phpBB

Code Changes

File: includes/startup.php

  Unmodified   Added   Modified   Removed
Line 80Line 80
	{
if (isset($not_unset[$varname]))
{

	{
if (isset($not_unset[$varname]))
{

			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))

			// Hacking attempt. No point in continuing.
if (isset($_COOKIE[$varname]))

			{

			{

 
				echo "Clear your cookies. ";
}
echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";

				exit;
}

				exit;
}

			else
















unset($GLOBALS[$varname]);
}

unset($input);
}

/**
* Check if requested page uses a trailing path
*
* @param string $phpEx PHP extension
*
* @return bool True if trailing path is used, false if not
*/
function phpbb_has_trailing_path($phpEx)

			{

			{

				$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))

	// Check if path_info is being used
if (!empty($_SERVER['PATH_INFO']) || (!empty($_SERVER['ORIG_PATH_INFO']) && $_SERVER['SCRIPT_NAME'] != $_SERVER['ORIG_PATH_INFO']))

				{

				{

					if (!is_array($cookie['GLOBALS']))









		return true;
}

// Match any trailing path appended to a php script in the REQUEST_URI.
// It is assumed that only actual PHP scripts use names like foo.php. Due
// to this, any phpBB board inside a directory that has the php extension
// appended to its name will stop working, i.e. if the board is at
// example.com/phpBB/test.php/ or example.com/test.php/
if (preg_match('#^[^?]+\.' . preg_quote($phpEx, '#') . '/#', $_SERVER['REQUEST_URI']))

					{

					{

						break;

		return true;

					}


					}


					foreach ($cookie['GLOBALS'] as $registered_var => $value)





	return false;
}

// Check if trailing path is used
if (phpbb_has_trailing_path($phpEx))

					{

					{

						if (!isset($not_unset[$registered_var]))

	if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi')

						{

						{

							unset($GLOBALS[$registered_var]);

		$prefix = 'Status:';

						}

						}

 
	else if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
{
$prefix = $_SERVER['SERVER_PROTOCOL'];

					}

					}

					$cookie = &$cookie['GLOBALS'];



	else
{
$prefix = 'HTTP/1.0';

				}

				}

			}
}

unset($GLOBALS[$varname]);
}

unset($input);

	header("$prefix 404 Not Found", true, 404);
echo 'Trailing paths and PATH_INFO is not supported by phpBB 3.0';
exit;





}

// Register globals and magic quotes have been dropped in PHP 5.4

}

// Register globals and magic quotes have been dropped in PHP 5.4