diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2008-01-02 15:34:33 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2008-01-02 15:34:33 +0000 |
| commit | 00f0159ea292aacf23a3c4cfcfb854689ee5a1c0 (patch) | |
| tree | cba867c49cbf68030787a211cd8c26c1df1ff3a0 /phpBB/includes | |
| parent | b870474810e7b513b70755c80e3eeb3105b4116b (diff) | |
| download | forums-00f0159ea292aacf23a3c4cfcfb854689ee5a1c0.tar forums-00f0159ea292aacf23a3c4cfcfb854689ee5a1c0.tar.gz forums-00f0159ea292aacf23a3c4cfcfb854689ee5a1c0.tar.bz2 forums-00f0159ea292aacf23a3c4cfcfb854689ee5a1c0.tar.xz forums-00f0159ea292aacf23a3c4cfcfb854689ee5a1c0.zip | |
Some issues with change_lang and VC / form tokens
Small stuff.
#18325
#17415
#17085
#16515
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8291 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/functions_profile_fields.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 37 |
2 files changed, 27 insertions, 12 deletions
diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index 6cccd7ffe5..63b506c5b8 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -666,7 +666,7 @@ class custom_profile } $profile_row['s_year_options'] = '<option value="0"' . ((!$year) ? ' selected="selected"' : '') . '>--</option>'; - for ($i = $now['year'] - 100; $i <= $now['year']; $i++) + for ($i = $now['year'] - 100; $i <= $now['year'] + 100; $i++) { $profile_row['s_year_options'] .= '<option value="' . $i . '"' . (($i == $year) ? ' selected="selected"' : '') . ">$i</option>"; } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 91660020e9..4c2129ee95 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -46,8 +46,8 @@ class ucp_register // not so fast, buddy - if (($submit && !check_form_key('ucp_register', false, '', false, $config['min_time_reg'])) - || (!$submit && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms']))) + if (!check_form_key('ucp_register', false, '', false, $config['min_time_reg']) + && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms'])) { $agreed = false; } @@ -103,12 +103,13 @@ class ucp_register // If we change the language, we want to pass on some more possible parameter. if ($change_lang) { - // We do not include the password! + // We do not include the password and not the captcha $s_hidden_fields = array_merge($s_hidden_fields, array( 'username' => utf8_normalize_nfc(request_var('username', '', true)), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'confirm_code' => request_var('confirm_code', ''), + 'confirm_id' => request_var('confirm_id', ''), 'lang' => $user->lang_name, 'tz' => request_var('tz', (float) $config['board_timezone']), )); @@ -451,13 +452,32 @@ class ucp_register $confirm_image = ''; // Visual Confirmation - Show images + if ($config['enable_confirm']) { - $str = ''; - if (!$change_lang) + if ($change_lang) + { + $str = '&change_lang=' . $change_lang; + $sql = 'SELECT code + FROM ' . CONFIRM_TABLE . " + WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' + AND session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . CONFIRM_REG; + $result = $db->sql_query($sql); + if (!$row = $db->sql_fetchrow($result)) + { + $confirm_id = ''; + } + $db->sql_freeresult($result); + } + else + { + $str = ''; + } + if (!$change_lang || !$confirm_id) { $user->confirm_gc(CONFIRM_REG); - + $sql = 'SELECT COUNT(session_id) AS attempts FROM ' . CONFIRM_TABLE . " WHERE session_id = '" . $db->sql_escape($user->session_id) . "' @@ -487,11 +507,6 @@ class ucp_register ); $db->sql_query($sql); } - else - { - $str .= '&change_lang=' . $change_lang; - } - $confirm_image = '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_REG . $str) . '" alt="" title="" />'; $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />'; } |