diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2011-06-03 12:53:50 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2011-06-03 12:53:50 +0200 |
| commit | 116744d4e5ba95645162c77124854cc58e1d6084 (patch) | |
| tree | 638aa61c9a58035892420b35ed456ebe05e94ade /phpBB/common.php | |
| parent | 7a2fb9f123262b3f8ffd335f8133654e7356cb0b (diff) | |
| parent | 57eb02bf2c62c665e8b0050515aa78684c8dd452 (diff) | |
| download | forums-116744d4e5ba95645162c77124854cc58e1d6084.tar forums-116744d4e5ba95645162c77124854cc58e1d6084.tar.gz forums-116744d4e5ba95645162c77124854cc58e1d6084.tar.bz2 forums-116744d4e5ba95645162c77124854cc58e1d6084.tar.xz forums-116744d4e5ba95645162c77124854cc58e1d6084.zip | |
Merge remote-tracking branch 'naderman/ticket/10149' into develop-olympus
* naderman/ticket/10149:
[ticket/10149] Skip foreach over GLOBALS cookie values if cookie is scalar
Diffstat (limited to 'phpBB/common.php')
| -rw-r--r-- | phpBB/common.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index ceafdbd3bd..a176a45c38 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -69,7 +69,7 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE + // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) { exit; @@ -79,6 +79,11 @@ function deregister_globals() $cookie = &$_COOKIE; while (isset($cookie['GLOBALS'])) { + if (!is_array($cookie['GLOBALS'])) + { + break; + } + foreach ($cookie['GLOBALS'] as $registered_var => $value) { if (!isset($not_unset[$registered_var])) |