diff options
| author | Mate Bartus <mate.bartus@gmail.com> | 2015-07-23 04:27:31 +0200 |
|---|---|---|
| committer | Mate Bartus <mate.bartus@gmail.com> | 2015-07-23 04:27:31 +0200 |
| commit | 98d9d92aa7794316239fbda2a15a91618aef0879 (patch) | |
| tree | 0a880d73343aa6c24440faecbe763b168b82d78c /phpBB/phpbb/install | |
| parent | 3356130ce2adf82248cf64fcaa81a47713ce7987 (diff) | |
| download | forums-98d9d92aa7794316239fbda2a15a91618aef0879.tar forums-98d9d92aa7794316239fbda2a15a91618aef0879.tar.gz forums-98d9d92aa7794316239fbda2a15a91618aef0879.tar.bz2 forums-98d9d92aa7794316239fbda2a15a91618aef0879.tar.xz forums-98d9d92aa7794316239fbda2a15a91618aef0879.zip | |
[ticket/13740] Secure installer config against corrupted config data
PHPBB3-13740
Diffstat (limited to 'phpBB/phpbb/install')
| -rw-r--r-- | phpBB/phpbb/install/helper/config.php | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/phpBB/phpbb/install/helper/config.php b/phpBB/phpbb/install/helper/config.php index 457b64b301..38376da82a 100644 --- a/phpBB/phpbb/install/helper/config.php +++ b/phpBB/phpbb/install/helper/config.php @@ -224,11 +224,19 @@ class config $file_content = @file_get_contents($this->install_config_file); $serialized_data = trim(substr($file_content, 8)); - $unserialized_data = unserialize($serialized_data); - $this->installer_config = $unserialized_data['installer_config']; - $this->progress_data = $unserialized_data['progress_data']; - $this->navigation_data = $unserialized_data['navigation_data']; + $this->installer_config = array(); + $this->progress_data = array(); + $this->navigation_data = array(); + + if (!empty($serialized_data)) + { + $unserialized_data = unserialize($serialized_data); + + $this->installer_config = (is_array($unserialized_data['installer_config'])) ? $unserialized_data['installer_config'] : array(); + $this->progress_data = (is_array($unserialized_data['progress_data'])) ? $unserialized_data['progress_data'] : array(); + $this->navigation_data = (is_array($unserialized_data['navigation_data'])) ? $unserialized_data['navigation_data'] : array(); + } } /** |