diff options
| author | David M <davidmj@users.sourceforge.net> | 2006-03-06 23:45:21 +0000 |
|---|---|---|
| committer | David M <davidmj@users.sourceforge.net> | 2006-03-06 23:45:21 +0000 |
| commit | 91720e826f14130485ccc306a93e5dd0fbf2946f (patch) | |
| tree | b5238c4c1f0f0b7a31f790d7035c76f90d27a214 /phpBB | |
| parent | 21f3fbc4be201a4fa277e65d30e694f0f75cb6ff (diff) | |
| download | forums-91720e826f14130485ccc306a93e5dd0fbf2946f.tar forums-91720e826f14130485ccc306a93e5dd0fbf2946f.tar.gz forums-91720e826f14130485ccc306a93e5dd0fbf2946f.tar.bz2 forums-91720e826f14130485ccc306a93e5dd0fbf2946f.tar.xz forums-91720e826f14130485ccc306a93e5dd0fbf2946f.zip | |
Weee! My turn to bug things up :D
- A moved topic has _two_ forum_ids, we must update the tracking info on the "fake" forum and the "real" forum.
- Welcome back to register_globals! :P
git-svn-id: file:///svn/phpbb/trunk@5608 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/common.php | 37 | ||||
| -rw-r--r-- | phpBB/install/install.php | 3 | ||||
| -rw-r--r-- | phpBB/viewtopic.php | 7 |
3 files changed, 42 insertions, 5 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index 6822d8f72a..c5ef578231 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -27,13 +27,44 @@ error_reporting(E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitia //error_reporting(E_ALL); set_magic_quotes_runtime(0); +// Protect against GLOBALS tricks +if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) +{ + exit; +} + +// Protect against _SESSION tricks +if (isset($_SESSION) && !is_array($_SESSION)) +{ + exit; +} + // Be paranoid with passed vars -if (@ini_get('register_globals')) +if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { - foreach ($_REQUEST as $var_name => $void) + $not_unset = array('_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_SESSION', '_ENV', '_FILES', 'phpEx', 'phpbb_root_path'); + + // Not only will array_merge give a warning if a parameter + // is not an array, it will actually fail. So we check if + // _SESSION has been initialised. + if (!isset($_SESSION) || !is_array($_SESSION)) { - unset(${$var_name}); + $_SESSION = array(); } + + // Merge all into one extremely huge array; unset + // this later + $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_SESSION, $_ENV, $_FILES); + + foreach ($input as $varname => $void) + { + if (!in_array($varname, $not_unset)) + { + unset(${$varname}); + } + } + + unset($input); } if (defined('IN_CRON')) diff --git a/phpBB/install/install.php b/phpBB/install/install.php index 2ce5e418d7..de019791e6 100644 --- a/phpBB/install/install.php +++ b/phpBB/install/install.php @@ -363,9 +363,8 @@ if ($stage == 0) <tr> <td>• <b><?php echo $lang['PHP_REGISTER_GLOBALS']; ?>: </b></td> <td><?php - if (@ini_get('register_globals') || strtolower(@ini_get('register_globals')) == 'on') + if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { - $passed['db'] = false; echo '<b style="color:red">' . $lang['NO'] . '</b>'; } else diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 843b4c2c02..bd4a2a96b3 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -210,6 +210,7 @@ if (!($topic_data = $db->sql_fetchrow($result))) trigger_error('NO_TOPIC'); } +$old_forum_id = $forum_id; $forum_id = (int) $topic_data['forum_id']; $topic_id = (int) $topic_data['topic_id']; @@ -1363,6 +1364,12 @@ if (isset($user->data['session_page']) && !preg_match("#&t=$topic_id#", $user->d if (isset($topic_tracking_info[$topic_id]) && $topic_data['topic_last_post_time'] > $topic_tracking_info[$topic_id]) { markread('topic', $forum_id, $topic_id, $max_post_time); + + // The topic has two different forum_id numbers, we have to update the other forum + if ($old_forum_id !== $forum_id) + { + markread('topic', $old_forum_id, $topic_id, $max_post_time); + } } // Change encoding if appropriate |