mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-02-24 12:03:21 +01:00
Code Issues Releases Wiki Activity

[ticket/10913] Redirect to index if session id is required but was not sent

Browse Source 
PHPBB3-10913
This commit is contained in:
Nils Adermann 2012-05-29 14:54:04 +02:00
parent efa96e1817
commit 42dd60edad
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
phpBB/includes/session.php
View File

@ -322,8 +322,15 @@ class session
}
}
// Is session_id is set or session_id is set and matches the url param if required
if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid'])))
// if no session id is set, redirect to index.php
if (defined('NEED_SID') && (!isset($_GET['sid']) || $this->session_id !== $_GET['sid']))
{
send_status_line(401, 'Not authorized');
redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
}
// if session id is set
if (!empty($this->session_id))
{
$sql = 'SELECT u.*, s.*
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u