From 9e53bfc81c11a5880291e0c4ac3e84d84ad3f821 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Mon, 8 Mar 2004 01:51:32 +0000
Subject: [PATCH] Imported the register_globals hack from REL1_2. Also starting
 work on elimination of the use of import_request_variables (which gives us
 all the insecurity of register_globals). Uncomment the define of
 DEBUG_GLOBALS in index.php to turn on extra error reporting and trace down
 use of uninitialized variables and nassssty globals.

Also rearranged the magic_quotes fixing, may not yet cover everything...
---
 RELEASE-NOTES                |  3 ++-
 includes/DefaultSettings.php |  5 ++++
 includes/EditPage.php        |  4 +--
 includes/MessageCache.php    |  2 +-
 includes/Setup.php           | 11 ++------
 includes/Skin.php            |  2 +-
 includes/SpecialUpload.php   |  8 +++---
 includes/User.php            | 42 ++++++++++++-----------------
 index.php                    | 52 +++++++++++++++++++++++++++++++-----
 install-utils.inc            |  3 ---
 10 files changed, 79 insertions(+), 53 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index cc46dca3d0..45b8ba242a 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -29,12 +29,13 @@ New features in 1.2:
   privilege, such as the 'Developer' account created by the install.
 
 Fixes and tweaks:
+* Now works with register_globals off!
+* Works with short tags disabled.
 * Should work out of the box on MySQL 3.2.x again. On 4.x set
   $wgEnablePersistentLC = true; to turn on the link cache table
   for a slight rendering speed boost.
 * rebuildMessages.php can now selectively update new messages, or
   overwrite everything.
-* Works with short tags disabled.
 * Various bug fixes.
 * Other stuff we forgot.
 * Documentation more out of date than ever before!
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 0992bb7a3a..4a7fe1fa28 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -251,4 +251,9 @@ $wgSiteNotice = "";
 # Whether to allow anonymous users to set changes to 'minor'
 
 $wgAllowAnonymousMinor = false;
+
+if( !isset( $wgCommandLineMode ) ) {
+	$wgCommandLineMode = false;
+}
+
 ?>
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 6f06d0e5ad..6ea4472b45 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -308,10 +308,10 @@ class EditPage {
 		# if this is a comment, show a subject line at the top, which is also the edit summary.
 		# Otherwise, show a summary field at the bottom
 		if($section=="new") {
-
 			$commentsubject="{$subject}: <input tabindex=1 type=text value=\"{$wpSummary}\" name=\"wpSummary\" maxlength=200 size=60><br>";
+			$editsummary = "";
 		} else {
-
+			$commentsubject = "";
 			$editsummary="{$summary}: <input tabindex=3 type=text value=\"{$wpSummary}\" name=\"wpSummary\" maxlength=200 size=60><br>";
 		}
 
diff --git a/includes/MessageCache.php b/includes/MessageCache.php
index 5dd1516ddf..ed4e1de1bf 100755
--- a/includes/MessageCache.php
+++ b/includes/MessageCache.php
@@ -175,7 +175,7 @@ class MessageCache
 		if ( !$message && $useDB) {
 			$sql = "SELECT cur_text FROM cur WHERE cur_namespace=" . NS_MEDIAWIKI . 
 				" AND cur_title='$title'";
-			$res = wfQuery( $sql, DB_READ, $fname );
+			$res = wfQuery( $sql, DB_READ, "MessageCache::get" );
 
 			if ( wfNumRows( $res ) ) {
 				$obj = wfFetchObject( $res );
diff --git a/includes/Setup.php b/includes/Setup.php
index 98e3ba90af..f421e05aea 100644
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -64,21 +64,14 @@ global $wgBlockCache, $wgParserCache, $wgParser;
 # Useful debug output
 if ( function_exists( "getallheaders" ) ) {
 	wfDebug( "\nStart request\n" );
-	wfDebug( "$REQUEST_METHOD $REQUEST_URI\n" );
+	wfDebug( $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . "\n" );
 	$headers = getallheaders();
 	foreach ($headers as $name => $value) {
 		wfDebug( "$name: $value\n" );
 	}
 	wfDebug( "\n" );
 } else {
-	wfDebug( "$REQUEST_METHOD $REQUEST_URI\n" );
-}
-
-# Fix "magic" quotes
-if ( get_magic_quotes_gpc() ) {
-	foreach ( $_REQUEST as $field => $value ) {
-		$_REQUEST[$field] = stripslashes( $value );
-	}
+	wfDebug( $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . "\n" );
 }
 
