diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 15 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_permissions.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 61 | ||||
| -rw-r--r-- | phpBB/includes/functions_transfer.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_front.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_queue.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/message_parser.php | 21 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 100 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_options.php | 2 |
10 files changed, 147 insertions, 75 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index c65647bc48..1414bbdc82 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -192,21 +192,26 @@ class acp_board 'title' => 'ACP_SERVER_SETTINGS', 'vars' => array( 'legend1' => 'ACP_SERVER_SETTINGS', - 'server_name' => array('lang' => 'SERVER_NAME', 'type' => 'text:40:255', 'explain' => true), - 'server_port' => array('lang' => 'SERVER_PORT', 'type' => 'text:5:5', 'explain' => true), - 'script_path' => array('lang' => 'SCRIPT_PATH', 'type' => 'text::255', 'explain' => true), 'allow_autologin' => array('lang' => 'ALLOW_AUTOLOGIN', 'type' => 'radio:yes_no', 'explain' => true), 'max_autologin_time' => array('lang' => 'AUTOLOGIN_LENGTH', 'type' => 'text:5:5', 'explain' => true), 'ip_check' => array('lang' => 'IP_VALID', 'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true), 'browser_check' => array('lang' => 'BROWSER_VALID', 'type' => 'radio:yes_no', 'explain' => true), - 'send_encoding' => array('lang' => 'SEND_ENCODING', 'type' => 'radio:yes_no', 'explain' => true), + 'send_encoding' => array('lang' => 'SEND_ENCODING', 'type' => 'radio:yes_no', 'explain' => true), 'gzip_compress' => array('lang' => 'ENABLE_GZIP', 'type' => 'radio:yes_no', 'explain' => false), 'legend2' => 'PATH_SETTINGS', 'smilies_path' => array('lang' => 'SMILIES_PATH', 'type' => 'text:20:255', 'explain' => true), 'icons_path' => array('lang' => 'ICONS_PATH', 'type' => 'text:20:255', 'explain' => true), 'upload_icons_path' => array('lang' => 'UPLOAD_ICONS_PATH', 'type' => 'text:20:255', 'explain' => true), - 'ranks_path' => array('lang' => 'RANKS_PATH', 'type' => 'text:20:255', 'explain' => true) + 'ranks_path' => array('lang' => 'RANKS_PATH', 'type' => 'text:20:255', 'explain' => true), + + 'legend3' => 'SERVER_URL_SETTINGS', + 'force_server_vars' => array('lang' => 'FORCE_SERVER_VARS', 'type' => 'radio:yes_no', 'explain' => true), + 'server_protocol' => array('lang' => 'SERVER_PROTOCOL', 'type' => 'text:10:10', 'explain' => true), + 'server_name' => array('lang' => 'SERVER_NAME', 'type' => 'text:40:255', 'explain' => true), + 'server_port' => array('lang' => 'SERVER_PORT', 'type' => 'text:5:5', 'explain' => true), +// 'script_path' => array('lang' => 'SCRIPT_PATH', 'type' => 'text::255', 'explain' => true), + ) ); break; diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index 5eae82779e..c45ed20b33 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -32,9 +32,7 @@ class acp_permissions $this->tpl_name = 'acp_permissions'; // Set some vars - $action = request_var('action', array('' => 0)); - list($action, ) = each($action); - + $action = key(request_var('action', array('' => 0))); $action = (isset($_POST['psubmit'])) ? 'apply_permissions' : $action; $all_forums = request_var('all_forums', 0); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 43fd351b94..4a5838effe 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -629,7 +629,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0) { unset($tracking['t'][$topic_id36]); } - + if (isset($tracking['f'][$f_id])) { unset($tracking['f'][$f_id]); @@ -1041,19 +1041,41 @@ function on_page($num_items, $per_page, $start) } /** -* Generate board url +* Generate board url (example: http://www.foo.bar/phpBB) */ function generate_board_url() { - global $config; + global $config, $user; + + $server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'); + $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + + $url = (($config['cookie_secure']) ? 'https://' : 'http://') . $server_name; - $path = preg_replace('#^/?(.*?)/?$#', '\1', trim($config['script_path'])); + // Forcing server vars is the only way to specify/override the protocol + if ($config['force_server_vars'] || !$server_name) + { + $server_protocol = ($config['server_protocol']) ? $config['server_protocol'] : (($config['cookie_secure']) ? 'https://' : 'http://'); + $server_name = $config['server_name']; + $server_port = (int) $config['server_port']; + + $url = $server_protocol . $server_name; + } - return (($config['cookie_secure']) ? 'https://' : 'http://') . preg_replace('#^/?(.*?)/?$#', '\1', trim($config['server_name'])) . (($config['server_port'] <> 80) ? ':' . trim($config['server_port']) : '') . (($path) ? '/' . $path : ''); + if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80))) + { + $url .= ':' . $server_port; + } + + $url .