-
Notifications
You must be signed in to change notification settings - Fork 6
/
config.php
109 lines (93 loc) · 3.07 KB
/
config.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<?php
/**
* This file is considered to be more "universal" configuration stuff, whereas the
* envConfig.php file is, well, environmental. Multiple collaborators can have their own
* envConfig.php file (or multiple ones, even) whereas global system config would be here.
*/
require('envConfig.php');
// For God's sake turn off display_errors on a production system, please!
error_reporting(E_ALL ^ E_NOTICE);
ini_set('arg_separator.output', '&');
ini_set('session.cookie_httponly', true);
ini_set('session.use_strict_mode', true);
// force some output buffering, for performance reasons
if (substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
ob_start("ob_gzhandler");
} else {
ob_start();
}
// ensure we're using UTF-8 on everything
header('Content-Type: text/html; charset=utf-8');
// secure header stuff
header('X-Content-Type-Options: nosniff');
header('x-frame-options: deny');
header('x-xss-protection: 1; mode=block');
/**
* autoloader (lazy loading) function
*
* @param string $class_name
*
* @global array $class_directories
* @return void
*/
function autoloader($class_name)
{
// this array comes from envconfig.
GLOBAL $class_directories;
//for each directory
foreach ($class_directories as $directory) {
//see if the file exists
if (file_exists($directory . $class_name . '.class.php')) {
require_once($directory . $class_name . '.class.php');
//only require the class once, so quit after to save effort
// (if you got more than one, then name them something else)
return;
}
}
}
spl_autoload_register('autoloader');
// SYSTEM TIMEZONE
date_default_timezone_set('UTC');
if (isset($_GET) || isset($_POST)) {
// we do our own sanity check because depending on server configs this can cause a clusterfuck
// due to our own custom escapement of quotes. Seriously, don't remove this
if (get_magic_quotes_gpc() && !function_exists('FixMagicQuotesGpc')) {
/**
* @param $data
*
* @return string
*/
function FixMagicQuotesGpc($data)
{
if (is_array($data)) {
foreach ($data as &$value) {
$value = FixMagicQuotesGpc($value);
}
return $data;
} else {
return stripslashes($data);
}
}
$_GET = FixMagicQuotesGpc($_GET);
$_POST = FixMagicQuotesGpc($_POST);
$_REQUEST = FixMagicQuotesGpc($_REQUEST);
}
// Require input filtering
$iFilter = new InputFilter(array());
// filter all $_GET variables
foreach ($_GET as $key => $val) {
if (!is_array($key)) {
$_GET[$key] = $iFilter->process(strip_tags($val));
} else {
$_GET[$key] = $iFilter->process($val);
}
}
// filter all $_POST variables
foreach ($_POST as $key => $val) {
if (!is_array($_POST[$key])) {
$_POST[$key] = $iFilter->process(strip_tags($val));
} else {
$_POST[$key] = $iFilter->process($val);
}
}
}