diff options
| author | Nils Adermann <naderman@naderman.de> | 2007-10-03 19:20:49 +0000 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2007-10-03 19:20:49 +0000 |
| commit | 4f094bdb48379d334a87b65b7c71eacad162a841 (patch) | |
| tree | b65415d2165d28f97c3f985744bf8e8b5b0840aa | |
| parent | 7a942662d95775dc7a538bfe6346e7927cce082a (diff) | |
| download | forums-4f094bdb48379d334a87b65b7c71eacad162a841.tar forums-4f094bdb48379d334a87b65b7c71eacad162a841.tar.gz forums-4f094bdb48379d334a87b65b7c71eacad162a841.tar.bz2 forums-4f094bdb48379d334a87b65b7c71eacad162a841.tar.xz forums-4f094bdb48379d334a87b65b7c71eacad162a841.zip | |
#i101
git-svn-id: file:///svn/phpbb/trunk@8127 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/common.php | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index 7b3a57c7d8..31d6a2ca85 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -65,8 +65,26 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing. - exit; + // Hacking attempt. No point in continuing unless it's a COOKIE + if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + { + exit; + } + else + { + $cookie = &$_COOKIE; + while (isset($cookie['GLOBALS'])) + { + foreach ($cookie['GLOBALS'] as $registered_var => $value) + { + if (!isset($not_unset[$registered_var])) + { + unset($GLOBALS[$registered_var]); + } + } + $cookie = &$cookie['GLOBALS']; + } + } } unset($GLOBALS[$varname]); |