From 98d9d92aa7794316239fbda2a15a91618aef0879 Mon Sep 17 00:00:00 2001
From: Mate Bartus <mate.bartus@gmail.com>
Date: Thu, 23 Jul 2015 04:27:31 +0200
Subject: [PATCH] [ticket/13740] Secure installer config against corrupted
 config data

PHPBB3-13740
---
 phpBB/phpbb/install/helper/config.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/phpBB/phpbb/install/helper/config.php b/phpBB/phpbb/install/helper/config.php
index 457b64b301..38376da82a 100644
--- a/phpBB/phpbb/install/helper/config.php
+++ b/phpBB/phpbb/install/helper/config.php
@@ -224,11 +224,19 @@ class config
 
 		$file_content = @file_get_contents($this->install_config_file);
 		$serialized_data = trim(substr($file_content, 8));
-		$unserialized_data = unserialize($serialized_data);
 
-		$this->installer_config = $unserialized_data['installer_config'];
-		$this->progress_data = $unserialized_data['progress_data'];
-		$this->navigation_data = $unserialized_data['navigation_data'];
+		$this->installer_config = array();
+		$this->progress_data = array();
+		$this->navigation_data = array();
+
+		if (!empty($serialized_data))
+		{
+			$unserialized_data = unserialize($serialized_data);
+
+			$this->installer_config = (is_array($unserialized_data['installer_config'])) ? $unserialized_data['installer_config'] : array();
+			$this->progress_data = (is_array($unserialized_data['progress_data'])) ? $unserialized_data['progress_data'] : array();
+			$this->navigation_data = (is_array($unserialized_data['navigation_data'])) ? $unserialized_data['navigation_data'] : array();
+		}
 	}
 
 	/**