aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/session.php
diff options
context:
space:
mode:
authorDavid King <imkingdavid@gmail.com>2012-05-29 20:36:52 -0400
committerDavid King <imkingdavid@gmail.com>2012-05-29 20:36:52 -0400
commit54bd800dabb189542b885a490c679efe615017b0 (patch)
treecec185f6ac46dd117c89dac986cfa355a07af1f6 /phpBB/includes/session.php
parente84c2d60112b8b6986a8151f44a5161f0bd4cc72 (diff)
parent275dabbc4f7e412d6f21266d43708635f63384e2 (diff)
downloadforums-54bd800dabb189542b885a490c679efe615017b0.tar
forums-54bd800dabb189542b885a490c679efe615017b0.tar.gz
forums-54bd800dabb189542b885a490c679efe615017b0.tar.bz2
forums-54bd800dabb189542b885a490c679efe615017b0.tar.xz
forums-54bd800dabb189542b885a490c679efe615017b0.zip
Merge branch 'develop-olympus' into develop
Conflicts: phpBB/includes/session.php
Diffstat (limited to 'phpBB/includes/session.php')
-rw-r--r--phpBB/includes/session.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index bcdff54457..257ffb07f6 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -342,8 +342,16 @@ class phpbb_session
}
}
- // Is session_id is set or session_id is set and matches the url param if required
- if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === request_var('sid', ''))))
+ // if no session id is set, redirect to index.php
+ $session_id = $request->variable('sid', '');
+ if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id))
+ {
+ send_status_line(401, 'Not authorized');
+ redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
+ }
+
+ // if session id is set
+ if (!empty($this->session_id))
{
$sql = 'SELECT u.*, s.*
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u