From 8cc9db9e0f3b783c51761a4a4ed89ce9d60a1bca Mon Sep 17 00:00:00 2001
From: Arcturus <github@drk.st>
Date: Sat, 28 Sep 2024 22:34:28 +0900
Subject: [PATCH] move event_handler.php and fix common.php

---
 .../classes/{event => }/event.php             |  0
 .../classes/{event => }/event_handler.php     |  0
 AvocadoEdition_Light/common.php               | 38 ++++++++++---------
 3 files changed, 21 insertions(+), 17 deletions(-)
 rename AvocadoEdition_Light/classes/{event => }/event.php (100%)
 rename AvocadoEdition_Light/classes/{event => }/event_handler.php (100%)

diff --git a/AvocadoEdition_Light/classes/event/event.php b/AvocadoEdition_Light/classes/event.php
similarity index 100%
rename from AvocadoEdition_Light/classes/event/event.php
rename to AvocadoEdition_Light/classes/event.php
diff --git a/AvocadoEdition_Light/classes/event/event_handler.php b/AvocadoEdition_Light/classes/event_handler.php
similarity index 100%
rename from AvocadoEdition_Light/classes/event/event_handler.php
rename to AvocadoEdition_Light/classes/event_handler.php
diff --git a/AvocadoEdition_Light/common.php b/AvocadoEdition_Light/common.php
index c37ed2f..bc767d5 100644
--- a/AvocadoEdition_Light/common.php
+++ b/AvocadoEdition_Light/common.php
@@ -7,19 +7,25 @@ error_reporting(E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_PA
 // 보안설정이나 프레임이 달라도 쿠키가 통하도록 설정
 header('P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"');
 
-if (!defined('G5_SET_TIME_LIMIT'))
+if (!defined('G5_SET_TIME_LIMIT')) {
   define('G5_SET_TIME_LIMIT', 0);
+}
 
-define("__ADVDIR__", __DIR__);
 @set_time_limit(G5_SET_TIME_LIMIT);
+define("__ADVDIR__", __DIR__);
+
+include_once __DIR__ . "/classes/event_handler.php";
+
+$extra_headers = [
+  'HTTP_X_REAL_IP',
+  'HTTP_X_FORWARDED_HOST',
+  'HTTP_X_FORWARDED_PROTO',
+  'HTTP_X_FORWARDED_SSL',
+];
 
 
-
-//==========================================================================================================================
-// extract($_GET); 명령으로 인해 page.php?_POST[var1]=data1&_POST[var2]=data2 와 같은 코드가 _POST 변수로 사용되는 것을 막음
-// 081029 : letsgolee 님께서 도움 주셨습니다.
-//--------------------------------------------------------------------------------------------------------------------------
-$ext_arr = [
+// filter for dynamic variables
+$var_filter = [
   'PHP_SELF',
   '_ENV',
   '_GET',
@@ -39,15 +45,14 @@ $ext_arr = [
   'GLOBALS'
 ];
 
-$ext_cnt = count($ext_arr);
-for ($i = 0; $i < $ext_cnt; $i++) {
-  // POST, GET 으로 선언된 전역변수가 있다면 unset() 시킴
-  if (isset($_GET[$ext_arr[$i]]))
-    unset($_GET[$ext_arr[$i]]);
-  if (isset($_POST[$ext_arr[$i]]))
-    unset($_POST[$ext_arr[$i]]);
+foreach($var_filter as $val) {
+  if (array_key_exists($val, $_GET) && isset($_GET[$val])) {
+    unset($_GET[$val]);
+  }
+  if (array_key_exists($val, $_POST) && isset($_POST[$val])) {
+    unset($_POST[$val]);
+  }
 }
-//==========================================================================================================================
 
 /**
  * Load require class and others
@@ -136,7 +141,6 @@ function get_embed_file($type, $path, ...$args)
   }
 }
 
-include_once __DIR__ . "/classes/event/event_handler.php";
 
 $_system = new stdClass;
 $_system->classes = load_libs(__DIR__ . "/classes", "class");