aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2019-11-14 21:32:50 +0100
committerMarc Alexander <admin@m-a-styles.de>2019-11-14 21:32:50 +0100
commit7b428641f04766ea8711cb47e76bbe2b52638abe (patch)
tree689e252600228fcbe83a31bc31c283c25c25ea07 /phpBB
parent0641c209d73d56cbbb00e7f8bc4b64c8a0c9f902 (diff)
downloadforums-7b428641f04766ea8711cb47e76bbe2b52638abe.tar
forums-7b428641f04766ea8711cb47e76bbe2b52638abe.tar.gz
forums-7b428641f04766ea8711cb47e76bbe2b52638abe.tar.bz2
forums-7b428641f04766ea8711cb47e76bbe2b52638abe.tar.xz
forums-7b428641f04766ea8711cb47e76bbe2b52638abe.zip
[ticket/16211] Prevent skipping COPPA via URL parameter
PHPBB3-16211
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/includes/ucp/ucp_register.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 54e418d58c..29829c2e68 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -40,6 +40,7 @@ class ucp_register
}
$coppa = $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
+ $token = $request->variable('hash', '');
$agreed = $request->variable('agreed', false);
$submit = $request->is_set_post('submit');
$change_lang = $request->variable('change_lang', '');
@@ -50,6 +51,11 @@ class ucp_register
$agreed = false;
}
+ if ($coppa !== false && !check_link_hash($token, 'coppa') && !check_form_key('ucp_register'))
+ {
+ $coppa = false;
+ }
+
/**
* Add UCP register data before they are assigned to the template or submitted
*
@@ -164,13 +170,15 @@ class ucp_register
->format($user->lang['DATE_FORMAT'], true);
unset($now);
+ $coppa_link_hash = '&amp;hash=' . generate_link_hash('coppa');
+
$template_vars = array(
'S_LANG_OPTIONS' => (count($lang_row) > 1) ? language_select($user_lang) : '',
'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
- 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=0'),
- 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=1'),
+ 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=0' . $coppa_link_hash),
+ 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=1' . $coppa_link_hash),
'S_SHOW_COPPA' => true,
'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields),