diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2014-11-25 16:47:22 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2014-11-25 16:47:22 +0100 |
| commit | 1a0cba1099a554323391d7dc43004cbcaaf3ade8 (patch) | |
| tree | 7bf336e4acde626b03a1962d955a96b1070467ca /phpBB/includes | |
| parent | 8f67892f5ef63144f394b6913aeaa9ca3479d33d (diff) | |
| parent | f4898b9258c8365f3aae7fc945c3f156ec9f0ad4 (diff) | |
| download | forums-1a0cba1099a554323391d7dc43004cbcaaf3ade8.tar forums-1a0cba1099a554323391d7dc43004cbcaaf3ade8.tar.gz forums-1a0cba1099a554323391d7dc43004cbcaaf3ade8.tar.bz2 forums-1a0cba1099a554323391d7dc43004cbcaaf3ade8.tar.xz forums-1a0cba1099a554323391d7dc43004cbcaaf3ade8.zip | |
Merge branch 'develop-ascraeus' into develop
Conflicts:
build/build.xml
phpBB/includes/constants.php
phpBB/install/schemas/schema_data.sql
phpBB/styles/prosilver/style.cfg
phpBB/styles/subsilver2/style.cfg
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/startup.php | 28 |
1 files changed, 5 insertions, 23 deletions
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 50fcd11bee..2885c80541 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -69,31 +69,13 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + // Hacking attempt. No point in continuing. + if (isset($_COOKIE[$varname])) { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - if (!is_array($cookie['GLOBALS'])) - { - break; - } - - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } + echo "Clear your cookies. "; } + echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; + exit; } unset($GLOBALS[$varname]); |