diff options
| author | Nils Adermann <naderman@naderman.de> | 2012-05-29 14:54:04 +0200 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2012-05-29 14:54:04 +0200 |
| commit | 42dd60edad6c3533f6b718e731d43661641fd1fc (patch) | |
| tree | b1fe1cb248ac7caa0f14ad230d09149c0520c573 /phpBB/includes/session.php | |
| parent | efa96e1817847b94abe6d6d0f3f4a8563339f745 (diff) | |
| download | forums-42dd60edad6c3533f6b718e731d43661641fd1fc.tar forums-42dd60edad6c3533f6b718e731d43661641fd1fc.tar.gz forums-42dd60edad6c3533f6b718e731d43661641fd1fc.tar.bz2 forums-42dd60edad6c3533f6b718e731d43661641fd1fc.tar.xz forums-42dd60edad6c3533f6b718e731d43661641fd1fc.zip | |
[ticket/10913] Redirect to index if session id is required but was not sent
PHPBB3-10913
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index a894242a39..496c12a0d1 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -322,8 +322,15 @@ class session } } - // Is session_id is set or session_id is set and matches the url param if required - if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid']))) + // if no session id is set, redirect to index.php + if (defined('NEED_SID') && (!isset($_GET['sid']) || $this->session_id !== $_GET['sid'])) + { + send_status_line(401, 'Not authorized'); + redirect(append_sid("{$phpbb_root_path}index.$phpEx")); + } + + // if session id is set + if (!empty($this->session_id)) { $sql = 'SELECT u.*, s.* FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u |