diff options
author | David King <imkingdavid@gmail.com> | 2012-05-29 20:36:52 -0400 |
---|---|---|
committer | David King <imkingdavid@gmail.com> | 2012-05-29 20:36:52 -0400 |
commit | 54bd800dabb189542b885a490c679efe615017b0 (patch) | |
tree | cec185f6ac46dd117c89dac986cfa355a07af1f6 /phpBB/includes/session.php | |
parent | e84c2d60112b8b6986a8151f44a5161f0bd4cc72 (diff) | |
parent | 275dabbc4f7e412d6f21266d43708635f63384e2 (diff) | |
download | forums-54bd800dabb189542b885a490c679efe615017b0.tar forums-54bd800dabb189542b885a490c679efe615017b0.tar.gz forums-54bd800dabb189542b885a490c679efe615017b0.tar.bz2 forums-54bd800dabb189542b885a490c679efe615017b0.tar.xz forums-54bd800dabb189542b885a490c679efe615017b0.zip |
Merge branch 'develop-olympus' into develop
Conflicts:
phpBB/includes/session.php
Diffstat (limited to 'phpBB/includes/session.php')
-rw-r--r-- | phpBB/includes/session.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index bcdff54457..257ffb07f6 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -342,8 +342,16 @@ class phpbb_session } } - // Is session_id is set or session_id is set and matches the url param if required - if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === request_var('sid', '')))) + // if no session id is set, redirect to index.php + $session_id = $request->variable('sid', ''); + if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id)) + { + send_status_line(401, 'Not authorized'); + redirect(append_sid("{$phpbb_root_path}index.$phpEx")); + } + + // if session id is set + if (!empty($this->session_id)) { $sql = 'SELECT u.*, s.* FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u |