Conjunto de cambios d7a822e en sipes para cord/includes/bootstrap.inc
- Fecha y hora:
- 23/05/2016 15:48:25 (hace 8 años)
- Branches:
- stable, version-3.0
- Children:
- 6f9ddf1
- Parents:
- b354002
- Fichero:
-
- 1 editado
Leyenda
- No modificado
- Añadido
- Eliminado
-
cord/includes/bootstrap.inc
rb354002 rd7a822e 379 379 $conf = array(); 380 380 381 if (!isset($_SERVER['SERVER_PROTOCOL']) || ($_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.0' && $_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.1')) { 382 $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.0'; 383 } 384 381 385 if (isset($_SERVER['HTTP_HOST'])) { 382 386 // As HTTP_HOST is user input, ensure it only contains characters allowed … … 386 390 if (!drupal_valid_http_host($_SERVER['HTTP_HOST'])) { 387 391 // HTTP_HOST is invalid, e.g. if containing slashes it may be an attack. 388 header( 'HTTP/1.1400 Bad Request');392 header($_SERVER['SERVER_PROTOCOL'] .' 400 Bad Request'); 389 393 exit; 390 394 } … … 400 404 } 401 405 402 // Ignore the placeholder urlfrom default.settings.php.406 // Ignore the placeholder URL from default.settings.php. 403 407 if (isset($db_url) && $db_url == 'mysql://username:password@localhost/databasename') { 404 408 $db_url = ''; … … 439 443 else { 440 444 // Otherwise use $base_url as session name, without the protocol 441 // to use the same session identifiers across http and https.445 // to use the same session identifiers across HTTP and HTTPS. 442 446 list( , $session_name) = explode('://', $base_url, 2); 443 447 // We escape the hostname because it can be modified by a visitor. … … 750 754 && $if_none_match == $etag // etag must match 751 755 && $if_modified_since == $last_modified) { // if-modified-since must match 752 header( 'HTTP/1.1304 Not Modified');756 header($_SERVER['SERVER_PROTOCOL'] .' 304 Not Modified'); 753 757 // All 304 responses must send an etag if the 200 response for the same object contained an etag 754 758 header("Etag: $etag"); … … 1150 1154 // Deny access to hosts which were banned - t() is not yet available. 1151 1155 if (drupal_is_denied('host', ip_address())) { 1152 header( 'HTTP/1.1403 Forbidden');1156 header($_SERVER['SERVER_PROTOCOL'] .' 403 Forbidden'); 1153 1157 print 'Sorry, '. check_plain(ip_address()) .' has been banned.'; 1154 1158 exit(); … … 1331 1335 return $ip_address; 1332 1336 } 1337 1338 /** 1339 * Returns a URL-safe, base64 encoded string of highly randomized bytes (over the full 8-bit range). 1340 * 1341 * @param $byte_count 1342 * The number of random bytes to fetch and base64 encode. 1343 * 1344 * @return string 1345 * The base64 encoded result will have a length of up to 4 * $byte_count. 1346 */ 1347 function drupal_random_key($byte_count = 32) { 1348 return drupal_base64_encode(drupal_random_bytes($byte_count)); 1349 } 1350 1351 /** 1352 * Returns a URL-safe, base64 encoded version of the supplied string. 1353 * 1354 * @param $string 1355 * The string to convert to base64. 1356 * 1357 * @return string 1358 */ 1359 function drupal_base64_encode($string) { 1360 $data = base64_encode($string); 1361 // Modify the output so it's safe to use in URLs. 1362 return strtr($data, array('+' => '-', '/' => '_', '=' => '')); 1363 } 1364 1365 /** 1366 * Returns a string of highly randomized bytes (over the full 8-bit range). 1367 * 1368 * This function is better than simply calling mt_rand() or any other built-in 1369 * PHP function because it can return a long string of bytes (compared to < 4 1370 * bytes normally from mt_rand()) and uses the best available pseudo-random 1371 * source. 1372 * 1373 * @param $count 1374 * The number of characters (bytes) to return in the string. 1375 */ 1376 function drupal_random_bytes($count) { 1377 // $random_state does not use drupal_static as it stores random bytes. 1378 static $random_state, $bytes, $has_openssl, $has_hash; 1379 1380 $missing_bytes = $count - strlen($bytes); 1381 1382 if ($missing_bytes > 0) { 1383 // PHP versions prior 5.3.4 experienced openssl_random_pseudo_bytes() 1384 // locking on Windows and rendered it unusable. 1385 if (!isset($has_openssl)) { 1386 $has_openssl = version_compare(PHP_VERSION, '5.3.4', '>=') && function_exists('openssl_random_pseudo_bytes'); 1387 } 1388 1389 // openssl_random_pseudo_bytes() will find entropy in a system-dependent 1390 // way. 1391 if ($has_openssl) { 1392 $bytes .= openssl_random_pseudo_bytes($missing_bytes); 1393 } 1394 1395 // Else, read directly from /dev/urandom, which is available on many *nix 1396 // systems and is considered cryptographically secure. 1397 elseif ($fh = @fopen('/dev/urandom', 'rb')) { 1398 // PHP only performs buffered reads, so in reality it will always read 1399 // at least 4096 bytes. Thus, it costs nothing extra to read and store 1400 // that much so as to speed any additional invocations. 1401 $bytes .= fread($fh, max(4096, $missing_bytes)); 1402 fclose($fh); 1403 } 1404 1405 // If we couldn't get enough entropy, this simple hash-based PRNG will 1406 // generate a good set of pseudo-random bytes on any system. 1407 // Note that it may be important that our $random_state is passed 1408 // through hash() prior to being rolled into $output, that the two hash() 1409 // invocations are different, and that the extra input into the first one - 1410 // the microtime() - is prepended rather than appended. This is to avoid 1411 // directly leaking $random_state via the $output stream, which could 1412 // allow for trivial prediction of further "random" numbers. 1413 if (strlen($bytes) < $count) { 1414 // Initialize on the first call. The contents of $_SERVER includes a mix of 1415 // user-specific and system information that varies a little with each page. 1416 if (!isset($random_state)) { 1417 $random_state = print_r($_SERVER, TRUE); 1418 if (function_exists('getmypid')) { 1419 // Further initialize with the somewhat random PHP process ID. 1420 $random_state .= getmypid(); 1421 } 1422 // hash() is only available in PHP 5.1.2+ or via PECL. 1423 $has_hash = function_exists('hash') && in_array('sha256', hash_algos()); 1424 $bytes = ''; 1425 } 1426 1427 if ($has_hash) { 1428 do { 1429 $random_state = hash('sha256', microtime() . mt_rand() . $random_state); 1430 $bytes .= hash('sha256', mt_rand() . $random_state, TRUE); 1431 } while (strlen($bytes) < $count); 1432 } 1433 else { 1434 do { 1435 $random_state = md5(microtime() . mt_rand() . $random_state); 1436 $bytes .= pack("H*", md5(mt_rand() . $random_state)); 1437 } while (strlen($bytes) < $count); 1438 } 1439 } 1440 } 1441 $output = substr($bytes, 0, $count); 1442 $bytes = substr($bytes, $count); 1443 return $output; 1444 }
Nota: Vea TracChangeset
para ayuda en el uso del visor de conjuntos de cambios.