diff options
| author | David King <imkingdavid@gmail.com> | 2012-05-29 20:24:31 -0400 |
|---|---|---|
| committer | David King <imkingdavid@gmail.com> | 2012-05-29 20:24:31 -0400 |
| commit | 275dabbc4f7e412d6f21266d43708635f63384e2 (patch) | |
| tree | 32a4f3a9889ad5e3329f2f6e9496c1a9bcf8da05 /phpBB/includes | |
| parent | 9ead56acb3a64f2a6ac20336e02c0a976935bd3b (diff) | |
| parent | 42dd60edad6c3533f6b718e731d43661641fd1fc (diff) | |
| download | forums-275dabbc4f7e412d6f21266d43708635f63384e2.tar forums-275dabbc4f7e412d6f21266d43708635f63384e2.tar.gz forums-275dabbc4f7e412d6f21266d43708635f63384e2.tar.bz2 forums-275dabbc4f7e412d6f21266d43708635f63384e2.tar.xz forums-275dabbc4f7e412d6f21266d43708635f63384e2.zip | |
Merge branch 'naderman/ticket/10913' into develop-olympus
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/session.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index a894242a39..496c12a0d1 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -322,8 +322,15 @@ class session } } - // Is session_id is set or session_id is set and matches the url param if required - if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid']))) + // if no session id is set, redirect to index.php + if (defined('NEED_SID') && (!isset($_GET['sid']) || $this->session_id !== $_GET['sid'])) + { + send_status_line(401, 'Not authorized'); + redirect(append_sid("{$phpbb_root_path}index.$phpEx")); + } + + // if session id is set + if (!empty($this->session_id)) { $sql = 'SELECT u.*, s.* FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u |