 # Set up Memcached
diff --git a/includes/Skin.php b/includes/Skin.php
index f57466cb14..fc806400e7 100644
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -2354,7 +2354,7 @@ class Skin {
 				"sample"=>"",
 				"tip"=>wfMsg("hr_tip"))
 		);
-		$toolbar.="<script type='text/javascript'>\n";
+		$toolbar ="<script type='text/javascript'>\n";
 		$toolbar.="document.writeln(\"<div id='toolbar'>\");\n";
 		foreach($toolarray as $tool) {
 
diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php
index 5b35a58cd3..d0b5dfe8e0 100644
--- a/includes/SpecialUpload.php
+++ b/includes/SpecialUpload.php
@@ -157,9 +157,9 @@ function saveUploadedFile()
 function unsaveUploadedFile()
 {
 	global $wpSessionKey, $wpUploadOldVersion;
-	global $wgUploadDirectory, $wgOut, $wsUploadFiles;
+	global $wgUploadDirectory, $wgOut;
 	
-	$wgSavedFile = $wsUploadFiles[$wpSessionKey];
+	$wgSavedFile = $_SESSION['wsUploadFiles'][$wpSessionKey];
 	$wgUploadOldVersion = $wpUploadOldVersion;
 
 	if ( ! @unlink( $wgSavedFile ) ) {
@@ -193,12 +193,12 @@ function uploadWarning( $warning )
 	global $wpUploadDescription, $wpIgnoreWarning;
 	global $wpUploadSaveName, $wpUploadTempName, $wpUploadSize;
 	global $wgSavedFile, $wgUploadOldVersion;
-	global $wpSessionKey, $wpUploadOldVersion, $wsUploadFiles;
+	global $wpSessionKey, $wpUploadOldVersion;
 	global $wgUseCopyrightUpload , $wpUploadCopyStatus , $wpUploadSource ;
 
 	# wgSavedFile is stored in the session not the form, for security
 	$wpSessionKey = mt_rand( 0, 0x7fffffff );
-	$wsUploadFiles[$wpSessionKey] = $wgSavedFile;
+	$_SESSION['wsUploadFiles'][$wpSessionKey] = $wgSavedFile;
 
 	$sub = wfMsg( "uploadwarning" );
 	$wgOut->addHTML( "<h2>{$sub}</h2>\n" );
diff --git a/includes/User.php b/includes/User.php
index 0948c9ea12..5e514802e5 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -138,41 +138,35 @@ class User {
 
 	function SetupSession() {
 		global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain;
-		global $wsUserID, $wsUserName, $wsUserPassword, $wsUploadFiles;
 		if( $wgSessionsInMemcached ) {
 			include_once( "MemcachedSessions.php" );
 		}
 		session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain );
 		session_cache_limiter( "private, must-revalidate" );
 		session_start();
-		session_register( "wsUserID" );
-		session_register( "wsUserName" );
-		session_register( "wsUserPassword" );
-		session_register( "wsUploadFiles" );
 	}
 
 	/* static */ function loadFromSession()
 	{
-		global $HTTP_COOKIE_VARS, $wsUserID, $wsUserName, $wsUserPassword;
 		global $wgMemc, $wgDBname;
 