= $user->page['root_script_path']; + + return $url; } /** * Redirects the user to another page then exits the script nicely +* Do not prepend url with $phpbb_root_path +* If not prefixed by / or full url given the board url will be prefixed */ function redirect($url) { @@ -1075,9 +1097,13 @@ function redirect($url) // If relative path, prepend board url if (strpos($url, '://') === false && $url{0} != '/') { - $url = generate_board_url() . preg_replace('#^/?(.*?)/?$#', '/\1', trim($url)); + $url = generate_board_url() . '/' . $url; } + /** + * Make sure no HTTP Response Splitting attacks are possible + */ + // Redirect via an HTML form for PITA webservers if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) { @@ -1187,10 +1213,10 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo return false; } - // re-add $SID / transform & to & for user->page (user->page is always using & - $use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&', $user->page); - $u_action = (strpos($use_page, ".{$phpEx}?") !== false) ? str_replace(".{$phpEx}?", ".$phpEx$SID&", $use_page) : $use_page . '?'; - $u_action .= '&confirm_key=' . $confirm_key; + // re-add $SID / transform & to & for user->page (user->page is always using &) + $use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&', $user->page['page']); + $u_action = (strpos($use_page, 'sid=') === false) ? ((strpos($use_page, '?') !== false) ? str_replace('?', $SID . '&', $use_page) : $use_page . '?' . str_replace('?', '', $SID)) : $use_page; + $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $template->assign_vars(array( 'MESSAGE_TITLE' => (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title], @@ -1278,17 +1304,8 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa if (!$redirect) { - $split_page = array(); - preg_match_all('#^.*?([a-z_-]+?)\.' . $phpEx . '?(.*?)$#i', $user->page, $split_page, PREG_SET_ORDER); - - // No script name set? Assume index - if (empty($split_page[0][1])) - { - $split_page[0][1] = 'index'; - } - - // Current page correctly formatted for (login) redirects - $redirect = htmlspecialchars($split_page[0][1] . '.' . $phpEx . $SID . ((!empty($split_page[0][2])) ? '&' . $split_page[0][2] : '')); + // We just use what the session code determined... + $redirect = htmlspecialchars($user->page['page_name'] . $SID . '&' . $user->page['query_string']); } $s_hidden_fields = build_hidden_fields(array('redirect' => $redirect, 'sid' => $SID)); @@ -2015,7 +2032,7 @@ function page_header($page_title = '') 'SITENAME' => $config['sitename'], 'SITE_DESCRIPTION' => $config['site_desc'], 'PAGE_TITLE' => $page_title, - 'SCRIPT_NAME' => substr($user->page, 0, strpos($user->page, '.')), + 'SCRIPT_NAME' => str_replace($phpEx, '', $user->page['page_name']), 'LAST_VISIT_DATE' => sprintf($user->lang['YOU_LAST_VISIT'], $s_last_visit), 'CURRENT_TIME' => sprintf($user->lang['CURRENT_TIME'], $user->format_date(time(), false, true)), 'TOTAL_USERS_ONLINE' => $l_online_users, diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php index dca6391e4e..2be9790e09 100644 --- a/phpBB/includes/functions_transfer.php +++ b/phpBB/includes/functions_transfer.php @@ -238,6 +238,9 @@ class ftp extends transfer $this->username = $username; $this->password = $password; $this->timeout = $timeout; + + // Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (prefixed with / and no / at the end) + $this->root_path = str_replace('\\', '/', $this->root_path); $this->root_path = (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? substr($root_path, 0, -1) : $root_path); // Init some needed values @@ -251,8 +254,9 @@ class ftp extends transfer */ function data() { - global $config; - return array('host' => 'localhost' , 'username' => 'anonymous', 'password' => '', 'root_path' => $config['script_path'], 'port' => 21, 'timeout' => 10); + global $user; + + return array('host' => 'localhost' , 'username' => 'anonymous', 'password' => '', 'root_path' => $user->page['root_script_path'], 'port' => 21, 'timeout' => 10); } /** diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index 64982141a4..6c2c4df406 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -60,6 +60,7 @@ function mcp_front_view($id, $mode, $action) { $post_list[] = $row['post_id']; } + $db->sql_freeresult($result); $sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u @@ -86,6 +87,7 @@ function mcp_front_view($id, $mode, $action) 'POST_TIME' => $user->format_date($row['post_time'])) ); } + $db->sql_freeresult($result); } if ($total == 0) diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 80d3672427..7884298380 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -495,7 +495,7 @@ function approve_post($post_id_list, $mode) confirm_box(false, 'APPROVE_POST' . ((sizeof($post_id_list) == 1) ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html'); } - $redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx$SID"); + $redirect = request_var('redirect', "index.