From 965042d015a0351303999b0196998be67d42dbae Mon Sep 17 00:00:00 2001
From: Nils Adermann <naderman@naderman.de>
Date: Tue, 25 Nov 2014 15:43:24 +0100
Subject: [ticket/13376] Revert unnecessary change for cookies called GLOBALS
 92f554e3

Also introduce a clear cookie message hardcoded just in case.

PHPBB3-13376
---
 phpBB/includes/startup.php | 28 +++++-----------------------
 1 file changed, 5 insertions(+), 23 deletions(-)

(limited to 'phpBB/includes')

diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php
index cf216a65db..2f3b1c5324 100644
--- a/phpBB/includes/startup.php
+++ b/phpBB/includes/startup.php
@@ -80,31 +80,13 @@ function deregister_globals()
 	{
 		if (isset($not_unset[$varname]))
 		{
-			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
-			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+			// Hacking attempt. No point in continuing.
+			if (isset($_COOKIE[$varname]))
 			{
-				exit;
-			}
-			else
-			{
-				$cookie = &$_COOKIE;
-				while (isset($cookie['GLOBALS']))
-				{
-					if (!is_array($cookie['GLOBALS']))
-					{
-						break;
-					}
-
-					foreach ($cookie['GLOBALS'] as $registered_var => $value)
-					{
-						if (!isset($not_unset[$registered_var]))
-						{
-							unset($GLOBALS[$registered_var]);
-						}
-					}
-					$cookie = &$cookie['GLOBALS'];
-				}
+				echo "Clear your cookies. ";
 			}
+			echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
+			exit;
 		}
 
 		unset($GLOBALS[$varname]);
-- 
cgit v1.2.1