mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-12 02:25:18 +02:00
Code Issues Releases Wiki Activity

Merge branch 'ticket/jellydoughnut/9629' into develop-olympus

Browse Source 
* ticket/jellydoughnut/9629:
  [ticket/9629] Allow style.php to retrieve its session ID from cookies
This commit is contained in:
Andreas Fischer 2010-07-11 01:41:22 +02:00
commit 08a34ebe94
2 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/functions.php
View File

@ -4318,7 +4318,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/",
'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/",
'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/",
'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang'], true, $user->session_id),
'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang']),
'T_STYLESHEET_NAME' => $user->theme['theme_name'],
'T_THEME_NAME' => $user->theme['theme_path'],

21
phpBB/style.php
View File

@ -45,15 +45,8 @@ if (!empty($load_extensions) && function_exists('dl'))
}
}
$sid = (isset($_GET['sid']) && !is_array($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : '';
$id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;
if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
{
$sid = '';
}
// This is a simple script to grab and output the requested CSS data stored in the DB
// We include a session_id check to try and limit 3rd party linking ... unless they
// happen to have a current session it will output nothing. We will also cache the
@ -81,6 +74,20 @@ if ($id)
$config = $cache->obtain_config();
$user = false;
// try to get a session ID from REQUEST array
$sid = request_var('sid', '');
if (!$sid)
{
// if that failed, then look in the cookies
$sid = request_var($config['cookie_name'] . '_sid', '', false, true);
}
if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
{
$sid = '';
}
if ($sid)
{
$sql = 'SELECT u.user_id, u.user_lang