From 28ef238a5ccd41833de364ab14ff21a254a9beaf Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sat, 1 Nov 2014 16:26:40 +0100
Subject: [PATCH 1/2] [ticket/security-164] Sanitize all global variables in
 symfony_request class

SECURITY-164
---
 phpBB/phpbb/symfony_request.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php
index bf9ddec493..ad949a35f2 100644
--- a/phpBB/phpbb/symfony_request.php
+++ b/phpBB/phpbb/symfony_request.php
@@ -38,6 +38,9 @@ class symfony_request extends Request
 
 		array_walk_recursive($get_parameters, $sanitizer);
 		array_walk_recursive($post_parameters, $sanitizer);
+		array_walk_recursive($server_parameters, $sanitizer);
+		array_walk_recursive($files_parameters, $sanitizer);
+		array_walk_recursive($cookie_parameters, $sanitizer);
 
 		parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
 	}

From f534503a66fc81e7bbe589b883167d2343871134 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sat, 1 Nov 2014 22:02:47 +0100
Subject: [PATCH 2/2] [ticket/security-164] Correctly format page_name

SECURITY-164
---
 phpBB/phpbb/session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 477e91efd6..14b4c63207 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -87,7 +87,7 @@ class session
 		$symfony_request_path = $phpbb_filesystem->clean_path($symfony_request->getPathInfo());
 		if ($symfony_request_path !== '/')
 		{
-			$page_name .= $symfony_request_path;
+			$page_name .= str_replace('%2F', '/', urlencode($symfony_request_path));
 		}
 
 		// current directory within the phpBB root (for example: adm)