diff options
Diffstat (limited to 'phpBB/includes/startup.php')
| -rw-r--r-- | phpBB/includes/startup.php | 76 |
1 files changed, 53 insertions, 23 deletions
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index cf216a65db..008651c236 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -80,31 +80,13 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + // Hacking attempt. No point in continuing. + if (isset($_COOKIE[$varname])) { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - if (!is_array($cookie['GLOBALS'])) - { - break; - } - - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } + echo "Clear your cookies. "; } + echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; + exit; } unset($GLOBALS[$varname]); @@ -113,6 +95,54 @@ function deregister_globals() unset($input); } +/** + * Check if requested page uses a trailing path + * + * @param string $phpEx PHP extension + * + * @return bool True if trailing path is used, false if not + */ +function phpbb_has_trailing_path($phpEx) +{ + // Check if path_info is being used + if (!empty($_SERVER['PATH_INFO']) || (!empty($_SERVER['ORIG_PATH_INFO']) && $_SERVER['SCRIPT_NAME'] != $_SERVER['ORIG_PATH_INFO'])) + { + return true; + } + + // Match any trailing path appended to a php script in the REQUEST_URI. + // It is assumed that only actual PHP scripts use names like foo.php. Due + // to this, any phpBB board inside a directory that has the php extension + // appended to its name will stop working, i.e. if the board is at + // example.com/phpBB/test.php/ or example.com/test.php/ + if (preg_match('#^[^?]+\.' . preg_quote($phpEx, '#') . '/#', $_SERVER['REQUEST_URI'])) + { + return true; + } + + return false; +} + +// Check if trailing path is used +if (phpbb_has_trailing_path($phpEx)) +{ + if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi') + { + $prefix = 'Status:'; + } + else if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL'])) + { + $prefix = $_SERVER['SERVER_PROTOCOL']; + } + else + { + $prefix = 'HTTP/1.0'; + } + header("$prefix 404 Not Found", true, 404); + echo 'Trailing paths and PATH_INFO is not supported by phpBB 3.0'; + exit; +} + // Register globals and magic quotes have been dropped in PHP 5.4 if (version_compare(PHP_VERSION, '5.4.0-dev', '>=')) { |