Prevent cookies from other applications interfering with our forms

git-svn-id: file:///svn/phpbb/trunk@6423 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/functions.php

@@ -52,8 +52,17 @@ function set_var(&$result, $var, $type, $multibyte = false)
 *
 * Used to get passed variable
 */
-function request_var($var_name, $default, $multibyte = false)
+function request_var($var_name, $default, $multibyte = false, $cookie = false)
 {
+	if (!$cookie && isset($_COOKIE[$var_name]))
+	{
+		if (!isset($_GET[$var_name]) && !isset($_POST[$var_name]))
+		{
+			return (is_array($default)) ? array() : $default;
+		}
+		$_REQUEST[$var_name] = isset($_POST[$var_name]) ? $_POST[$var_name] : $_GET[$var_name];
+	}
+
 	if (!isset($_REQUEST[$var_name]) || (is_array($_REQUEST[$var_name]) && !is_array($default)) || (is_array($default) && !is_array($_REQUEST[$var_name])))
 	{
 		return (is_array($default)) ? array() : $default;

phpBB/includes/session.php

@@ -151,9 +151,9 @@ class session
 			// Switch to request_var ... can this cause issues, can a _GET/_POST param
 			// be used to poison this? Not sure that it makes any difference in terms of
 			// the end result, be it a cookie or param.
-			$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0);
-			$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '');
-			$this->session_id 		= request_var($config['cookie_name'] . '_sid', '');
+			$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
+			$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
+			$this->session_id 		= request_var($config['cookie_name'] . '_sid', '', false, true);
 
 			$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
 			$_SID = (defined('NEED_SID')) ? $this->session_id : '';