[ticket/13765] Verify SERVER_PROTOCOL has the expected format before using it.

PHPBB3-13765
2025-02-24 20:13:22 +01:00 · 2015-04-11 17:43:06 +02:00 · 2015-04-11 17:43:06 +02:00 · 463c62df18
commit 463c62df18
parent 35d2467c94
2 changed files with 2 additions and 2 deletions
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -2782,7 +2782,7 @@ function send_status_line($code, $message)
 	}
 	else
 	{
-		if (!empty($_SERVER['SERVER_PROTOCOL']))
+		if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
 		{
 			$version = $_SERVER['SERVER_PROTOCOL'];
 		}
--- a/phpBB/includes/startup.php
+++ b/phpBB/includes/startup.php
@ -130,7 +130,7 @@ if (phpbb_has_trailing_path($phpEx))
 	{
 		$prefix = 'Status:';
 	}
-	else if (!empty($_SERVER['SERVER_PROTOCOL']))
+	else if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
 	{
 		$prefix = $_SERVER['SERVER_PROTOCOL'];
 	}