diff options
author | Joas Schilling <nickvergessen@gmx.de> | 2014-11-25 16:36:32 +0100 |
---|---|---|
committer | Joas Schilling <nickvergessen@gmx.de> | 2014-11-25 16:36:32 +0100 |
commit | 1ad0dd28f110a0b83bbd9f296757d729321f3ac8 (patch) | |
tree | ed192b18c84228fce63dc02dbc032e3168c9f2cb /phpBB/includes/startup.php | |
parent | 9264d7c758616e8d26d6e7f20e49bb86e6ff5ae7 (diff) | |
parent | ff9b541070372cf4758b0ef538daa33e150a1886 (diff) | |
download | forums-1ad0dd28f110a0b83bbd9f296757d729321f3ac8.tar forums-1ad0dd28f110a0b83bbd9f296757d729321f3ac8.tar.gz forums-1ad0dd28f110a0b83bbd9f296757d729321f3ac8.tar.bz2 forums-1ad0dd28f110a0b83bbd9f296757d729321f3ac8.tar.xz forums-1ad0dd28f110a0b83bbd9f296757d729321f3ac8.zip |
Merge branch 'develop-olympus' into prep-release-3.1.2
Diffstat (limited to 'phpBB/includes/startup.php')
-rw-r--r-- | phpBB/includes/startup.php | 28 |
1 files changed, 5 insertions, 23 deletions
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 50fcd11bee..2885c80541 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -69,31 +69,13 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + // Hacking attempt. No point in continuing. + if (isset($_COOKIE[$varname])) { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - if (!is_array($cookie['GLOBALS'])) - { - break; - } - - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } + echo "Clear your cookies. "; } + echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; + exit; } unset($GLOBALS[$varname]); |