$phpEx$SID"); if (strpos($redirect, '?') === false) { @@ -509,7 +509,7 @@ function approve_post($post_id_list, $mode) else { meta_refresh(3, $redirect); - trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $forum_id . '">', '</a>')); + trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $phpbb_root_path . $redirect . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $forum_id . '">', '</a>')); } } @@ -715,7 +715,7 @@ function disapprove_post($post_id_list, $mode) confirm_box(false, 'DISAPPROVE_POST' . ((sizeof($post_id_list) == 1) ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html'); } - $redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx$SID"); + $redirect = request_var('redirect', "index.$phpEx$SID"); if (strpos($redirect, '?') === false) { diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index eb37168fdd..dc206d1ba1 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -667,11 +667,8 @@ class bbcode_firstpass extends bbcode return ''; } - $server_protocol = ( $config['cookie_secure'] ) ? 'https://' : 'http://'; - $server_port = ( $config['server_port'] <> 80 ) ? ':' . trim($config['server_port']) . '/' : '/'; - // relative urls for this board - if (preg_match('#' . $server_protocol . trim($config['server_name']) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($config['script_path'])) . '/([^ \t\n\r<"\']+)#i', $url) || + if (preg_match('#' . preg_quote(generate_board_url(), '#') . '/([^ \t\n\r<"\']+)#i', $url) || preg_match('#([\w]+?://.*?[^ \t\n\r<"\']*)#i', $url) || preg_match('#(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"\']*)?)#i', $url)) { @@ -803,7 +800,7 @@ class parse_message extends bbcode_firstpass // Parse URL's if ($allow_magic_url) { - $this->magic_url((($config['cookie_secure']) ? 'https://' : 'http://'), $config['server_name'], $config['server_port'], $config['script_path']); + $this->magic_url(generate_board_url()); if ($config['max_' . $mode . '_urls']) { @@ -908,20 +905,18 @@ class parse_message extends bbcode_firstpass // Replace magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx. // Cuts down displayed size of link if over 50 chars, turns absolute links // into relative versions when the server/script path matches the link - function magic_url($server_protocol, $server_name, $server_port, $script_path) + function magic_url($server_url) { static $match; static $replace; - $server_port = ($server_port <> 80 ) ? ':' . trim($server_port) . '/' : '/'; - if (!is_array($match)) { $match = $replace = array(); // Be sure to not let the matches cross over. ;) // relative urls for this board - $match[] = '#(^|[\n ]|\()(' . preg_quote($server_protocol . trim($server_name) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($script_path)), '#') . ')/([^ \t\n\r<"\'\)&]+|&(?!lt;))*)#i'; + $match[] = '#(^|[\n ]|\()(' . preg_quote($server_url, '#') . ')/([^ \t\n\r<"\'\)&]+|&(?!lt;))*)#i'; $replace[] = '$1<!-- l --><a href="$2/$3">$3</a><!-- l -->'; // matches a xxxx://aaaaa.bbb.cccc. ... @@ -1011,7 +1006,7 @@ class parse_message extends bbcode_firstpass // Parse Attachments function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) { - global $config, $auth, $user, $phpbb_root_path; + global $config, $auth, $user, $phpbb_root_path, $phpEx; $error = array(); @@ -1075,6 +1070,8 @@ class parse_message extends bbcode_firstpass // Perform actions on temporary attachments if ($delete_file) { + include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); + $index = (int) key($_POST['delete_file']); // delete selected attachment @@ -1089,10 +1086,6 @@ class parse_message extends bbcode_firstpass } else { - if (!function_exists('delete_attachments')) - { - include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); - } delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id']))); } diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index e80a5a3ce1..9bf6068e46 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -18,12 +18,81 @@ class session var $cookie_data = array(); var $browser = ''; var $ip = ''; - var $page = ''; + var $page = array(); var $current_page_filename = ''; var $load; var $time_now = 0; /** + * Extract current session page + */ + function extract_current_page($root_path) + { + $page_array = array(); + + // First of all, get the request uri... + $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); + $args = (!empty($_SERVER['QUERY_STRING'])) ? explode('&', $_SERVER['QUERY_STRING']) : explode('&', getenv('QUERY_STRING')); + + // If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support... + if (!