deregister globals to install too

git-svn-id: file:///svn/phpbb/trunk@8130 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-08 04:18:52 +00:00 · 2007-10-04 11:33:33 +00:00 · 2007-10-04 11:33:33 +00:00 · 92f554e38a
commit 92f554e38a
parent 303239afa4
18 changed files with 174 additions and 119 deletions
--- a/phpBB/install/convertors/functions_phpbb20.php
+++ b/phpBB/install/convertors/functions_phpbb20.php
@ -8,6 +8,11 @@
 *
 */

+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
 /**
 * Helper functions for phpBB 2.0.x to phpBB 3.0.x conversion
 */
--- a/phpBB/install/data/confusables.php
+++ b/phpBB/install/data/confusables.php
--- a/phpBB/install/data/new_normalizer.php
+++ b/phpBB/install/data/new_normalizer.php
@ -1,5 +1,20 @@
 <?php
+/**
+*
+* @package install
+* @version $Id$
+* @copyright (c) 2007 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/

+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}

 /**
 * A wrapper function for the normalizer which takes care of including the class if required and modifies the passed strings
--- a/phpBB/install/index.php
+++ b/phpBB/install/index.php
@ -34,17 +34,17 @@ if (version_compare(PHP_VERSION, '4.3.3') < 0)
 function deregister_globals()
 {
 	$not_unset = array(
-		'GLOBALS' => true,
-		'_GET' => true,
-		'_POST' => true,
-		'_COOKIE' => true,
-		'_REQUEST' => true,
-		'_SERVER' => true,
-		'_SESSION' => true,
-		'_ENV' => true,
-		'_FILES' => true,
-		'phpEx' => true,
-		'phpbb_root_path' => true
+		'GLOBALS'	=> true,
+		'_GET'		=> true,
+		'_POST'		=> true,
+		'_COOKIE'	=> true,
+		'_REQUEST'	=> true,
+		'_SERVER'	=> true,
+		'_SESSION'	=> true,
+		'_ENV'		=> true,
+		'_FILES'	=> true,
+		'phpEx'		=> true,
+		'phpbb_root_path'	=> true
 	);

 	// Not only will array_merge and array_keys give a warning if
@ -55,8 +55,7 @@ function deregister_globals()
 		$_SESSION = array();
 	}

-	// Merge all into one extremely huge array; unset
-	// this later
+	// Merge all into one extremely huge array; unset this later
 	$input = array_merge(
 		array_keys($_GET),
 		array_keys($_POST),
@ -71,8 +70,26 @@ function deregister_globals()
 	{
 		if (isset($not_unset[$varname]))
 		{
-			// Hacking attempt. No point in continuing.
-			exit;
+			// Hacking attempt. No point in continuing unless it's a COOKIE
+			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+			{
+				exit;
+			}
+			else
+			{
+				$cookie = &$_COOKIE;
+				while (isset($cookie['GLOBALS']))
+				{
+					foreach ($cookie['GLOBALS'] as $registered_var => $value)
+					{
+						if (!isset($not_unset[$registered_var]))
+						{
+							unset($GLOBALS[$registered_var]);
+						}
+					}
+					$cookie = &$cookie['GLOBALS'];
+				}
+			}
 		}

 		unset($GLOBALS[$varname]);