diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2011-06-03 12:54:37 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2011-06-03 12:54:37 +0200 |
| commit | c504888f037aaff9e202c765e7eb43a6b6abeb25 (patch) | |
| tree | b3ff1c3242e89a15d37fc69d108c490f892ce785 | |
| parent | ab366a18badd99abe8d648f72cf273ff2560c416 (diff) | |
| parent | 116744d4e5ba95645162c77124854cc58e1d6084 (diff) | |
| download | forums-c504888f037aaff9e202c765e7eb43a6b6abeb25.tar forums-c504888f037aaff9e202c765e7eb43a6b6abeb25.tar.gz forums-c504888f037aaff9e202c765e7eb43a6b6abeb25.tar.bz2 forums-c504888f037aaff9e202c765e7eb43a6b6abeb25.tar.xz forums-c504888f037aaff9e202c765e7eb43a6b6abeb25.zip | |
Merge branch 'develop-olympus' into develop
* develop-olympus:
[ticket/10149] Skip foreach over GLOBALS cookie values if cookie is scalar
| -rw-r--r-- | phpBB/common.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index f5fb46ae07..9657193176 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -69,7 +69,7 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE + // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) { exit; @@ -79,6 +79,11 @@ function deregister_globals() $cookie = &$_COOKIE; while (isset($cookie['GLOBALS'])) { + if (!is_array($cookie['GLOBALS'])) + { + break; + } + foreach ($cookie['GLOBALS'] as $registered_var => $value) { if (!isset($not_unset[$registered_var])) |