diff options
| author | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2002-10-17 02:50:50 +0000 |
|---|---|---|
| committer | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2002-10-17 02:50:50 +0000 |
| commit | 80864fa7ee6e1d7e76a1f490d186fb9a7f5b1162 (patch) | |
| tree | a01b78d812ef3a2931dd3ef8ea76ccddfa0a263b /phpBB/admin | |
| parent | fafd167dde6726df46cd3cd9523ec6ad8af22b13 (diff) | |
| download | forums-80864fa7ee6e1d7e76a1f490d186fb9a7f5b1162.tar forums-80864fa7ee6e1d7e76a1f490d186fb9a7f5b1162.tar.gz forums-80864fa7ee6e1d7e76a1f490d186fb9a7f5b1162.tar.bz2 forums-80864fa7ee6e1d7e76a1f490d186fb9a7f5b1162.tar.xz forums-80864fa7ee6e1d7e76a1f490d186fb9a7f5b1162.zip | |
Random bugfixes, (hopefully) improved admin panel security.
git-svn-id: file:///svn/phpbb/trunk@2954 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/admin')
| -rw-r--r-- | phpBB/admin/pagestart.php | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/phpBB/admin/pagestart.php b/phpBB/admin/pagestart.php index 59df5b0f40..b640029279 100644 --- a/phpBB/admin/pagestart.php +++ b/phpBB/admin/pagestart.php @@ -37,6 +37,17 @@ $user = new user($userdata); // End session management // +// +// If session_ids do not match, rewrite the URL correctly then redirect the user +// +if ($_REQUEST['sid'] != $userdata['session_id']) +{ + $url = preg_replace('/sid=([^&]*)(&?)/i', '', $_SERVER['REQUEST_URI']); + $url = preg_replace('/\?$/', '', $url); + $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; + redirect($url); +} + // ----------------------------- // Functions function page_header($sub_title, $meta = '', $table_html = true) @@ -106,6 +117,8 @@ function page_footer($copyright_html = true) { global $board_config, $db, $lang, $phpEx; + // Close our DB connection. + $db->sql_close(); ?> </td> @@ -128,9 +141,6 @@ function page_footer($copyright_html = true) } - // Close our DB connection. - $db->sql_close(); - exit; } |