diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2010-07-11 01:41:22 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2010-07-11 01:41:22 +0200 |
| commit | 08a34ebe948b4cc4b6f53572a65da23f55613181 (patch) | |
| tree | 5c926f41d09de135092d32dd09b0ee4b507c3403 | |
| parent | e46745ed34386c5884c7dacb1f3d8a8ca0c333dd (diff) | |
| parent | c40b2c76015094283aa87f6b3c6ddea283bf3e42 (diff) | |
| download | forums-08a34ebe948b4cc4b6f53572a65da23f55613181.tar forums-08a34ebe948b4cc4b6f53572a65da23f55613181.tar.gz forums-08a34ebe948b4cc4b6f53572a65da23f55613181.tar.bz2 forums-08a34ebe948b4cc4b6f53572a65da23f55613181.tar.xz forums-08a34ebe948b4cc4b6f53572a65da23f55613181.zip | |
Merge branch 'ticket/jellydoughnut/9629' into develop-olympus
* ticket/jellydoughnut/9629:
[ticket/9629] Allow style.php to retrieve its session ID from cookies
| -rw-r--r-- | phpBB/includes/functions.php | 2 | ||||
| -rw-r--r-- | phpBB/style.php | 21 |
2 files changed, 15 insertions, 8 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 3f097f171f..9c74a524ee 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4318,7 +4318,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/", - 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang'], true, $user->session_id), + 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang']), 'T_STYLESHEET_NAME' => $user->theme['theme_name'], 'T_THEME_NAME' => $user->theme['theme_path'], diff --git a/phpBB/style.php b/phpBB/style.php index fa77815670..8ca1751391 100644 --- a/phpBB/style.php +++ b/phpBB/style.php @@ -45,15 +45,8 @@ if (!empty($load_extensions) && function_exists('dl')) } } - -$sid = (isset($_GET['sid']) && !is_array($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : ''; $id = (isset($_GET['id'])) ? intval($_GET['id']) : 0; -if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid)) -{ - $sid = ''; -} - // This is a simple script to grab and output the requested CSS data stored in the DB // We include a session_id check to try and limit 3rd party linking ... unless they // happen to have a current session it will output nothing. We will also cache the @@ -81,6 +74,20 @@ if ($id) $config = $cache->obtain_config(); $user = false; + // try to get a session ID from REQUEST array + $sid = request_var('sid', ''); + + if (!$sid) + { + // if that failed, then look in the cookies + $sid = request_var($config['cookie_name'] . '_sid', '', false, true); + } + + if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid)) + { + $sid = ''; + } + if ($sid) { $sql = 'SELECT u.user_id, u.user_lang |