From 44d3ba4582bf6f9e6e131b37146eb94215fcc4e4 Mon Sep 17 00:00:00 2001 From: Graham Eames Date: Tue, 23 May 2006 21:11:56 +0000 Subject: [PATCH] Attempt to deal with security issues which are arising in MODs which are not correctly setting phpbb_root_path and/or testing IN_PHPBB in their code No functional changes to the behaviour of phpBB itself git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5963 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/common.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/phpBB/common.php b/phpBB/common.php index ba0a72fe2e..c8c6e1b6b7 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -24,8 +24,8 @@ if ( !defined('IN_PHPBB') ) die("Hacking attempt"); } -// error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables + set_magic_quotes_runtime(0); // Disable magic_quotes_runtime // The following code (unsetting globals) @@ -82,10 +82,11 @@ if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals while (list($var,) = @each($input)) { - if (!in_array($var, $not_unset)) + if (in_array($var, $not_unset)) { - unset($$var); + die('Hacking attempt!'); } + unset($$var); } unset($input);