diff options
| author | Igor Wiedler <igor@wiedler.ch> | 2012-07-21 15:36:25 +0200 |
|---|---|---|
| committer | Igor Wiedler <igor@wiedler.ch> | 2012-07-21 15:36:25 +0200 |
| commit | 5d57caee58c58d2a9c283abe8fe88f4eaec9f662 (patch) | |
| tree | cd36469a74bf6847e5305d1fb8f4ac35266813e2 /phpBB/includes/session.php | |
| parent | 3ebe89cb7eff57c3ffdbe0b7dcd9cdc35b48d26b (diff) | |
| parent | 841ea0e494504400c798faa6cc860dd1179e1004 (diff) | |
| download | forums-5d57caee58c58d2a9c283abe8fe88f4eaec9f662.tar forums-5d57caee58c58d2a9c283abe8fe88f4eaec9f662.tar.gz forums-5d57caee58c58d2a9c283abe8fe88f4eaec9f662.tar.bz2 forums-5d57caee58c58d2a9c283abe8fe88f4eaec9f662.tar.xz forums-5d57caee58c58d2a9c283abe8fe88f4eaec9f662.zip | |
Merge branch 'develop' into feature/dic
* develop: (441 commits)
[feature/new-tz-handling] Don't use global user but make it a parameter
[feature/new-tz-handling] Fix size of suggestion button in chrome
[feature/new-tz-handling] Fall back to UTC, if the timezone is invalid
[feature/new-tz-handling] Add previous selected value to validation if valid
[feature/new-tz-handling] Display suggestion when a different value is selected
[ticket/10998] Add border-radius to forum rules block - prosilver
[feature/new-tz-handling] Remove additional marking of selected items
[feature/new-tz-handling] Move update helper function to new class
[feature/new-tz-handling] Fix unit test
[feature/new-tz-handling] Delete old variable which is not used anymore
[feature/new-tz-handling] Rename $user->tz back to $user->timezone
[feature/pagination-as-list] New parameter for name of start var
[feature/pagination-as-list] Updates for nils comments
[feature/pagination-as-list] Rename and deprecate functions
[feature/pagination-as-list] Various fixes and improvements
[ticket/10968] Render pagination within the template
[feature/new-tz-handling] Remove "timezone might be numeric"
[feature/new-tz-handling] Add function to update the timezone
[feature/new-tz-handling] Correctly update user and board timezones on update
[ticket/10996] Use correct DBMS name in Travis config for PostgreSQL
...
Conflicts:
phpBB/common.php
phpBB/composer.json
phpBB/composer.lock
tests/cron/task_provider_test.php
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index bcdff54457..257ffb07f6 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -342,8 +342,16 @@ class phpbb_session } } - // Is session_id is set or session_id is set and matches the url param if required - if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === request_var('sid', '')))) + // if no session id is set, redirect to index.php + $session_id = $request->variable('sid', ''); + if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id)) + { + send_status_line(401, 'Not authorized'); + redirect(append_sid("{$phpbb_root_path}index.$phpEx")); + } + + // if session id is set + if (!empty($this->session_id)) { $sql = 'SELECT u.*, s.* FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u |