$script_name) + { + $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); + $page['failover'] = 1; + } + + // Replace backslashes and doubled slashes (could happen on some proxy setups) + $script_name = str_replace(array('\\', '//'), '/', $script_name); + + // Now, remove the sid and let us get a clean query string... + foreach ($args as $key => $argument) + { + if (strpos($argument, 'sid=') === 0) + { + unset($args[$key]); + break; + } + } + + // The current query string + $query_string = trim(implode('&', $args)); + + // basenamed page name (for example: index.php) + $page_name = htmlspecialchars(basename($script_name)); + + // current directory within the phpBB root (for example: adm) + $page_dir = substr(str_replace(str_replace('\\', '/', realpath($root_path)), '', str_replace('\\', '/', realpath('./'))), 1); + + // Current page from phpBB root (for example: adm/index.php?i=10) + $page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : ''); + + // The script path from the webroot to the current directory (for example: /phpBB2/adm) : always prefixed with / + $script_path = trim(str_replace('\\', '/', dirname($script_name))); + + // The script path from the webroot to the phpBB root (for example: /phpBB2) + $root_script_path = ($page_dir) ? str_replace('/' . $page_dir, '', $script_path) : $script_path; + + // We are on the base level (phpBB root == webroot), lets adjust the variables a bit... + if (!$root_script_path) + { + $root_script_path = ($page_dir) ? str_replace($page_dir, '', $script_path) : $script_path;; + } + + $page_array += array( + 'page_name' => $page_name, + 'page_dir' => $page_dir, + + 'query_string' => $query_string, + 'script_path' => htmlspecialchars($script_path), + 'root_script_path' => htmlspecialchars($root_script_path), + + 'page' => $page + ); + + return $page_array; + } + + /** * Start session management * * This is where all session activity begins. We gather various pieces of @@ -38,29 +107,14 @@ class session */ function session_begin() { - global $phpEx, $SID, $db, $config; + global $phpEx, $SID, $db, $config, $phpbb_root_path; $this->time_now = time(); $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : ''; - $this->page = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] . ((isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : '') : ''; - $sid = substr($this->page, strpos($this->page, 'sid='), 36); - - /** - * @todo: getting away with script_path or being more strict in it's format - */ - $script_path = $config['script_path']; - if ($script_path{0} != '/') - { - $script_path = '/' . $script_path; - } - - if ($script_path{(strlen($script_path)-1)} != '/') - { - $script_path .= '/'; - } - $this->page = str_replace(array($script_path, (strlen($sid) == 36 && strpos($sid, '&') === false) ? $sid : 'sid='), '', $this->page); + $this->page = $this->extract_current_page($phpbb_root_path); + $this->page['page'] .= (isset($_POST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . 'f=' . intval($_POST['f']) : ''; $this->cookie_data = array(); if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) @@ -126,10 +180,10 @@ class session if ($u_ip == $s_ip && $s_browser == $u_browser) { // Only update session DB a minute or so after last update or if page changes - if ($this->time_now - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page) + if ($this->time_now - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page['page']) { $sql = 'UPDATE ' . SESSIONS_TABLE . " - SET session_time = $this->time_now, session_page = '" . $db->sql_escape($this->page) . "' + SET session_time = $this->time_now, session_page = '" . $db->sql_escape($this->page['page']) . "' WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; $db->sql_query($sql); } @@ -317,7 +371,7 @@ class session 'session_last_visit' => (int) $this->data['session_last_visit'], 'session_time' => (int) $this->time_now, 'session_browser' => (string) $this->browser, - 'session_page' => (string) $this->page, + 'session_page' => (string) $this->page['page'], 'session_ip' => (string) $this->ip, 'session_admin' => ($set_admin) ? 1 : 0, 'session_viewonline' => ($viewonline) ? 1 : 0, @@ -888,7 +942,7 @@ class user extends session { global $SID; - if (strpos($this->page, 'mode=reg_details') !== false && strpos($this->page, "ucp.$phpEx") !== false) + if (strpos($this->page['page_query'], 'mode=reg_details') !== false && $this->page['page_name'] == "ucp.$phpEx") { redirect("ucp.$phpEx$SID&i=profile&mode=reg_details"); } diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index fa17b008b6..2ab9bcdca3 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -59,8 +59,7 @@ function compose_pm($id, $mode, $action) // Was cancel pressed? If so then redirect to the appropriate page if ($cancel || ($current_time - $lastclick < 2 && $submit)) { - $redirect = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=view&action=view_message" . (($msg_id) ? "&p=$msg_id" : ''); - redirect($redirect); + redirect("ucp.$phpEx$SID&i=pm&mode=view&action=view_message" . (($msg_id) ? "&p=$msg_id" : '')); } $sql = ''; diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index bb0a22102b..41475b2f8b 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -294,7 +294,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit if (!$delete_id) { - redirect("{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=$mode"); + redirect("ucp.$phpEx$SID&i=pm&mode=$mode"); } // Do we need to confirm? |