From 9b2c67e6fcb95d65961a20ff264629e5da91fa4c Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 9 Sep 2007 10:57:07 +0000 Subject: [PATCH] =?UTF-8?q?Fix:=20allow=5Fcall=5Ftime=5Fpass=5Freference?= =?UTF-8?q?=20ne=20va=20plus=20=EAtre=20exploit=E9=20dans=20php.ini?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/adherents/cartes/PDF_card.class.php | 2 +- htdocs/adherents/cartes/carte.php | 2 +- htdocs/adherents/cartes/etiquette.php | 2 +- htdocs/includes/xmlrpc/xmlrpc.php | 28 +++++++++++----------- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/htdocs/adherents/cartes/PDF_card.class.php b/htdocs/adherents/cartes/PDF_card.class.php index 3d8c2623c7d..7918ef1eaa4 100755 --- a/htdocs/adherents/cartes/PDF_card.class.php +++ b/htdocs/adherents/cartes/PDF_card.class.php @@ -67,7 +67,7 @@ \version $Revision$ */ -require_once(FPDF_PATH.'fpdi_protection.php'); +require_once(FPDFI_PATH.'fpdi_protection.php'); /** diff --git a/htdocs/adherents/cartes/carte.php b/htdocs/adherents/cartes/carte.php index 6316a183db8..26086b879bc 100755 --- a/htdocs/adherents/cartes/carte.php +++ b/htdocs/adherents/cartes/carte.php @@ -29,7 +29,7 @@ */ require("./pre.inc.php"); -require(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php"); +require_once(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php"); require_once('PDF_card.class.php'); diff --git a/htdocs/adherents/cartes/etiquette.php b/htdocs/adherents/cartes/etiquette.php index 521620e32df..c1f70d13cc8 100755 --- a/htdocs/adherents/cartes/etiquette.php +++ b/htdocs/adherents/cartes/etiquette.php @@ -29,7 +29,7 @@ */ require("./pre.inc.php"); -require(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php"); +require_once(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php"); require_once('PDF_card.class.php'); diff --git a/htdocs/includes/xmlrpc/xmlrpc.php b/htdocs/includes/xmlrpc/xmlrpc.php index 65b7afe5381..b88ed86ebc1 100644 --- a/htdocs/includes/xmlrpc/xmlrpc.php +++ b/htdocs/includes/xmlrpc/xmlrpc.php @@ -80,7 +80,7 @@ class XML { $this->parser = xml_parser_create(); xml_parser_set_option ($this->parser, XML_OPTION_CASE_FOLDING, 0); - xml_set_object($this->parser, &$this); + xml_set_object($this->parser, $this); xml_set_element_handler($this->parser, "open", "close"); xml_set_character_data_handler($this->parser, "data"); # register_shutdown_function(array(&$this, 'destruct')); @@ -133,7 +133,7 @@ class XML { $this->parent[$key] = array(); $this->parent = &$this->parent[$key]; - array_unshift($this->parents, &$this->parent); + array_unshift($this->parents, $this->parent); } function data($parser, $data){ @@ -156,7 +156,7 @@ class XML { function & XML_unserialize(&$xml){ $xml_parser = new XML(); - $data = &$xml_parser->parse(&$xml); + $data = &$xml_parser->parse($xml); $xml_parser->destruct(); return $data; } @@ -165,7 +165,7 @@ function & XMLRPC_parse(&$request){ if(defined('XMLRPC_DEBUG') and XMLRPC_DEBUG){ XMLRPC_debug('XMLRPC_parse', "

Received the following raw request:

" . XMLRPC_show($request, 'print_r', true)); } - $data = &XML_unserialize(&$request); + $data = &XML_unserialize($request); if(defined('XMLRPC_DEBUG') and XMLRPC_DEBUG){ XMLRPC_debug('XMLRPC_parse', "

Returning the following parsed request:

