diff options
Diffstat (limited to 'phpBB/common.php')
| -rw-r--r-- | phpBB/common.php | 37 |
1 files changed, 34 insertions, 3 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index 6822d8f72a..c5ef578231 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -27,13 +27,44 @@ error_reporting(E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitia //error_reporting(E_ALL); set_magic_quotes_runtime(0); +// Protect against GLOBALS tricks +if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) +{ + exit; +} + +// Protect against _SESSION tricks +if (isset($_SESSION) && !is_array($_SESSION)) +{ + exit; +} + // Be paranoid with passed vars -if (@ini_get('register_globals')) +if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { - foreach ($_REQUEST as $var_name => $void) + $not_unset = array('_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_SESSION', '_ENV', '_FILES', 'phpEx', 'phpbb_root_path'); + + // Not only will array_merge give a warning if a parameter + // is not an array, it will actually fail. So we check if + // _SESSION has been initialised. + if (!isset($_SESSION) || !is_array($_SESSION)) { - unset(${$var_name}); + $_SESSION = array(); } + + // Merge all into one extremely huge array; unset + // this later + $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_SESSION, $_ENV, $_FILES); + + foreach ($input as $varname => $void) + { + if (!in_array($varname, $not_unset)) + { + unset(${$varname}); + } + } + + unset($input); } if (defined('IN_CRON')) |