diff options
| author | Graham Eames <grahamje@users.sourceforge.net> | 2006-10-01 11:10:15 +0000 |
|---|---|---|
| committer | Graham Eames <grahamje@users.sourceforge.net> | 2006-10-01 11:10:15 +0000 |
| commit | c42b75d1bc1154c849b5f55becfc42452242c86d (patch) | |
| tree | 014b2f9512c25e1b2ee0aa1d8c80bf8d39e15244 /phpBB/includes/session.php | |
| parent | bc15445b58403c92ebca9e23ef3d9a59fbdccc92 (diff) | |
| download | forums-c42b75d1bc1154c849b5f55becfc42452242c86d.tar forums-c42b75d1bc1154c849b5f55becfc42452242c86d.tar.gz forums-c42b75d1bc1154c849b5f55becfc42452242c86d.tar.bz2 forums-c42b75d1bc1154c849b5f55becfc42452242c86d.tar.xz forums-c42b75d1bc1154c849b5f55becfc42452242c86d.zip | |
Prevent cookies from other applications interfering with our forms
git-svn-id: file:///svn/phpbb/trunk@6423 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index b61643dea5..9c720bbb52 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -151,9 +151,9 @@ class session // Switch to request_var ... can this cause issues, can a _GET/_POST param // be used to poison this? Not sure that it makes any difference in terms of // the end result, be it a cookie or param. - $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0); - $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', ''); - $this->session_id = request_var($config['cookie_name'] . '_sid', ''); + $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true); + $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true); + $this->session_id = request_var($config['cookie_name'] . '_sid', '', false, true); $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; $_SID = (defined('NEED_SID')) ? $this->session_id : ''; |