mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

[ticket/16825] Do not use session ID from URL if force_sid is not enabled

Browse Source 
PHPBB3-16825
This commit is contained in:
Marc Alexander
2021-07-26 21:03:14 +02:00
parent 9eb21f28fc
commit 03ec6ce0a9
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/phpbb/session.php
View File

@@ -275,7 +275,7 @@ class session
$SID = '?sid=';
$_SID = '';
if (empty($this->session_id))
if (empty($this->session_id) && $phpbb_container->getParameter('session.force_sid'))
{
$this->session_id = $_SID = $request->variable('sid', '');
$SID = '?sid=' . $this->session_id;
@@ -284,7 +284,7 @@ class session
}
else
{
$this->session_id = $_SID = $request->variable('sid', '');
$this->session_id = $_SID = $phpbb_container->getParameter('session.force_sid') ? $request->variable('sid', '') : '';
$SID = '?sid=' . $this->session_id;
}