diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2015-04-25 18:10:45 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2015-04-25 18:10:45 +0200 |
| commit | 4d6303202497e1af18b9db7c62960e557e5cdd3d (patch) | |
| tree | aa90367dc4217165b93c492984403f3de5681960 | |
| parent | 35d2467c94e8bb4b7c9c4919d5c6a3c98e0c85ed (diff) | |
| parent | 463c62df1847a3791fb7ec23b72c2f72bed12938 (diff) | |
| download | forums-4d6303202497e1af18b9db7c62960e557e5cdd3d.tar forums-4d6303202497e1af18b9db7c62960e557e5cdd3d.tar.gz forums-4d6303202497e1af18b9db7c62960e557e5cdd3d.tar.bz2 forums-4d6303202497e1af18b9db7c62960e557e5cdd3d.tar.xz forums-4d6303202497e1af18b9db7c62960e557e5cdd3d.zip | |
Merge pull request #3549 from bantu/ticket/13765
[ticket/13765] Verify SERVER_PROTOCOL has the expected format before using it.
* bantu/ticket/13765:
[ticket/13765] Verify SERVER_PROTOCOL has the expected format before using it.
| -rw-r--r-- | phpBB/includes/functions.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/startup.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index f0657b9016..4ae6e7a018 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2782,7 +2782,7 @@ function send_status_line($code, $message) } else { - if (!empty($_SERVER['SERVER_PROTOCOL'])) + if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL'])) { $version = $_SERVER['SERVER_PROTOCOL']; } diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 9bbbf4fd4c..008651c236 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -130,7 +130,7 @@ if (phpbb_has_trailing_path($phpEx)) { $prefix = 'Status:'; } - else if (!empty($_SERVER['SERVER_PROTOCOL'])) + else if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL'])) { $prefix = $_SERVER['SERVER_PROTOCOL']; } |