aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/session.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/session.php')
-rw-r--r--phpBB/includes/session.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index bcdff54457..257ffb07f6 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -342,8 +342,16 @@ class phpbb_session
}
}
- // Is session_id is set or session_id is set and matches the url param if required
- if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === request_var('sid', ''))))
+ // if no session id is set, redirect to index.php
+ $session_id = $request->variable('sid', '');
+ if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id))
+ {
+ send_status_line(401, 'Not authorized');
+ redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
+ }
+
+ // if session id is set
+ if (!empty($this->session_id))
{
$sql = 'SELECT u.*, s.*
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
generated by cgit v1.2.1 (git 2.21.0) at 2025-02-22 11:11:20 +0000