diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-06-07 13:42:06 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-06-07 13:42:06 +0000 |
| commit | 7524ca52497a05b9079983c0fc7239a7e6e9a643 (patch) | |
| tree | 029c70bb88abed82d979074f7dc5d48f96bc68ff /phpBB/includes/session.php | |
| parent | 4dddc3a13093862bc70c1320bd310311246cb7bb (diff) | |
| download | forums-7524ca52497a05b9079983c0fc7239a7e6e9a643.tar forums-7524ca52497a05b9079983c0fc7239a7e6e9a643.tar.gz forums-7524ca52497a05b9079983c0fc7239a7e6e9a643.tar.bz2 forums-7524ca52497a05b9079983c0fc7239a7e6e9a643.tar.xz forums-7524ca52497a05b9079983c0fc7239a7e6e9a643.zip | |
do not allow [flash=0,0]... not implemented for images due to the reliance on getimagesize() - as usual both sizes are able to be limited by the maximum/minimum image size configuration options
git-svn-id: file:///svn/phpbb/trunk@8614 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index fedaba8559..05c9aa8de8 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -39,7 +39,7 @@ class session * * @param string $root_path current root path (phpbb_root_path) */ - function extract_current_page($root_path) + public static function extract_current_page($root_path) { $page_array = array(); @@ -160,7 +160,7 @@ class session $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); - $this->page = $this->extract_current_page(PHPBB_ROOT_PATH); + $this->page = self::extract_current_page(PHPBB_ROOT_PATH); // if the forwarded for header shall be checked we have to validate its contents if ($config['forwarded_for_check']) @@ -266,7 +266,7 @@ class session $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; - + // referer checks $check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH; $referer_valid = true; @@ -275,7 +275,7 @@ class session { $referer_valid = $this->validate_referer($check_referer_path); } - + if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid) { @@ -1287,10 +1287,10 @@ class session $this->set_login_key($user_id); } } - - + + /** - * Check if the request originated from the same page. + * Check if the request originated from the same page. * @param bool $check_script_path If true, the path will be checked as well */ function validate_referer($check_script_path = false) |