Merge branch 'develop-olympus' into prep-release-3.1.2

Merge pull request #3180 from naderman/ticket/13376
[ticket/13376] Revert unnecessary change for cookies called GLOBALS 92f554e3
2025-09-16 11:07:03 +02:00 · 2014-11-25 16:36:32 +01:00 · 2014-11-25 16:36:18 +01:00 · 2014-11-25 15:57:12 +01:00 · 2014-11-25 15:44:39 +01:00 · 2014-11-24 21:32:17 +01:00
6 changed files with 42 additions and 28 deletions
--- a/build/build.xml
+++ b/build/build.xml
@@ -2,9 +2,9 @@

 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.1.2-RC1" />
-	<property name="prevversion" value="3.1.1" />
-	<property name="olderversions" value="3.0.12, 3.1.0-a1, 3.1.0-a2, 3.1.0-a3, 3.1.0-b1, 3.1.0-b2, 3.1.0-b3, 3.1.0-b4, 3.1.0-RC1, 3.1.0-RC2, 3.1.0-RC3, 3.1.0-RC4, 3.1.0-RC5, 3.1.0-RC6, 3.1.0" />
+	<property name="newversion" value="3.1.2" />
+	<property name="prevversion" value="3.1.2-RC1" />
+	<property name="olderversions" value="3.0.12, 3.1.0-a1, 3.1.0-a2, 3.1.0-a3, 3.1.0-b1, 3.1.0-b2, 3.1.0-b3, 3.1.0-b4, 3.1.0-RC1, 3.1.0-RC2, 3.1.0-RC3, 3.1.0-RC4, 3.1.0-RC5, 3.1.0-RC6, 3.1.0, 3.1.1" />
 	<!-- no configuration should be needed beyond this point -->

 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -149,6 +149,7 @@
 		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13342">PHPBB3-13342</a>] - 310/captcha_plugins migration changes recaptcha to nogd</li>
 		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13349">PHPBB3-13349</a>] - Incorrect entities used for breadcrumb separator in CSS</li>
 		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13354">PHPBB3-13354</a>] - Unknown column 'topic_logs' in 'where clause' when deleting topic log in MCP</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13376">PHPBB3-13376</a>] - deregister_globals() does not work correctly when $_COOKIE['GLOBALS'] is specified</li>
 	</ul>

 	<h4>Improvement</h4>
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */

 // phpBB Version
-define('PHPBB_VERSION', '3.1.2-RC1');
+define('PHPBB_VERSION', '3.1.2');

 // QA-related
 // define('PHPBB_QA', 1);
--- a/phpBB/includes/startup.php
+++ b/phpBB/includes/startup.php
@@ -69,31 +69,13 @@ function deregister_globals()
 	{
 		if (isset($not_unset[$varname]))
 		{
-			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
-			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+			// Hacking attempt. No point in continuing.
+			if (isset($_COOKIE[$varname]))
 			{
-				exit;
-			}
-			else
-			{
-				$cookie = &$_COOKIE;
-				while (isset($cookie['GLOBALS']))
-				{
-					if (!is_array($cookie['GLOBALS']))
-					{
-						break;
-					}
-
-					foreach ($cookie['GLOBALS'] as $registered_var => $value)
-					{
-						if (!isset($not_unset[$registered_var]))
-						{
-							unset($GLOBALS[$registered_var]);
-						}
-					}
-					$cookie = &$cookie['GLOBALS'];
-				}
+				echo "Clear your cookies. ";
 			}
+			echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
+			exit;
 		}

 		unset($GLOBALS[$varname]);
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -273,7 +273,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.2-RC1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.2');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');

--- a/phpBB/phpbb/db/migration/data/v31x/v312.php
+++ b/phpBB/phpbb/db/migration/data/v31x/v312.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v31x;
+
+class v312 extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v31x\v312rc1',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.1.2')),
+		);
+	}
+}
Author	SHA1	Message	Date
Joas Schilling	1ad0dd28f1	Merge branch 'develop-olympus' into prep-release-3.1.2	2014-11-25 16:36:32 +01:00
Joas Schilling	ff9b541070	Merge pull request #3180 from naderman/ticket/13376 [ticket/13376] Revert unnecessary change for cookies called GLOBALS `92f554e3`	2014-11-25 16:36:18 +01:00
Nils Adermann	965042d015	[ticket/13376] Revert unnecessary change for cookies called GLOBALS `92f554e3` Also introduce a clear cookie message hardcoded just in case. PHPBB3-13376	2014-11-25 15:57:12 +01:00
Joas Schilling	9264d7c758	[prep-release-3.1.2] Update Changelog with 13376	2014-11-25 15:44:39 +01:00
Joas Schilling	0fbe8e8e69	[prep-release-3.1.2] Add migration to update version to 3.1.2	2014-11-24 21:32:17 +01:00
Joas Schilling	3862b60094	[prep-release-3.1.2] Increase version number to 3.1.2	2014-11-24 21:31:49 +01:00