From 42f2152a9f69c75427afa394a3b95c1c9c556982 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Thu, 25 Jul 2002 15:18:00 +0000 Subject: Various changes + Ashe's security fix git-svn-id: file:///svn/phpbb/trunk@2741 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index fc173e1127..e8ac3b619f 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -111,11 +111,11 @@ class session { { $this->gc($current_time); } - - setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - setcookie($board_config['cookie_name'] . '_sid', $session_id, 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); } + setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); + setcookie($board_config['cookie_name'] . '_sid', $session_id, 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); + return $this->userdata; } } @@ -126,7 +126,7 @@ class session { // using the cookie user_id if available to pull basic user prefs. // $autologin = ( isset($sessiondata['autologinid']) ) ? $sessiondata['autologinid'] : ''; - $user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS; + $user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS; $this->userdata = $this->create($session_id, $user_id, $autologin, $this_page, $session_browser); -- cgit v1.2.1