-		if ( isset( $wsUserID ) ) {
-			if ( 0 != $wsUserID ) {
-				$sId = $wsUserID;
+		if ( isset( $_SESSION['wsUserID'] ) ) {
+			if ( 0 != $_SESSION['wsUserID'] ) {
+				$sId = $_SESSION['wsUserID'];
 			} else {
 				return new User();
 			}
-		} else if ( isset( $HTTP_COOKIE_VARS["{$wgDBname}UserID"] ) ) {
-			$sId = IntVal( $HTTP_COOKIE_VARS["{$wgDBname}UserID"] );
-			$wsUserID = $sId;
+		} else if ( isset( $_COOKIE["{$wgDBname}UserID"] ) ) {
+			$sId = IntVal( $_COOKIE["{$wgDBname}UserID"] );
+			$_SESSION['wsUserID'] = $sId;
 		} else {
 			return new User();
 		}
-		if ( isset( $wsUserName ) ) {
-			$sName = $wsUserName;
+		if ( isset( $_SESSION['wsUserName'] ) ) {
+			$sName = $_SESSION['wsUserName'];
 		} else if ( isset( $HTTP_COOKIE_VARS["{$wgDBname}UserName"] ) ) {
 			$sName = $HTTP_COOKIE_VARS["{$wgDBname}UserName"];
-			$wsUserName = $sName;
+			$_SESSION['wsUserName'] = $sName;
 		} else {
 			return new User();
 		}
@@ -188,12 +182,12 @@ class User {
 			wfDebug( "User::loadFromSession() got from cache!\n" );
 		}
 
-		if ( isset( $wsUserPassword ) ) {
-			$passwordCorrect = $wsUserPassword == $user->mPassword;
+		if ( isset( $_SESSION['wsUserPassword'] ) ) {
+			$passwordCorrect = $_SESSION['wsUserPassword'] == $user->mPassword;
 		} else if ( isset( $HTTP_COOKIE_VARS["{$wgDBname}Password"] ) ) {
 			$user->mCookiePassword = $HTTP_COOKIE_VARS["{$wgDBname}Password"];
-			$wsUserPassword = $user->addSalt( $user->mCookiePassword );
-			$passwordCorrect = $wsUserPassword == $user->mPassword;
+			$_SESSION['wsUserPassword'] = $user->addSalt( $user->mCookiePassword );
+			$passwordCorrect = $_SESSION['wsUserPassword'] == $user->mPassword;
 		} else {
 			return new User(); # Can't log in from session
 		}
@@ -489,19 +483,18 @@ class User {
 
 	function setCookies()
 	{
-		global $wsUserID, $wsUserName, $wsUserPassword;
 		global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgDBname;
 		if ( 0 == $this->mId ) return;
 		$this->loadFromDatabase();
 		$exp = time() + $wgCookieExpiration;
 
-		$wsUserID = $this->mId;
+		$_SESSION['wsUserID'] = $this->mId;
 		setcookie( "{$wgDBname}UserID", $this->mId, $exp, $wgCookiePath, $wgCookieDomain );
 
-		$wsUserName = $this->mName;
+		$_SESSION['wsUserName'] = $this->mName;
 		setcookie( "{$wgDBname}UserName", $this->mName, $exp, $wgCookiePath, $wgCookieDomain );
 
-		$wsUserPassword = $this->mPassword;
+		$_SESSION['wsUserPassword'] = $this->mPassword;
 		if ( 1 == $this->getOption( "rememberpassword" ) ) {
 			setcookie( "{$wgDBname}Password", $this->mCookiePassword, $exp, $wgCookiePath, $wgCookieDomain );
 		} else {
@@ -511,10 +504,9 @@ class User {
 
 	function logout()
 	{
-		global $wsUserID, $wgCookiePath, $wgCookieDomain, $wgDBname;
 		$this->mId = 0;
 
-		$wsUserID = 0;
+		$_SESSION['wsUserID'] = 0;
 
 		setcookie( "{$wgDBname}UserID", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
 		setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
diff --git a/index.php b/index.php
index b48f9b8a62..6fb819784a 100644
--- a/index.php
+++ b/index.php
@@ -3,10 +3,46 @@
 #
 $wgRequestTime = microtime();
 