" . XMLRPC_show($data, 'print_r', true)); } @@ -187,7 +187,7 @@ function & XMLRPC_prepare($data, $type = NULL){ if(array_key_exists("$n type", $data)){ $type = $data["$n type"]; } - $temp[$n] = XMLRPC_prepare(&$data[$n], $type); + $temp[$n] = XMLRPC_prepare($data[$n], $type); } } }else{ #it's a struct @@ -202,7 +202,7 @@ function & XMLRPC_prepare($data, $type = NULL){ if(array_key_exists("$key type", $data)){ $type = $data["$key type"]; } - $temp[] = array('name' => $key, 'value' => XMLRPC_prepare(&$value, $type)); + $temp[] = array('name' => $key, 'value' => XMLRPC_prepare($value, $type)); } } } @@ -244,11 +244,11 @@ function & XMLRPC_adjustValue(&$current_node){ if(is_array($temp) and array_key_exists(0, $temp)){ $count = count($temp); for($n=0;$n<$count;$n++){ - $temp2[$n] = &XMLRPC_adjustValue(&$temp[$n]); + $temp2[$n] = &XMLRPC_adjustValue($temp[$n]); } $temp = &$temp2; }else{ - $temp2 = &XMLRPC_adjustValue(&$temp); + $temp2 = &XMLRPC_adjustValue($temp); $temp = array(&$temp2); #I do the temp assignment because it avoids copying, # since I can put a reference in the array @@ -267,12 +267,12 @@ function & XMLRPC_adjustValue(&$current_node){ $count = count($temp); for($n=0;$n<$count;$n++){ #echo "Passing name {$temp[$n][name]}. Value is: " . show($temp[$n][value], var_dump, true) . "
\n"; - $temp2[$temp[$n]['name']] = &XMLRPC_adjustValue(&$temp[$n]['value']); + $temp2[$temp[$n]['name']] = &XMLRPC_adjustValue($temp[$n]['value']); #echo "adjustValue(): After assigning, the value is " . show($temp2[$temp[$n]['name']], var_dump, true) . "
\n"; } }else{ #echo "Passing name $temp[name]
\n"; - $temp2[$temp['name']] = &XMLRPC_adjustValue(&$temp['value']); + $temp2[$temp['name']] = &XMLRPC_adjustValue($temp['value']); } $temp = &$temp2; } @@ -316,7 +316,7 @@ function XMLRPC_getParams($request){ $count = count($temp); for($n = 0; $n < $count; $n++){ #echo "Serializing parameter $n
"; - $temp2[$n] = &XMLRPC_adjustValue(&$temp[$n]['value']); + $temp2[$n] = &XMLRPC_adjustValue($temp[$n]['value']); } }else{ $temp2[0] = &XMLRPC_adjustValue($temp['value']); @@ -390,13 +390,13 @@ function XMLRPC_request($site, $location, $methodName, $params = NULL, $user_age XMLRPC_debug('XMLRPC_request', "

Received the following response:

\n\n" . XMLRPC_show($response, 'print_r', true) . "

Which was serialized into the following data:

\n\n" . XMLRPC_show($data, 'print_r', true)); } if(isset($data['methodResponse']['fault'])){ - $return = array(false, XMLRPC_adjustValue(&$data['methodResponse']['fault']['value'])); + $return = array(false, XMLRPC_adjustValue($data['methodResponse']['fault']['value'])); if(defined('XMLRPC_DEBUG') and XMLRPC_DEBUG){ XMLRPC_debug('XMLRPC_request', "

Returning:

\n\n" . XMLRPC_show($return, 'var_dump', true)); } return $return; }else{ - $return = array(true, XMLRPC_adjustValue(&$data['methodResponse']['params']['param']['value'])); + $return = array(true, XMLRPC_adjustValue($data['methodResponse']['params']['param']['value'])); if(defined('XMLRPC_DEBUG') and XMLRPC_DEBUG){ XMLRPC_debug('XMLRPC_request', "

Returning:

\n\n" . XMLRPC_show($return, 'var_dump', true)); } @@ -407,7 +407,7 @@ function XMLRPC_request($site, $location, $methodName, $params = NULL, $user_age function XMLRPC_response($return_value, $server = NULL){ $data["methodResponse"]["params"]["param"]["value"] = &$return_value; - $return = XML_serialize(&$data); + $return = XML_serialize($data); if(defined('XMLRPC_DEBUG') and XMLRPC_DEBUG){ XMLRPC_debug('XMLRPC_response', "

Received the following data to return:

\n\n" . XMLRPC_show($return_value, 'print_r', true));