mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-30 21:40:43 +02:00
[ticket/16207] Stop forcing session id in URLs
PHPBB3-16207
This commit is contained in:
@@ -307,7 +307,7 @@ class helper
|
||||
'TRANSLATION_INFO' => $this->language->is_set('TRANSLATION_INFO') ? $this->language->lang('TRANSLATION_INFO') : '',
|
||||
'CREDIT_LINE' => $this->language->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Limited'),
|
||||
|
||||
'U_ACP' => ($this->auth->acl_get('a_') && !empty($this->user->data['is_registered'])) ? append_sid("{$this->admin_path}index.{$this->php_ext}", false, true, $this->user->session_id) : '',
|
||||
'U_ACP' => ($this->auth->acl_get('a_') && !empty($this->user->data['is_registered'])) ? append_sid("{$this->admin_path}index.{$this->php_ext}") : '',
|
||||
]);
|
||||
|
||||
if ($run_cron)
|
||||
|
@@ -748,7 +748,7 @@ class log implements \phpbb\log\log_interface
|
||||
{
|
||||
$log[$key]['viewtopic'] = (isset($topic_auth['f_read'][$row['topic_id']])) ? append_sid("{$this->phpbb_root_path}viewtopic.{$this->php_ext}", 'f=' . $topic_auth['f_read'][$row['topic_id']] . '&t=' . $row['topic_id']) : false;
|
||||
$log[$key]['viewpost'] = (isset($topic_auth['f_read'][$row['topic_id']]) && $row['post_id']) ? append_sid("{$this->phpbb_root_path}viewtopic.{$this->php_ext}", 'f=' . $topic_auth['f_read'][$row['topic_id']] . '&t=' . $row['topic_id'] . '&p=' . $row['post_id'] . '#p' . $row['post_id']) : false;
|
||||
$log[$key]['viewlogs'] = (isset($topic_auth['m_'][$row['topic_id']])) ? append_sid("{$this->phpbb_root_path}mcp.{$this->php_ext}", 'i=logs&mode=topic_logs&t=' . $row['topic_id'], true, $this->user->session_id) : false;
|
||||
$log[$key]['viewlogs'] = (isset($topic_auth['m_'][$row['topic_id']])) ? append_sid("{$this->phpbb_root_path}mcp.{$this->php_ext}", 'i=logs&mode=topic_logs&t=' . $row['topic_id']) : false;
|
||||
}
|
||||
}
|
||||
|
||||
|
@@ -272,8 +272,8 @@ class session
|
||||
$this->cookie_data['k'] = $request->variable($config['cookie_name'] . '_k', '', false, \phpbb\request\request_interface::COOKIE);
|
||||
$this->session_id = $request->variable($config['cookie_name'] . '_sid', '', false, \phpbb\request\request_interface::COOKIE);
|
||||
|
||||
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
|
||||
$_SID = (defined('NEED_SID')) ? $this->session_id : '';
|
||||
$SID = '?sid=';
|
||||
$_SID = '';
|
||||
|
||||
if (empty($this->session_id))
|
||||
{
|
||||
@@ -343,14 +343,6 @@ class session
|
||||
}
|
||||
}
|
||||
|
||||
// if no session id is set, redirect to index.php
|
||||
$session_id = $request->variable('sid', '');
|
||||
if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id))
|
||||
{
|
||||
send_status_line(401, 'Unauthorized');
|
||||
redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
|
||||
}
|
||||
|
||||
// if session id is set
|
||||
if (!empty($this->session_id))
|
||||
{
|
||||
|
Reference in New Issue
Block a user