Rmoeve register_long_arrays from php.ini and from php code the use of HTTP_*_VARS as its deprecated and luckily low use in pfSense to win memory and compativility

8 files changed, 30 insertions, 19 deletions

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 521656b..c686ff4 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -1344,7 +1344,7 @@ function authenticate_user($username, $password, $authcfg = NULL, &$attributes =
 }
 
 function session_auth() {
-	global $HTTP_SERVER_VARS, $config, $_SESSION, $page;
+	global $config, $_SESSION, $page;
 
 	// Handle HTTPS httponly and secure flags
 	if($config['system']['webgui']['protocol'] == "https") {
@@ -1372,7 +1372,6 @@ function session_auth() {
 			if(! isset($config['system']['webgui']['quietlogin'])) {
 				log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], $_SERVER['REMOTE_ADDR']));
 			}
-			$HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username'];
 			if (isset($_POST['postafterlogin']))
 				return true;
 			else {
@@ -1464,7 +1463,6 @@ function session_auth() {
 	if ($_GET['enable_ajax'])
 		unset($_SESSION['NO_AJAX']);
 
-	$HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username'];
 	return true;
 }
 
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc
index 35d51c7..fe9d2ca 100644
--- a/etc/inc/authgui.inc
+++ b/etc/inc/authgui.inc
@@ -51,7 +51,7 @@ if (!session_auth()) {
  * We give them access only to the appropriate pages based on
  * the user or group privileges.
  */
-$allowedpages = getAllowedPages($HTTP_SERVER_VARS['AUTH_USER']);
+$allowedpages = getAllowedPages($_SESSION['Username']);
 
 /*
  * redirect to first allowed page if requesting a wrong url
diff --git a/etc/inc/xmlrpc_server.inc b/etc/inc/xmlrpc_server.inc
index 10b8beb..f4d8a46 100644
--- a/etc/inc/xmlrpc_server.inc
+++ b/etc/inc/xmlrpc_server.inc
@@ -304,6 +304,12 @@ class XML_RPC_Server
 
 
     /**
+     * The HTTP request data
+     * @null
+     */
+    var $client_data = '';
+
+    /**
      * Constructor for the XML_RPC_Server class
      *
      * @param array $dispMap   the dispatch map. An associative array
@@ -328,7 +334,6 @@ class XML_RPC_Server
      */
     function XML_RPC_Server($dispMap, $serviceNow = 1, $debug = 0)
     {
-        global $HTTP_RAW_POST_DATA;
 
         if ($debug) {
             $this->debug = 1;
@@ -351,11 +356,11 @@ class XML_RPC_Server
      */
     function serializeDebug()
     {
-        global $XML_RPC_Server_debuginfo, $HTTP_RAW_POST_DATA;
+        global $XML_RPC_Server_debuginfo;
 
         if ($this->debug) {
             XML_RPC_Server_debugmsg('vvv POST DATA RECEIVED BY SERVER vvv' . "\n"
-                                    . $HTTP_RAW_POST_DATA
+                                    . $this->server_payload . $this->client_data
                                     . "\n" . '^^^ END POST DATA ^^^');
         }
 
@@ -446,7 +451,9 @@ class XML_RPC_Server
      */
     function createServerPayload()
     {
-        $r = $this->parseRequest();
+	$this->client_data = file_get_contents("php://input");
+
+        $r = $this->parseRequest($this->client_data);
         $this->server_payload = '<?xml version="1.0" encoding="'
                               . $this->encoding . '"?>' . "\n"
                               . $this->serializeDebug()
@@ -537,12 +544,13 @@ class XML_RPC_Server
      */
     function parseRequest($data = '')
     {
-        global $XML_RPC_xh, $HTTP_RAW_POST_DATA,
+        global $XML_RPC_xh,
                 $XML_RPC_err, $XML_RPC_str, $XML_RPC_errxml,
                 $XML_RPC_defencoding, $XML_RPC_Server_dmap;
 
         if ($data == '') {
-            $data = $HTTP_RAW_POST_DATA;
+            $data = file_get_contents("php://input");
+	    $this->client_data = $data;
         }
 
