News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Numeric keys in cookies

Started by ke, August 11, 2007, 07:52:03 PM

Previous topic - Next topic

ke

QueryString.php, lines 103-110 in Version 1.1.3:

// Same goes for numeric keys.
foreach (array_merge(array_keys($_REQUEST), array_keys($_FILES)) as $key)
if (is_numeric($key))
die('Invalid request variable.');

// Numeric keys in cookies are less of a problem. Just unset those.
foreach ($_COOKIE as $key => $value)
if (is_numeric($key))
unset($_COOKIE[$key]);


"Less of a problem" - okay, but that doesn't help, because all cookies are in $_REQUEST. SMF will die before it has a chance to generously just unset cookies. This is a problem if there is a MediaWiki in the same domain, because it creates cookies with numeric keys all the time. I think line 104 should be changed to:

foreach (array_merge(array_keys($_GET), array_keys($_POST), array_keys($_FILES)) as $key)

SleePy

I have reported this and will let the developers look at this.

Though really moving this set of code before that checks would work as well:

// Let's not depend on the ini settings... why even have COOKIE in there, anyway?
$_REQUEST = $_POST + $_GET;
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

Thantos

 + Check GET and POST instead of REQUEST for numeric keys. (QueryString.php)

Advertisement: