mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-20 07:42:09 +02:00
Code Issues Releases Wiki Activity

Merge pull request #3180 from naderman/ticket/13376

Browse Source 
[ticket/13376] Revert unnecessary change for cookies called GLOBALS 92f554e3
This commit is contained in:
Joas Schilling 2014-11-25 16:36:18 +01:00
commit ff9b541070
1 changed files with 5 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
phpBB/includes/startup.php
View File

@ -80,31 +80,13 @@ function deregister_globals()
{
if (isset($not_unset[$varname]))
{
// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
// Hacking attempt. No point in continuing.
if (isset($_COOKIE[$varname]))
{
exit;
}
else
{
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
if (!is_array($cookie['GLOBALS']))
{
break;
}
foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
{
unset($GLOBALS[$registered_var]);
}
}
$cookie = &$cookie['GLOBALS'];
}
echo "Clear your cookies. ";
}
echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
exit;
}
unset($GLOBALS[$varname]);