diff options
| author | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2003-01-20 05:12:38 +0000 |
|---|---|---|
| committer | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2003-01-20 05:12:38 +0000 |
| commit | 458b9b50ec8d835b4c5f72823d4815a9cee6d706 (patch) | |
| tree | ab0ea84c5e34cb6b5fa61b736e89722a92395c16 /phpBB/admin | |
| parent | b2721cca0c82400efbf23abca1cbe260d4ea0eea (diff) | |
| download | forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar.gz forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar.bz2 forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar.xz forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.zip | |
Un-b0rked ACL options caching, small general fixes
git-svn-id: file:///svn/phpbb/trunk@3338 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/admin')
| -rw-r--r-- | phpBB/admin/admin_forums.php | 8 | ||||
| -rw-r--r-- | phpBB/admin/pagestart.php | 12 |
2 files changed, 6 insertions, 14 deletions
diff --git a/phpBB/admin/admin_forums.php b/phpBB/admin/admin_forums.php index 66c792d1e4..8f4b13d99f 100644 --- a/phpBB/admin/admin_forums.php +++ b/phpBB/admin/admin_forums.php @@ -192,10 +192,10 @@ switch ($mode) 'parent_id' => $parent_id, 'left_id' => $left_id, 'right_id' => $right_id, - 'forum_status' => ITEM_UNLOCKED, + 'forum_status' => intval($_POST['forum_status']), 'forum_postable' => (!empty($_POST['forum_postable'])) ? 1 : 0, - 'forum_name' => sql_quote($_POST['forum_name']), - 'forum_desc' => sql_quote($_POST['forum_desc']), + 'forum_name' => $_POST['forum_name'], + 'forum_desc' => $_POST['forum_desc'], 'forum_style' => (!empty($_POST['forum_style'])) ? intval($_POST['forum_style']) : 'NULL', 'enable_post_count' => (!empty($_POST['disable_post_count'])) ? 0 : 1, 'enable_icons' => (!empty($_POST['enable_icons'])) ? 1 : 0, @@ -282,6 +282,8 @@ switch ($mode) // // wasn't this form submitted? is anyone trying to remotely delete forums // + // NOTE/TODO: this should not be possible because of session_id verification so this part can be removed + // trigger_error('Did not submit', E_USER_ERROR); } diff --git a/phpBB/admin/pagestart.php b/phpBB/admin/pagestart.php index 8b4e2aa535..9460f86582 100644 --- a/phpBB/admin/pagestart.php +++ b/phpBB/admin/pagestart.php @@ -25,6 +25,7 @@ if (!defined('IN_PHPBB')) } define('IN_ADMIN', true); +define('NEED_SID', true); include($phpbb_root_path . 'common.'.$phpEx); // Start session management @@ -33,17 +34,6 @@ $user->setup(); $auth->acl($user->data); // End session management -// -// If session_ids do not match, rewrite the URL correctly then redirect the user -// -if ($_REQUEST['sid'] != $user->data['session_id']) -{ - $url = preg_replace('/sid=([^&]*)(&?)/i', '', $_SERVER['REQUEST_URI']); - $url = preg_replace('/\?$/', '', $url); - $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $user->data['session_id']; - redirect($url); -} - // ----------------------------- // Functions function page_header($sub_title, $meta = '', $table_html = true) |