From c0b01b623c1e23c2331a060a4eba5a8a0b202765 Mon Sep 17 00:00:00 2001
From: tianya <yanghuxiao@vip.qq.com>
Date: Sun, 26 Mar 2023 16:20:22 +0800
Subject: [PATCH] Update common.inc.php

---
 src/system/common.inc.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/system/common.inc.php b/src/system/common.inc.php
index 1f0832a3..50e0e250 100755
--- a/src/system/common.inc.php
+++ b/src/system/common.inc.php
@@ -85,7 +85,7 @@ function _RunMagicQuotes(&$svar)
         }
     } else {
         if (strlen($svar) > 0 && preg_match('#^(cfg_|GLOBALS|_GET|_REQUEST|_POST|_COOKIE|_SESSION)#', $svar)) {
-            exit('Request var not allow!');
+            exit('The requested operation is forbidden');
         }
         $svar = addslashes($svar);
     }
@@ -93,6 +93,9 @@ function _RunMagicQuotes(&$svar)
 }
 foreach (array('_GET', '_POST', '_COOKIE') as $_req) {
     foreach ($$_req as $_k => $_v) {
+        if (preg_match('#^(cfg_|GLOBALS|_GET|_REQUEST|_POST|_COOKIE|_SESSION)#', $_k)) {
+            exit('The requested operation is forbidden');
+        }
         if ($_k == 'nvarname') ${$_k} = $_v;
         else ${$_k} = _RunMagicQuotes($_v);
     }