mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-23 18:11:47 +02:00
Code Issues Releases Wiki Activity

session_ids to forms and other items

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3167 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
2002-12-03 17:44:02 +00:00
parent 48685db071
commit 1bae35bb04
8 changed files with 88 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/includes/usercp_email.php
View File

@@ -61,7 +61,7 @@ if ( $result = $db->sql_query($sql) )
if ( isset($HTTP_POST_VARS['submit']) )
{
if (!isset($HTTP_POST_VARS['session_id']) || $HTTP_POST_VARS['session_id'] != $userdata['session_id'])
if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
{
message_die(ERROR, 'Invalid_session');
}
@@ -174,7 +174,7 @@ if ( $result = $db->sql_query($sql) )
$template->assign_vars(array(
'USERNAME' => $username,
'S_HIDDEN_FIELDS' => '<input type="hidden" name="session_id" value="' . $userdata['session_id'] . '" />',
'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />',
'S_POST_ACTION' => append_sid("profile.$phpEx?&amp;mode=email&amp;" . POST_USERS_URL . "=$user_id"),
'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'],

4
phpBB/includes/usercp_register.php
View File

@@ -80,7 +80,7 @@ if (
isset($HTTP_POST_VARS['cancelavatar']) ||
$mode == 'register' )
{
if (!isset($HTTP_POST_VARS['session_id']) || $HTTP_POST_VARS['session_id'] != $userdata['session_id'])
if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
{
message_die(ERROR, 'Invalid_session_id');
}
@@ -771,7 +771,7 @@ else
}
}
$s_hidden_fields = '<input type="hidden" name="session_id" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
if( $mode == 'editprofile' )
{
$s_hidden_fields .= '<input type="hidden" name="user_id" value="' . $userdata['user_id'] . '" />';

6
phpBB/includes/usercp_sendpasswd.php
View File

@@ -29,6 +29,11 @@ if ( !defined('IN_PHPBB') )
if ( isset($HTTP_POST_VARS['submit']) )
{
if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
{
message_die(ERROR, 'Invalid_session');
}
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags($HTTP_POST_VARS['username'])) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';
@@ -127,6 +132,7 @@ $template->assign_vars(array(
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],
'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />',
'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=sendpassword"))
);