From 80864fa7ee6e1d7e76a1f490d186fb9a7f5b1162 Mon Sep 17 00:00:00 2001
From: Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net>
Date: Thu, 17 Oct 2002 02:50:50 +0000
Subject: Random bugfixes, (hopefully) improved admin panel security.

git-svn-id: file:///svn/phpbb/trunk@2954 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/admin/pagestart.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'phpBB/admin')

diff --git a/phpBB/admin/pagestart.php b/phpBB/admin/pagestart.php
index 59df5b0f40..b640029279 100644
--- a/phpBB/admin/pagestart.php
+++ b/phpBB/admin/pagestart.php
@@ -37,6 +37,17 @@ $user = new user($userdata);
 // End session management
 //
 
+//
+// If session_ids do not match, rewrite the URL correctly then redirect the user
+//
+if ($_REQUEST['sid'] != $userdata['session_id'])
+{
+	$url = preg_replace('/sid=([^&]*)(&?)/i', '', $_SERVER['REQUEST_URI']);
+	$url = preg_replace('/\?$/', '', $url);
+	$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
+	redirect($url);
+}
+
 // -----------------------------
 // Functions
 function page_header($sub_title, $meta = '', $table_html = true)
@@ -106,6 +117,8 @@ function page_footer($copyright_html = true)
 {
 	global $board_config, $db, $lang, $phpEx;
 
+	// Close our DB connection.
+	$db->sql_close();
 ?>
 
 		</td>
@@ -128,9 +141,6 @@ function page_footer($copyright_html = true)
 
 	}
 
-	// Close our DB connection.
-	$db->sql_close();
-
 	exit;
 }
 
-- 
cgit v1.2.1