diff options
author | Graham Eames <grahamje@users.sourceforge.net> | 2006-05-23 21:11:56 +0000 |
---|---|---|
committer | Graham Eames <grahamje@users.sourceforge.net> | 2006-05-23 21:11:56 +0000 |
commit | 44d3ba4582bf6f9e6e131b37146eb94215fcc4e4 (patch) | |
tree | edc1e1a53e332162557ae9f57815fdbfc71a35a2 | |
parent | Small change to bring this check in line with the other image checks (remote ... (diff) | |
download | forums-44d3ba4582bf6f9e6e131b37146eb94215fcc4e4.tar.gz forums-44d3ba4582bf6f9e6e131b37146eb94215fcc4e4.tar.bz2 forums-44d3ba4582bf6f9e6e131b37146eb94215fcc4e4.zip |
Attempt to deal with security issues which are arising in MODs which are not correctly setting phpbb_root_path and/or testing IN_PHPBB in their code
No functional changes to the behaviour of phpBB itself
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5963 89ea8834-ac86-4346-8a33-228a782c2dd0
-rw-r--r-- | phpBB/common.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index ba0a72fe2..c8c6e1b6b 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -24,8 +24,8 @@ if ( !defined('IN_PHPBB') ) die("Hacking attempt"); } -// error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables + set_magic_quotes_runtime(0); // Disable magic_quotes_runtime // The following code (unsetting globals) @@ -82,10 +82,11 @@ if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals while (list($var,) = @each($input)) { - if (!in_array($var, $not_unset)) + if (in_array($var, $not_unset)) { - unset($$var); + die('Hacking attempt!'); } + unset($$var); } unset($input); |