From 463c62df1847a3791fb7ec23b72c2f72bed12938 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Sat, 11 Apr 2015 17:43:06 +0200
Subject: [ticket/13765] Verify SERVER_PROTOCOL has the expected format before
 using it.

PHPBB3-13765
---
 phpBB/includes/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/includes/functions.php')

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index f0657b9016..4ae6e7a018 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2782,7 +2782,7 @@ function send_status_line($code, $message)
 	}
 	else
 	{
-		if (!empty($_SERVER['SERVER_PROTOCOL']))
+		if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
 		{
 			$version = $_SERVER['SERVER_PROTOCOL'];
 		}
-- 
cgit v1.2.1