mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-25 04:24:31 +02:00
Code Issues Releases Wiki Activity

sigh

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@5179 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
2005-07-05 01:53:34 +00:00
parent cfa87f2407
commit 54e379ffe3
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
phpBB/includes/session.php
View File

@ -52,14 +52,15 @@ class session
$this->page .= (isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : '';
$this->cookie_data = array();
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_data']))
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
{
// Santise k? Is there a need? It's escaped for DB entry in relevant location
// and isn't used directly anywhere else (nor should it!)
$this->cookie_data['u'] = (!empty($_COOKIE[$config['cookie_name'] . '_u'])) ? (int) $_COOKIE[$config['cookie_name'] . '_u'] : 0;
$this->cookie_data['k'] = (!empty($_COOKIE[$config['cookie_name'] . '_k'])) ? (string) $_COOKIE[$config['cookie_name'] . '_k'] : '';
// Switch to request_var ... can this cause issues, can a _GET/_POST param
// be used to poison this? Not sure that it makes any difference in terms of
// the end result, be it a cookie or param.
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0);
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '');
$this->session_id = request_var($config['cookie_name'] . '_sid', '');
$this->session_id = request_var($config['cookie_name'] . '_sid', '');
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
}
else