+## Enable this to debug total elimination of register_globals
+#define( "DEBUG_GLOBALS", 1 );
+
+if( defined('DEBUG_GLOBALS') ) error_reporting(E_ALL);
+
+function &fix_magic_quotes( &$arr ) {
+	foreach( $arr as $key => $val ) {
+		if( is_array( $val ) ) {
+			fix_magic_quotes( $arr[$key] );
+		} else {
+			$arr[$key] = stripslashes( $val );
+		}
+	}
+	return $arr;
+}
+
+if ( get_magic_quotes_gpc() ) {
+	fix_magic_quotes( $_COOKIE );
+	fix_magic_quotes( $_ENV );
+	fix_magic_quotes( $_GET );
+	fix_magic_quotes( $_POST );
+	fix_magic_quotes( $_REQUEST );
+	fix_magic_quotes( $_SERVER );
+} elseif( defined('DEBUG_GLOBALS') ) {
+	die("DEBUG_GLOBALS: turn on magic_quotes_gpc" );
+}
+
+if( defined('DEBUG_GLOBALS') ) {
+	if( ini_get( "register_globals" ) ) {
+		die( "DEBUG_GLOBALS: turn off register_globals" );
+	}
+} elseif( !ini_get( "register_globals" ) ) {
+	# Insecure, but at least it'll run
+	import_request_variables( "GPC" );
+}
+
 unset( $IP );
 ini_set( "allow_url_fopen", 0 ); # For security...
 if(!file_exists("LocalSettings.php")) {
-	die( "You'll have to <a href='config/index.php'>set the wiki up</a> first!" );
+	die( "You'll have to <a href='$wgScriptPath/config/index.php'>set the wiki up</a> first!" );
 }
 include_once( "./LocalSettings.php" );
 
@@ -14,9 +50,9 @@ if( $wgSitename == "MediaWiki" ) {
 	die( "You must set the site name in \$wgSitename before installation.\n\n" );
 }
 
-# Windows requires ';' as separator, ':' for Unix
-$sep = strchr( $include_path = ini_get( "include_path" ), ";" ) ? ";" : ":";
-ini_set( "include_path", "$IP$sep$include_path" );
+# PATH_SEPARATOR avaialble only from 4.3.0
+$sep = (DIRECTORY_SEPARATOR == "\\") ? ";" : ":";
+ini_set( "include_path", $IP . $sep . ini_get( "include_path" ) );
 
 include_once( "Setup.php" );
 
@@ -41,11 +77,13 @@ $wgArticle = new Article($wgTitle);
 
 $action = strtolower( trim( $action ) );
 if ( "" == $action ) { $action = "view"; }
-if ( "yes" == $_REQUEST['printable'] ) { $wgOut->setPrintable(); }
+if ( !empty( $_REQUEST['printable'] ) && $_REQUEST['printable'] == "yes") {
+	$wgOut->setPrintable();
+}
 
 if ( "" == $title && "delete" != $action ) {
 	$wgTitle = Title::newFromText( wfMsg( "mainpage" ) );
-} elseif ( $_REQUEST['curid'] ) {
+} elseif ( !empty( $_REQUEST['curid'] ) ) {
 	# URLs like this are generated by RC, because rc_title isn't always accurate
 	$wgTitle = Title::newFromID( $_REQUEST['curid'] );
 } else {
@@ -63,7 +101,7 @@ if ( !$wgUser->getID() && is_array( $wgWhitelistRead ) && $wgTitle) {
 	}
 }
 
-if ( "" != $_REQUEST['search'] ) {
+if ( !empty( $_REQUEST['search'] ) ) {
 	if( isset($_REQUEST['fulltext']) ) {
 		wfSearch( $_REQUEST['search'] );
 	} else {
diff --git a/install-utils.inc b/install-utils.inc
index 8d1734e5d2..55e712c924 100644
--- a/install-utils.inc
+++ b/install-utils.inc
@@ -8,9 +8,6 @@ function install_version_checks() {
 	if( version_compare( phpversion(), "4.3.2" ) < 0 ) {
 		echo "WARNING: PHP 4.3.2 or higher is recommended. Older versions from 4.1.x up may work but are not actively supported.\n\n";
 	}
-	if( !ini_get( "register_globals" ) ) {
-		echo "WARNING: register_globals is not on; MediaWiki currently relies on this option.\n\n";
-	}
 	
 	if (!extension_loaded('mysql')) {
 		if (!dl('mysql.so')) {
-- 
2.20.1