diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2015-02-27 22:44:04 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2015-02-27 22:44:04 +0100 |
| commit | 8abf2592738663a21259d183f4f1ce0428cf6d46 (patch) | |
| tree | fe53c727eeaa4d19c135896f7a64befe828f47f1 /phpBB/phpbb | |
| parent | a7b1b7192164c11262900267220860d7488657f6 (diff) | |
| parent | 106bc1c232dd7c68b66ed99745635a8efaae8f2f (diff) | |
| download | forums-8abf2592738663a21259d183f4f1ce0428cf6d46.tar forums-8abf2592738663a21259d183f4f1ce0428cf6d46.tar.gz forums-8abf2592738663a21259d183f4f1ce0428cf6d46.tar.bz2 forums-8abf2592738663a21259d183f4f1ce0428cf6d46.tar.xz forums-8abf2592738663a21259d183f4f1ce0428cf6d46.zip | |
Merge pull request #3444 from naderman/ticket/13617-ascraeus
[ticket/13617] Enforce column size limit for session_forum_id
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/session.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 0a6a18ffbe..bedd581725 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -130,6 +130,10 @@ class session $script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/'; $root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/'; + $forum_id = $request->variable('f', 0); + // maximum forum id value is maximum value of mediumint unsigned column + $forum_id = ($forum_id > 0 && $forum_id < 16777215) ? $forum_id : 0; + $page_array += array( 'page_name' => $page_name, 'page_dir' => $page_dir, @@ -139,7 +143,7 @@ class session 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), 'page' => $page, - 'forum' => request_var('f', 0), + 'forum' => $forum_id, ); return $page_array; |