diff options
author | Josh Woody <a_jelly_doughnut@phpbb.com> | 2010-05-30 12:24:56 -0500 |
---|---|---|
committer | Andreas Fischer <bantu@phpbb.com> | 2010-07-11 01:35:01 +0200 |
commit | c40b2c76015094283aa87f6b3c6ddea283bf3e42 (patch) | |
tree | 5c926f41d09de135092d32dd09b0ee4b507c3403 /phpBB/style.php | |
parent | e46745ed34386c5884c7dacb1f3d8a8ca0c333dd (diff) | |
download | forums-c40b2c76015094283aa87f6b3c6ddea283bf3e42.tar forums-c40b2c76015094283aa87f6b3c6ddea283bf3e42.tar.gz forums-c40b2c76015094283aa87f6b3c6ddea283bf3e42.tar.bz2 forums-c40b2c76015094283aa87f6b3c6ddea283bf3e42.tar.xz forums-c40b2c76015094283aa87f6b3c6ddea283bf3e42.zip |
[ticket/9629] Allow style.php to retrieve its session ID from cookies
style.php takes a session ID to ensure it gets the right language for a user,
but that session ID is always passed in GET. This allows change allows the SID
to be read from the cookie, and theoretically makes it friendlier for caching
engines like Varnish.
PHPBB3-9629
Diffstat (limited to 'phpBB/style.php')
-rw-r--r-- | phpBB/style.php | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/phpBB/style.php b/phpBB/style.php index fa77815670..8ca1751391 100644 --- a/phpBB/style.php +++ b/phpBB/style.php @@ -45,15 +45,8 @@ if (!empty($load_extensions) && function_exists('dl')) } } - -$sid = (isset($_GET['sid']) && !is_array($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : ''; $id = (isset($_GET['id'])) ? intval($_GET['id']) : 0; -if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid)) -{ - $sid = ''; -} - // This is a simple script to grab and output the requested CSS data stored in the DB // We include a session_id check to try and limit 3rd party linking ... unless they // happen to have a current session it will output nothing. We will also cache the @@ -81,6 +74,20 @@ if ($id) $config = $cache->obtain_config(); $user = false; + // try to get a session ID from REQUEST array + $sid = request_var('sid', ''); + + if (!$sid) + { + // if that failed, then look in the cookies + $sid = request_var($config['cookie_name'] . '_sid', '', false, true); + } + + if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid)) + { + $sid = ''; + } + if ($sid) { $sql = 'SELECT u.user_id, u.user_lang |