diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2010-07-11 01:41:22 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2010-07-11 01:41:22 +0200 |
| commit | 08a34ebe948b4cc4b6f53572a65da23f55613181 (patch) | |
| tree | 5c926f41d09de135092d32dd09b0ee4b507c3403 /phpBB/style.php | |
| parent | e46745ed34386c5884c7dacb1f3d8a8ca0c333dd (diff) | |
| parent | c40b2c76015094283aa87f6b3c6ddea283bf3e42 (diff) | |
| download | forums-08a34ebe948b4cc4b6f53572a65da23f55613181.tar forums-08a34ebe948b4cc4b6f53572a65da23f55613181.tar.gz forums-08a34ebe948b4cc4b6f53572a65da23f55613181.tar.bz2 forums-08a34ebe948b4cc4b6f53572a65da23f55613181.tar.xz forums-08a34ebe948b4cc4b6f53572a65da23f55613181.zip | |
Merge branch 'ticket/jellydoughnut/9629' into develop-olympus
* ticket/jellydoughnut/9629:
[ticket/9629] Allow style.php to retrieve its session ID from cookies
Diffstat (limited to 'phpBB/style.php')
| -rw-r--r-- | phpBB/style.php | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/phpBB/style.php b/phpBB/style.php index fa77815670..8ca1751391 100644 --- a/phpBB/style.php +++ b/phpBB/style.php @@ -45,15 +45,8 @@ if (!empty($load_extensions) && function_exists('dl')) } } - -$sid = (isset($_GET['sid']) && !is_array($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : ''; $id = (isset($_GET['id'])) ? intval($_GET['id']) : 0; -if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid)) -{ - $sid = ''; -} - // This is a simple script to grab and output the requested CSS data stored in the DB // We include a session_id check to try and limit 3rd party linking ... unless they // happen to have a current session it will output nothing. We will also cache the @@ -81,6 +74,20 @@ if ($id) $config = $cache->obtain_config(); $user = false; + // try to get a session ID from REQUEST array + $sid = request_var('sid', ''); + + if (!$sid) + { + // if that failed, then look in the cookies + $sid = request_var($config['cookie_name'] . '_sid', '', false, true); + } + + if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid)) + { + $sid = ''; + } + if ($sid) { $sql = 'SELECT u.user_id, u.user_lang |