diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-11-14 21:32:50 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-11-14 21:32:50 +0100 |
| commit | 7b428641f04766ea8711cb47e76bbe2b52638abe (patch) | |
| tree | 689e252600228fcbe83a31bc31c283c25c25ea07 /phpBB | |
| parent | 0641c209d73d56cbbb00e7f8bc4b64c8a0c9f902 (diff) | |
| download | forums-7b428641f04766ea8711cb47e76bbe2b52638abe.tar forums-7b428641f04766ea8711cb47e76bbe2b52638abe.tar.gz forums-7b428641f04766ea8711cb47e76bbe2b52638abe.tar.bz2 forums-7b428641f04766ea8711cb47e76bbe2b52638abe.tar.xz forums-7b428641f04766ea8711cb47e76bbe2b52638abe.zip | |
[ticket/16211] Prevent skipping COPPA via URL parameter
PHPBB3-16211
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 54e418d58c..29829c2e68 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -40,6 +40,7 @@ class ucp_register } $coppa = $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false; + $token = $request->variable('hash', ''); $agreed = $request->variable('agreed', false); $submit = $request->is_set_post('submit'); $change_lang = $request->variable('change_lang', ''); @@ -50,6 +51,11 @@ class ucp_register $agreed = false; } + if ($coppa !== false && !check_link_hash($token, 'coppa') && !check_form_key('ucp_register')) + { + $coppa = false; + } + /** * Add UCP register data before they are assigned to the template or submitted * @@ -164,13 +170,15 @@ class ucp_register ->format($user->lang['DATE_FORMAT'], true); unset($now); + $coppa_link_hash = '&hash=' . generate_link_hash('coppa'); + $template_vars = array( 'S_LANG_OPTIONS' => (count($lang_row) > 1) ? language_select($user_lang) : '', 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), - 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0'), - 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1'), + 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0' . $coppa_link_hash), + 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1' . $coppa_link_hash), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), |