aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/admin
diff options
context:
space:
mode:
authorLudovic Arnaud <ludovic_arnaud@users.sourceforge.net>2003-01-20 05:12:38 +0000
committerLudovic Arnaud <ludovic_arnaud@users.sourceforge.net>2003-01-20 05:12:38 +0000
commit458b9b50ec8d835b4c5f72823d4815a9cee6d706 (patch)
treeab0ea84c5e34cb6b5fa61b736e89722a92395c16 /phpBB/admin
parentb2721cca0c82400efbf23abca1cbe260d4ea0eea (diff)
downloadforums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar
forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar.gz
forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar.bz2
forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar.xz
forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.zip
Un-b0rked ACL options caching, small general fixes
git-svn-id: file:///svn/phpbb/trunk@3338 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/admin')
-rw-r--r--phpBB/admin/admin_forums.php8
-rw-r--r--phpBB/admin/pagestart.php12
2 files changed, 6 insertions, 14 deletions
diff --git a/phpBB/admin/admin_forums.php b/phpBB/admin/admin_forums.php
index 66c792d1e4..8f4b13d99f 100644
--- a/phpBB/admin/admin_forums.php
+++ b/phpBB/admin/admin_forums.php
@@ -192,10 +192,10 @@ switch ($mode)
'parent_id' => $parent_id,
'left_id' => $left_id,
'right_id' => $right_id,
- 'forum_status' => ITEM_UNLOCKED,
+ 'forum_status' => intval($_POST['forum_status']),
'forum_postable' => (!empty($_POST['forum_postable'])) ? 1 : 0,
- 'forum_name' => sql_quote($_POST['forum_name']),
- 'forum_desc' => sql_quote($_POST['forum_desc']),
+ 'forum_name' => $_POST['forum_name'],
+ 'forum_desc' => $_POST['forum_desc'],
'forum_style' => (!empty($_POST['forum_style'])) ? intval($_POST['forum_style']) : 'NULL',
'enable_post_count' => (!empty($_POST['disable_post_count'])) ? 0 : 1,
'enable_icons' => (!empty($_POST['enable_icons'])) ? 1 : 0,
@@ -282,6 +282,8 @@ switch ($mode)
//
// wasn't this form submitted? is anyone trying to remotely delete forums
//
+ // NOTE/TODO: this should not be possible because of session_id verification so this part can be removed
+ //
trigger_error('Did not submit', E_USER_ERROR);
}
diff --git a/phpBB/admin/pagestart.php b/phpBB/admin/pagestart.php
index 8b4e2aa535..9460f86582 100644
--- a/phpBB/admin/pagestart.php
+++ b/phpBB/admin/pagestart.php
@@ -25,6 +25,7 @@ if (!defined('IN_PHPBB'))
}
define('IN_ADMIN', true);
+define('NEED_SID', true);
include($phpbb_root_path . 'common.'.$phpEx);
// Start session management
@@ -33,17 +34,6 @@ $user->setup();
$auth->acl($user->data);
// End session management
-//
-// If session_ids do not match, rewrite the URL correctly then redirect the user
-//
-if ($_REQUEST['sid'] != $user->data['session_id'])
-{
- $url = preg_replace('/sid=([^&]*)(&?)/i', '', $_SERVER['REQUEST_URI']);
- $url = preg_replace('/\?$/', '', $url);
- $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $user->data['session_id'];
- redirect($url);
-}
-
// -----------------------------
// Functions
function page_header($sub_title, $meta = '', $table_html = true)