diff options
Diffstat (limited to 'phpBB/posting.php')
| -rw-r--r-- | phpBB/posting.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/phpBB/posting.php b/phpBB/posting.php index 9bc5888781..d4579b3a92 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -37,6 +37,11 @@ import_request_variables('GP', 's_'); define('IN_PHPBB', true); +if (count($_POST)) +{ + define('NEED_SID', true); +} + $phpbb_root_path = './'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); @@ -633,8 +638,8 @@ $urls_checked = (isset($enable_urls)) ? !$enable_urls : 0; $sig_checked = (isset($attach_sig)) ? $attach_sig : (($config['allow_sigs']) ? $user->data['user_atachsig'] : 0); $notify_checked = (isset($notify_set)) ? $notify_set : (($user->data['user_id'] != ANONYMOUS) ? $user->data['user_notify'] : 0); -// Page title & action URL -$s_action = "posting.$phpEx$SID&mode=$s_mode&f=" . intval($forum_id); +// Page title & action URL, include session_id for security purpose +$s_action = "posting.$phpEx?sid=" . $user->session_id . "&mode=$s_mode&f=" . intval($forum_id); switch ($s_mode) { case 'post': |