Background
This issue is part of a project (#1004) to migrate inline TODOs to GitHub issues. If this issue is still relevant, please assign milestone(s) and team member(s) accordingly.
On acceptance as a valid issue, the code should be annotated with a comment pointing back to this issue.
On completion of the issue, the code should be updated to remove the comment and the pointer to the issue.
TODO and surrounding code
https://github.com/textpattern/textpattern/blob/dev/rpc/index.php#L28
https://github.com/textpattern/textpattern/blob/dev/rpc/index.php#L31
Comments
At the risk of poking RPC (which has a couple of outstanding issues currently) too much, there are 2x error reporting TODOs immediately after one another in rpc/index.php.
// TODO: change error reporting to E_ALL, including E_NOTICE to detect subtle bugs?
error_reporting(E_ALL & ~E_NOTICE);
// TODO: if display_errors is set to 0... who will ever see errors?
ini_set("display_errors", "0");
if (@ini_get('register_globals')) {
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
die('GLOBALS overwrite attempt detected. Please consider turning register_globals off.');
}
// Collect and unset all registered variables from globals.
$_txpg = array_merge(
isset($_SESSION) ? (array) $_SESSION : array(),
(array) $_ENV,
(array) $_GET,
(array) $_POST,
(array) $_COOKIE,
(array) $_FILES,
(array) $_SERVER
);
// As the deliberate awkwardly-named local variable $_txpfoo MUST NOT be
// unset to avoid notices further down, we must remove any potential
// identically-named global from the list of global names here.
unset($_txpg['_txpfoo']);
foreach ($_txpg as $_txpfoo => $value) {
if (!in_array($_txpfoo, array(
'GLOBALS',
'_SERVER',
'_GET',
'_POST',
'_FILES',
'_COOKIE',
'_SESSION',
'_REQUEST',
'_ENV',
))) {
unset($GLOBALS[$_txpfoo], $$_txpfoo);
}
}
}
Background
This issue is part of a project (#1004) to migrate inline TODOs to GitHub issues. If this issue is still relevant, please assign milestone(s) and team member(s) accordingly.
On acceptance as a valid issue, the code should be annotated with a comment pointing back to this issue.
On completion of the issue, the code should be updated to remove the comment and the pointer to the issue.
TODO and surrounding code
https://github.com/textpattern/textpattern/blob/dev/rpc/index.php#L28
https://github.com/textpattern/textpattern/blob/dev/rpc/index.php#L31
Comments
At the risk of poking RPC (which has a couple of outstanding issues currently) too much, there are 2x error reporting TODOs immediately after one another in
rpc/index.php.