X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=debugger%2Fcommon.php;h=5097a395ac546689aff18f8774df1e144b6720c8;hb=e9b8461bd99a446f5e11696b2dac7e0b842380c9;hp=c3efa33f1ba1eb7764dd8237692289855d6953b7;hpb=ae5a8552a784500adbacfdbd9e0b08970a83a9fa;p=plcapi.git

diff --git a/debugger/common.php b/debugger/common.php
index c3efa33..5097a39 100644
--- a/debugger/common.php
+++ b/debugger/common.php
@@ -8,8 +8,46 @@
  *
  * @todo switch params for http compression from 0,1,2 to values to be used directly
  * @todo do some more sanitization of received parameters
+ * @todo move parameters away from global namespace
  */
 
+// handle class autoloading:
+if (file_exists(__DIR__.'/../vendor/autoload.php')) {
+    // if the debugger is installed as top-level project with Composer, allow finding classes from dependencies
+    include_once(__DIR__.'/../vendor/autoload.php');
+} else {
+    // assume this is either a standalone install, or installed as Composer dependency
+    /// @todo if the latter is true, should we just not skip using the custom Autoloader, and let a top-level
+    ///       debugger include this one, taking care of autoloading ?
+    include_once __DIR__ . "/../src/Autoloader.php";
+    PhpXmlRpc\Autoloader::register();
+}
+
+// work around register globals - @see https://www.php.net/manual/en/faq.misc.php#faq.misc.registerglobals
+if (ini_get('register_globals')) {
+    function unregister_globals()
+    {
+        // Might want to change this perhaps to a nicer error
+        if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
+            die('GLOBALS overwrite attempt detected');
+        }
+
+        // Variables that shouldn't be unset
+        $noUnset = array('GLOBALS',  '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
+
+        $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES,
+            isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()
+        );
+
+        foreach ($input as $k => $v) {
+            if (!in_array($k, $noUnset) && isset($GLOBALS[$k])) {
+                unset($GLOBALS[$k]);
+            }
+        }
+    }
+    unregister_globals();
+}
+
 // work around magic quotes
 if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
     function stripslashes_deep($value)
@@ -34,10 +72,11 @@ if (isset($_GET['usepost']) && $_GET['usepost'] === 'true') {
 /// @todo if $inputcharset is not UTF8, we should probably re-encode $_GET to make it UTF-8
 
 // recover input parameters
+/// @todo instead of using globals, move them to an array. Also: use a class for this parsing...
 $debug = false;
 $protocol = 0;
 $run = false;
-$wstype = 0;
+$wstype = defined('DEFAULT_WSTYPE') ? DEFAULT_WSTYPE : 0;
 $id = '';
 if (isset($_GET['action'])) {
     if (isset($_GET['wstype']) && $_GET['wstype'] == '1') {