diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2004-10-08 11:01:30 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2004-10-08 11:01:30 +0000 |
| commit | 2ac2d296e0581bcee218e8e06e734691b016e577 (patch) | |
| tree | c9631c36be99febf002c67ebf68da862c51fe273 /phpBB/includes/functions.php | |
| parent | 6fe3f0e7d4ae91a9b742b373791de812404217fa (diff) | |
| download | forums-2ac2d296e0581bcee218e8e06e734691b016e577.tar forums-2ac2d296e0581bcee218e8e06e734691b016e577.tar.gz forums-2ac2d296e0581bcee218e8e06e734691b016e577.tar.bz2 forums-2ac2d296e0581bcee218e8e06e734691b016e577.tar.xz forums-2ac2d296e0581bcee218e8e06e734691b016e577.zip | |
- cur_page no longer in use
- fix confirm box (since it used cur_page) :)
git-svn-id: file:///svn/phpbb/trunk@4996 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 8604a80e84..ecb7e5acb1 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1038,7 +1038,8 @@ function meta_refresh($time, $url) // Build Confirm box function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html') { - global $user, $template, $_POST, $SID, $db; + global $user, $template, $db; + global $SID, $phpEx; if (isset($_POST['cancel'])) { @@ -1087,17 +1088,20 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo // If activation key already exist, we better do not re-use the key (something very strange is going on...) if (request_var('confirm_key', '')) { -// $user->cur_page = preg_replace('#^(.*?)[&|\?]act_key=[A-Z0-9]{10}(.*?)#', '\1\2', str_replace('&', '&', $user->cur_page)); - // Need to adjust... - trigger_error('Hacking attempt'); + // This should not occur, therefore we cancel the operation to safe the user + return false; } + // re-add $SID + $u_action = (strpos($user->page, ".{$phpEx}?") !== false) ? str_replace(".{$phpEx}?", ".$phpEx$SID&", $user->page) . '&' : $user->page . '?'; + $u_action .= 'confirm_key=' . $confirm_key; + $template->assign_vars(array( 'MESSAGE_TITLE' => $user->lang[$title], 'MESSAGE_TEXT' => $user->lang[$title . '_CONFIRM'], 'YES_VALUE' => $user->lang['YES'], - 'S_CONFIRM_ACTION' => $user->cur_page . ((strpos($user->cur_page, '?') !== false) ? '&' : '?') . 'confirm_key=' . $confirm_key, + 'S_CONFIRM_ACTION' => $u_action, 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields) ); |