Remove stuff only needed for PHP versions we don't support, fix some whitespace, and fix the unsupported PostgreSQL message output.

Author: ReimuHakurei

classes/Misc.php

@@ -12,7 +12,7 @@ class Misc {
 		var $form;
 
 		/* Constructor */
-		function __construct() { 
+		function __construct() {
 		}
 
 		/**
@@ -417,30 +417,6 @@ function printVal($str, $type = null, $params = array()) {
 			return $out;
 		}
 
-		/**
-		 * A function to recursively strip slashes.  Used to
-		 * enforce magic_quotes_gpc being off.
-		 * @param &var The variable to strip
-		 */
-		function stripVar(&$var) {
-			if (is_array($var)) {
-				foreach($var as $k => $v) {
-					$this->stripVar($var[$k]);
-
-					/* magic_quotes_gpc escape keys as well ...*/
-					if (is_string($k)) {
-						$ek = stripslashes($k);
-						if ($ek !== $k) {
-							$var[$ek] = $var[$k];
-							unset($var[$k]);
-						}
-					}
-				}
-			}
-			else
-				$var = stripslashes($var);
-		}
-
 		/**
 		 * Print out the page heading and help link
 		 * @param $title Title, already escaped
@@ -466,7 +442,7 @@ function printMsg($msg) {
 		 * Creates a database accessor
 		 */
 		function getDatabaseAccessor($database, $server_id = null) {
-			global $lang, $conf, $misc, $_connection;
+			global $lang, $conf, $misc, $_connection, $postgresqlMinVer;
 
 			$server_info = $this->getServerInfo($server_id);
 

classes/database/Connection.php

@@ -51,7 +51,6 @@ function __construct($host, $port, $sslmode, $user, $password, $database, $fetch
 	 * @return -3 Database-specific failure
 	 */
 	function getDriver(&$description) {
-
 		$v = pg_version($this->conn->_connectionID);
 		if (isset($v['server'])) $version = $v['server'];
 

libraries/lib.inc.php

@@ -19,6 +19,7 @@
 	$appVersion = '7.14.1-mod';
 
 	// PostgreSQL and PHP minimum version
+	global $postgresqlMinVer;
 	$postgresqlMinVer = '7.4';
 	$phpMinVer = '7.2';
 
@@ -50,52 +51,43 @@
 	require_once('./classes/Misc.php');
 	$misc = new Misc();
 
-    // Session start: if extra_session_security is on, make sure cookie_samesite
-    // is on (exit if we fail); otherwise, just start the session
-    $our_session_name = 'PPA_ID';
-    if ($conf['extra_session_security']) {
-        if (version_compare(phpversion(), '7.3', '<')) {
-            exit('PHPPgAdmin cannot be fully secured while running under PHP versions before 7.3.  Please upgrade PHP if possible.  If you cannot upgrade, and you\'re willing to assume the risk of CSRF attacks, you can change the value of "extra_session_security" to false in your config.inc.php file.');
-        }
-        if (ini_get('session.auto_start')) {
-            // If session.auto_start is on, and the session doesn't have
-            // session.cookie_samesite set, destroy and re-create the session
-            if (session_name() !== $our_session_name) {
-                $setting = strtolower(ini_get('session.cookie_samesite'));
-                if ($setting !== 'lax' && $setting !== 'strict') {
-                    session_destroy();
-                    session_name($our_session_name);
-                    ini_set('session.cookie_samesite', 'Strict');
-                    session_start();
-                }
-            }
-        } else {
-            session_name($our_session_name);
-            ini_set('session.cookie_samesite', 'Strict');
-            session_start();
-        }
-    } else {
-        if (!ini_get('session.auto_start')) {
-            session_name($our_session_name);
-            session_start();
-        }
-    }
-
-	// Do basic PHP configuration checks
-	if (ini_get('magic_quotes_gpc')) {
-		$misc->stripVar($_GET);
-		$misc->stripVar($_POST);
-		$misc->stripVar($_COOKIE);
-		$misc->stripVar($_REQUEST);
+	// Session start: if extra_session_security is on, make sure cookie_samesite
+	// is on (exit if we fail); otherwise, just start the session
+	$our_session_name = 'PPA_ID';
+	if ($conf['extra_session_security']) {
+		if (version_compare(phpversion(), '7.3', '<')) {
+			exit('PHPPgAdmin cannot be fully secured while running under PHP versions before 7.3.  Please upgrade PHP if possible.  If you cannot upgrade, and you\'re willing to assume the risk of CSRF attacks, you can change the value of "extra_session_security" to false in your config.inc.php file.');
+		}
+
+		if (ini_get('session.auto_start')) {
+			// If session.auto_start is on, and the session doesn't have
+			// session.cookie_samesite set, destroy and re-create the session
+			if (session_name() !== $our_session_name) {
+				$setting = strtolower(ini_get('session.cookie_samesite'));
+
+				if ($setting !== 'lax' && $setting !== 'strict') {
+					session_destroy();
+					session_name($our_session_name);
+					ini_set('session.cookie_samesite', 'Strict');
+					session_start();
+				}
+			}
+		} else {
+			session_name($our_session_name);
+			ini_set('session.cookie_samesite', 'Strict');
+			session_start();
+		}
+	} else {
+		if (!ini_get('session.auto_start')) {
+			session_name($our_session_name);
+			session_start();
+		}
 	}
 
-	// This has to be deferred until after stripVar above
 	$misc->setHREF();
 	$misc->setForm();
 
 	// Enforce PHP environment
-	ini_set('magic_quotes_runtime', 0);
-	ini_set('magic_quotes_sybase', 0);
 	ini_set('arg_separator.output', '&amp;');
 
 	// If login action is set, then set session variables
@@ -293,11 +285,4 @@
 		}
 	}
 
-	if (!function_exists("htmlspecialchars_decode")) {
-		function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT) {
-			return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style)));
-		}
-	}
-
 	$plugin_manager = new PluginManager($_language);
-?>

redirect.php

@@ -1,13 +1,13 @@
 <?php
-	$subject = isset($_REQUEST['subject']) ? $_REQUEST['subject'] : 'root'; 
-	
+	$subject = isset($_REQUEST['subject']) ? $_REQUEST['subject'] : 'root';
+
 	if ($subject == 'root')
 		$_no_db_connection = true;
-	
+
 	include_once('./libraries/lib.inc.php');
-	
+
 	$url = $misc->getLastTabURL($subject);
-	
+
 	// Load query vars into superglobal arrays
 	if (isset($url['urlvars'])) {
 		$urlvars = array();
@@ -16,14 +16,8 @@
 			$urlvars[$k] = value($urlvar, $_REQUEST);
 		}
 
-		/* parse_str function is affected by magic_quotes_gpc */
-		if (ini_get('magic_quotes_gpc')) {
-			$misc->stripVar($urlvars);
-		}
-
 		$_REQUEST = array_merge($_REQUEST, $urlvars);
 		$_GET = array_merge($_GET, $urlvars);
 	}
-	
+
 	require $url['url'];
-?>