deregister globals to install too

git-svn-id: file:///svn/phpbb/trunk@8130 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/install/convertors/functions_phpbb20.php

@@ -8,6 +8,11 @@
 *
 */
 
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
 /**
 * Helper functions for phpBB 2.0.x to phpBB 3.0.x conversion
 */

phpBB/install/data/new_normalizer.php

@@ -1,5 +1,20 @@
 <?php
+/**
+*
+* @package install
+* @version $Id$
+* @copyright (c) 2007 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
 
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
 
 /**
 * A wrapper function for the normalizer which takes care of including the class if required and modifies the passed strings

phpBB/install/index.php

@@ -55,8 +55,7 @@ function deregister_globals()
 		$_SESSION = array();
 	}
 
-	// Merge all into one extremely huge array; unset
-	// this later
+	// Merge all into one extremely huge array; unset this later
 	$input = array_merge(
 		array_keys($_GET),
 		array_keys($_POST),
@@ -71,9 +70,27 @@ function deregister_globals()
 	{
 		if (isset($not_unset[$varname]))
 		{
-			// Hacking attempt. No point in continuing.
+			// Hacking attempt. No point in continuing unless it's a COOKIE
+			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+			{
 				exit;
 			}
+			else
+			{
+				$cookie = &$_COOKIE;
+				while (isset($cookie['GLOBALS']))
+				{
+					foreach ($cookie['GLOBALS'] as $registered_var => $value)
+					{
+						if (!isset($not_unset[$registered_var]))
+						{
+							unset($GLOBALS[$registered_var]);
+						}
+					}
+					$cookie = &$cookie['GLOBALS'];
+				}
+			}
+		}
 
 		unset($GLOBALS[$varname]);
 	}