
+// Detect PHP caching
+detectPhpCaching();
 
 // At last secure the $_SERVER['PHP_SELF'] element
-$_SERVER['PHP_SELF'] = secureString($_SERVER['PHP_SELF']);
-
-// Split it up into path and filename
-$phpSelfDirectory = dirname($_SERVER['PHP_SELF']);
-$phpSelfFile      = basename($_SERVER['PHP_SELF']);
-
-// Check for a .php inside the $phpSelfDirectory...
-while (ereg('.php', $phpSelfDirectory)) {
-       // Correct the dirname
-       $phpSelfDirectory = substr($phpSelfDirectory, 0, (strpos($phpSelfDirectory, '.php') + 4));
-       // Rewrite filename...
-       $phpSelfFile = basename($phpSelfDirectory);
-       // ... and dirname
-       $phpSelfDirectory = dirname($phpSelfDirectory);
-} // END - while
-
-// Put both together again and let's pray it is secured now...
-$_SERVER['PHP_SELF'] = $phpSelfDirectory . '/' . $phpSelfFile;
-
-// Remove uneccessary variables
-unset($phpSelfDirectory);
-unset($phpSelfFile);
+securePhpSelf();
 
 // Security system loaded...
 define('__SECURITY', 1);