diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-05-18 20:06:15 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-05-18 20:06:15 +0000 |
| commit | c41388ce8ab2268cd97c1c7d2d2791faddf23ea3 (patch) | |
| tree | cbcf2a21315b4f7075d6d9384affe5821b04d530 /phpBB/includes | |
| parent | 5828612677cfc62f176d8e32b3027bfc70e76a65 (diff) | |
| download | forums-c41388ce8ab2268cd97c1c7d2d2791faddf23ea3.tar forums-c41388ce8ab2268cd97c1c7d2d2791faddf23ea3.tar.gz forums-c41388ce8ab2268cd97c1c7d2d2791faddf23ea3.tar.bz2 forums-c41388ce8ab2268cd97c1c7d2d2791faddf23ea3.tar.xz forums-c41388ce8ab2268cd97c1c7d2d2791faddf23ea3.zip | |
some adjustements (changes to sessions code need to be backwards-compatible) - henry, do not forget to include this into your merge to 3.2.x too.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8565 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/session.php | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 2eafdc7e80..435618f7ff 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -264,16 +264,17 @@ class session $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; - + // referer checks - $check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH; + // The @ before $config['referer_validation'] suppresses notices present while running the updater + $check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH); $referer_valid = true; + // we assume HEAD and TRACE to be foul play and thus only whitelist GET - if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') + if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') { $referer_valid = $this->validate_referer($check_referer_path); } - if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid) { @@ -1119,7 +1120,7 @@ class session trigger_error($message); } - return ($banned) ? true : false; + return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned; } /** @@ -1297,10 +1298,10 @@ class session $this->set_login_key($user_id); } } - - + + /** - * Check if the request originated from the same page. + * Check if the request originated from the same page. * @param bool $check_script_path If true, the path will be checked as well */ function validate_referer($check_script_path = false) |