From 4f094bdb48379d334a87b65b7c71eacad162a841 Mon Sep 17 00:00:00 2001
From: Nils Adermann <naderman@naderman.de>
Date: Wed, 3 Oct 2007 19:20:49 +0000
Subject: [PATCH] #i101

git-svn-id: file:///svn/phpbb/trunk@8127 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/common.php | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/phpBB/common.php b/phpBB/common.php
index 7b3a57c7d8..31d6a2ca85 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -65,8 +65,26 @@ function deregister_globals()
 	{
 		if (isset($not_unset[$varname]))
 		{
-			// Hacking attempt. No point in continuing.
-			exit;
+			// Hacking attempt. No point in continuing unless it's a COOKIE
+			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+			{
+				exit;
+			}
+			else
+			{
+				$cookie = &$_COOKIE;
+				while (isset($cookie['GLOBALS']))
+				{
+					foreach ($cookie['GLOBALS'] as $registered_var => $value)
+					{
+						if (!isset($not_unset[$registered_var]))
+						{
+							unset($GLOBALS[$registered_var]);
+						}
+					}
+					$cookie = &$cookie['GLOBALS'];
+				}
+			}
 		}
 
 		unset($GLOBALS[$varname]);