         $this->encoding = XML_RPC_Message::getEncoding($data);
@@ -653,10 +661,8 @@ class XML_RPC_Server
      */
     function echoInput()
     {
-        global $HTTP_RAW_POST_DATA;
-
         $r = new XML_RPC_Response(0);
-        $r->xv = new XML_RPC_Value("'Aha said I: '" . $HTTP_RAW_POST_DATA, 'string');
+        $r->xv = new XML_RPC_Value("'Aha said I: '" . $this->client_data, 'string');
         print $r->serialize();
     }
 }
diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup
index 6cbc517..7da05b4 100755
--- a/etc/rc.php_ini_setup
+++ b/etc/rc.php_ini_setup
@@ -178,6 +178,7 @@ magic_quotes_gpc = Off
 max_execution_time = 900
 max_input_time = 1800
 register_argc_argv = On
+register_long_arrays = Off
 file_uploads = On
 upload_tmp_dir = ${UPLOADTMPDIR}
 upload_max_filesize = 200M
diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php
index eda1321..2b84d74 100755
--- a/usr/local/www/exec.php
+++ b/usr/local/www/exec.php
@@ -83,7 +83,7 @@ function puts( $arg ) { echo "$arg\n"; }
 // "Constants".
 
 $Version    = '';
-$ScriptName = $HTTP_SERVER_VARS['SCRIPT_NAME'];
+$ScriptName = $REQUEST['SCRIPT_NAME'];
 
 // Get year.
 
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc
index 3579767..d5a9cf7 100755
--- a/usr/local/www/guiconfig.inc
+++ b/usr/local/www/guiconfig.inc
@@ -911,7 +911,6 @@ function echo_array($array,$return_me=false){
  *   null
  ******/
 function display_top_tabs(& $tab_array, $no_drop_down = false) {
-	global $HTTP_SERVER_VARS;
 	global $config;
 	global $g;
 	global $tab_array_indent;
diff --git a/usr/local/www/headjs.php b/usr/local/www/headjs.php
index bfea6e9..0ee1cb4 100644
--- a/usr/local/www/headjs.php
+++ b/usr/local/www/headjs.php
@@ -37,7 +37,7 @@
 require_once("guiconfig.inc");
 
 function getHeadJS() {
-  global $_SERVER, $HTTP_SERVER_VARS, $g, $use_loader_tab_gif;
+  global $g, $use_loader_tab_gif;
 
   if(!$use_loader_tab_gif)
     $loader_gif = "/themes/{$g['theme']}/images/misc/loader.gif";
diff --git a/usr/local/www/system_usermanager_passwordmg.php b/usr/local/www/system_usermanager_passwordmg.php
index 10ff645..a35a8a47 100644
--- a/usr/local/www/system_usermanager_passwordmg.php
+++ b/usr/local/www/system_usermanager_passwordmg.php
@@ -54,9 +54,12 @@ if (isset($_POST['save'])) {
 		$input_errors[] = gettext("The passwords do not match.");
 
 	if (!$input_errors) {
+		if (!session_id())
+			session_start();
 		// all values are okay --> saving changes
-		$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1']));
-		local_user_set($config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]);
+		$config['system']['user'][$userindex[$_SESSION['Username']]]['password'] = crypt(trim($_POST['passwordfld1']));
+		local_user_set($config['system']['user'][$userindex[$_SESSION['Username']]]);
+		session_commit();
 
 		write_config();
 
@@ -101,7 +104,11 @@ if ($islocal == false) {
                 <form action="system_usermanager_passwordmg.php" method="post" name="iform" id="iform">
                         <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
                                 <tr>
-                                        <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s <?=gettext("Password"); ?></td>
+<?php if (!session_id())
+		session_start();
+?>
+                                        <td colspan="2" valign="top" class="listtopic"><?=$_SESSION['Username']?>'s <?=gettext("Password"); ?></td>
+<?php session_commit(); ?>
                                 </tr>
                                 <tr>
                                         <td width="22%" valign="top" class="vncell" rowspan="2"><?=gettext("Password"); ?></td>