aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2019-12-06 07:20:30 +0100
committerMarc Alexander <admin@m-a-styles.de>2019-12-06 07:20:30 +0100
commit1f00e160ab69b2a709793abc1829cc6e91e07b93 (patch)
tree8a6bf7dfa8752e1a628910afdc274fd6390fa3d3 /phpBB
parent41918b8afa031806b36dd20b6ee44a915033b8df (diff)
parentc7ed162a0627a0cfcf000631f236fbb7f6722ba3 (diff)
downloadforums-1f00e160ab69b2a709793abc1829cc6e91e07b93.tar
forums-1f00e160ab69b2a709793abc1829cc6e91e07b93.tar.gz
forums-1f00e160ab69b2a709793abc1829cc6e91e07b93.tar.bz2
forums-1f00e160ab69b2a709793abc1829cc6e91e07b93.tar.xz
forums-1f00e160ab69b2a709793abc1829cc6e91e07b93.zip
Merge pull request #5737 from marc1706/ticket/16211
[ticket/16211] Prevent skipping COPPA via URL parameter
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/includes/ucp/ucp_register.php15
-rw-r--r--phpBB/styles/prosilver/template/ucp_agreement.html3
2 files changed, 11 insertions, 7 deletions
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 54e418d58c..03ac63b12b 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -39,7 +39,8 @@ class ucp_register
trigger_error('UCP_REGISTER_DISABLE');
}
- $coppa = $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
+ $coppa = $request->is_set('coppa_yes') ? 1 : ($request->is_set('coppa_no') ? 0 : false);
+ $coppa = $request->is_set('coppa') ? $request->variable('coppa', 0) : $coppa;
$agreed = $request->variable('agreed', false);
$submit = $request->is_set_post('submit');
$change_lang = $request->variable('change_lang', '');
@@ -50,6 +51,11 @@ class ucp_register
$agreed = false;
}
+ if ($coppa !== false && !check_form_key('ucp_register'))
+ {
+ $coppa = false;
+ }
+
/**
* Add UCP register data before they are assigned to the template or submitted
*
@@ -166,11 +172,8 @@ class ucp_register
$template_vars = array(
'S_LANG_OPTIONS' => (count($lang_row) > 1) ? language_select($user_lang) : '',
- 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
- 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
-
- 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=0'),
- 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=1'),
+ 'L_COPPA_NO' => $user->lang('UCP_COPPA_BEFORE', $coppa_birthday),
+ 'L_COPPA_YES' => $user->lang('UCP_COPPA_ON_AFTER', $coppa_birthday),
'S_SHOW_COPPA' => true,
'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields),
diff --git a/phpBB/styles/prosilver/template/ucp_agreement.html b/phpBB/styles/prosilver/template/ucp_agreement.html
index d4fef9f0a5..7959925d30 100644
--- a/phpBB/styles/prosilver/template/ucp_agreement.html
+++ b/phpBB/styles/prosilver/template/ucp_agreement.html
@@ -43,7 +43,8 @@
<div class="inner">
<fieldset class="submit-buttons">
<!-- IF S_SHOW_COPPA -->
- <strong><a href="{U_COPPA_NO}" class="button1">{L_COPPA_NO}</a></strong>&nbsp; <a href="{U_COPPA_YES}" class="button2">{L_COPPA_YES}</a>
+ <input type="submit" name="coppa_no" id="coppa_no" value="{{ L_COPPA_NO }}" class="button1" />
+ <input type="submit" name="coppa_yes" id="coppa_yes" value="{{ L_COPPA_YES }}" class="button2" />
<!-- ELSE -->
<input type="submit" name="agreed" id="agreed" value="{L_AGREE}" class="button1" />&nbsp;
<input type="submit" name="not_agreed" value="{L_NOT_AGREE}" class="button2" />