aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/common.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/phpBB/common.php b/phpBB/common.php
index ceafdbd3bd..a176a45c38 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -69,7 +69,7 @@ function deregister_globals()
{
if (isset($not_unset[$varname]))
{
- // Hacking attempt. No point in continuing unless it's a COOKIE
+ // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
{
exit;
@@ -79,6 +79,11 @@ function deregister_globals()
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
+ if (!is_array($cookie['GLOBALS']))
+ {
+ break;
+ }
+
foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
generated by cgit v1.2.1 (git 2.21.0) at 2025-05-31 13:45:48 +0000