phpBB

Code Changes

File: includes/startup.php

  Unmodified   Added   Modified   Removed
Line 69Line 69
	{
if (isset($not_unset[$varname]))
{

	{
if (isset($not_unset[$varname]))
{

			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))

			// Hacking attempt. No point in continuing.
if (isset($_COOKIE[$varname]))

			{

			{

 
				echo "Clear your cookies. ";
}
echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";

				exit;

				exit;

			}
else
{
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
if (!is_array($cookie['GLOBALS']))
{
break;
}

foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
{
unset($GLOBALS[$registered_var]);
}
}
$cookie = &$cookie['GLOBALS'];
}
}

 
		}

unset($GLOBALS[$varname]);

		}

unset($GLOBALS[$varname]);

Line 112Line 94
}
else
{

}
else
{

 
	if (get_magic_quotes_runtime())
{
// Deactivate

	@set_magic_quotes_runtime(0);

	@set_magic_quotes_runtime(0);

 
	}


// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))


// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))