aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
authorNils Adermann <naderman@naderman.de>2014-11-25 15:43:24 +0100
committerNils Adermann <naderman@naderman.de>2014-11-25 15:57:12 +0100
commit965042d015a0351303999b0196998be67d42dbae (patch)
tree600950d217580eb7a91d0a8c39ea58edb456d6d8 /phpBB/includes
parenta415b8e37b683fcb7d0702df0695850c7980d770 (diff)
downloadforums-965042d015a0351303999b0196998be67d42dbae.tar
forums-965042d015a0351303999b0196998be67d42dbae.tar.gz
forums-965042d015a0351303999b0196998be67d42dbae.tar.bz2
forums-965042d015a0351303999b0196998be67d42dbae.tar.xz
forums-965042d015a0351303999b0196998be67d42dbae.zip
[ticket/13376] Revert unnecessary change for cookies called GLOBALS 92f554e3
Also introduce a clear cookie message hardcoded just in case. PHPBB3-13376
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/startup.php28
1 files changed, 5 insertions, 23 deletions
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php
index cf216a65db..2f3b1c5324 100644
--- a/phpBB/includes/startup.php
+++ b/phpBB/includes/startup.php
@@ -80,31 +80,13 @@ function deregister_globals()
{
if (isset($not_unset[$varname]))
{
- // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
- if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+ // Hacking attempt. No point in continuing.
+ if (isset($_COOKIE[$varname]))
{
- exit;
- }
- else
- {
- $cookie = &$_COOKIE;
- while (isset($cookie['GLOBALS']))
- {
- if (!is_array($cookie['GLOBALS']))
- {
- break;
- }
-
- foreach ($cookie['GLOBALS'] as $registered_var => $value)
- {
- if (!isset($not_unset[$registered_var]))
- {
- unset($GLOBALS[$registered_var]);
- }
- }
- $cookie = &$cookie['GLOBALS'];
- }
+ echo "Clear your cookies. ";
}
+ echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
+ exit;
}
unset($GLOBALS[$varname]);