aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/session.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb/session.php')
-rw-r--r--phpBB/phpbb/session.php61
1 files changed, 46 insertions, 15 deletions
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index da8b848fa5..bedd581725 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -31,10 +31,11 @@ class session
var $update_session_page = true;
/**
- * Extract current session page
- *
- * @param string $root_path current root path (phpbb_root_path)
- */
+ * Extract current session page
+ *
+ * @param string $root_path current root path (phpbb_root_path)
+ * @return array
+ */
static function extract_current_page($root_path)
{
global $request, $symfony_request, $phpbb_filesystem;
@@ -42,8 +43,8 @@ class session
$page_array = array();
// First of all, get the request uri...
- $script_name = $symfony_request->getScriptName();
- $args = explode('&', $symfony_request->getQueryString());
+ $script_name = $request->escape($symfony_request->getScriptName(), true);
+ $args = $request->escape(explode('&', $symfony_request->getQueryString()), true);
// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
if (!$script_name)
@@ -61,8 +62,8 @@ class session
// Since some browser do not encode correctly we need to do this with some "special" characters...
// " -> %22, ' => %27, < -> %3C, > -> %3E
- $find = array('"', "'", '<', '>');
- $replace = array('%22', '%27', '%3C', '%3E');
+ $find = array('"', "'", '<', '>', '&quot;', '&lt;', '&gt;');
+ $replace = array('%22', '%27', '%3C', '%3E', '%22', '%3C', '%3E');
foreach ($args as $key => $argument)
{
@@ -87,7 +88,7 @@ class session
$symfony_request_path = $phpbb_filesystem->clean_path($symfony_request->getPathInfo());
if ($symfony_request_path !== '/')
{
- $page_name .= $symfony_request_path;
+ $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path));
}
// current directory within the phpBB root (for example: adm)
@@ -129,6 +130,10 @@ class session
$script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/';
$root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/';
+ $forum_id = $request->variable('f', 0);
+ // maximum forum id value is maximum value of mediumint unsigned column
+ $forum_id = ($forum_id > 0 && $forum_id < 16777215) ? $forum_id : 0;
+
$page_array += array(
'page_name' => $page_name,
'page_dir' => $page_dir,
@@ -138,7 +143,7 @@ class session
'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)),
'page' => $page,
- 'forum' => request_var('f', 0),
+ 'forum' => $forum_id,
);
return $page_array;
@@ -581,6 +586,11 @@ class session
$provider = $provider_collection->get_provider();
$this->data = $provider->autologin();
+ if ($user_id !== false && sizeof($this->data) && $this->data['user_id'] != $user_id)
+ {
+ $this->data = array();
+ }
+
if (sizeof($this->data))
{
$this->cookie_data['k'] = '';
@@ -598,11 +608,18 @@ class session
AND k.user_id = u.user_id
AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
$result = $db->sql_query($sql);
- $this->data = $db->sql_fetchrow($result);
+ $user_data = $db->sql_fetchrow($result);
+
+ if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id']))
+ {
+ $this->data = $user_data;
+ $bot = false;
+ }
+
$db->sql_freeresult($result);
- $bot = false;
}
- else if ($user_id !== false && !sizeof($this->data))
+
+ if ($user_id !== false && !sizeof($this->data))
{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $user_id;
@@ -1050,7 +1067,7 @@ class session
$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
- $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
+ $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];
header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . ';' . (($httponly) ? ' HttpOnly' : ''), false);
}
@@ -1069,7 +1086,7 @@ class session
*/
function check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false)
{
- global $config, $db;
+ global $config, $db, $phpbb_dispatcher;
if (defined('IN_CHECK_BAN') || defined('SKIP_CHECK_BAN'))
{
@@ -1183,6 +1200,20 @@ class session
}
$db->sql_freeresult($result);
+ /**
+ * Event to set custom ban type
+ *
+ * @event core.session_set_custom_ban
+ * @var bool return If $return is false this routine does not return on finding a banned user, it outputs a relevant message and stops execution
+ * @var bool banned Check if user already banned
+ * @var array|false ban_row Ban data
+ * @var string ban_triggered_by Method that caused ban, can be your custom method
+ * @since 3.1.3-RC1
+ */
+ $ban_row = isset($ban_row) ? $ban_row : false;
+ $vars = array('return', 'banned', 'ban_row', 'ban_triggered_by');
+ extract($phpbb_dispatcher->trigger_event('core.session_set_custom_ban', compact($vars)));
+
if ($banned && !$return)
{
global $template, $phpbb_root_path, $phpEx;