mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

do not allow [flash=0,0]... not implemented for images due to the reliance on getimagesize() - as usual both sizes are able to be limited by the maximum/minimum image size configuration options

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@8614 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2008-06-07 13:42:06 +00:00
parent 4dddc3a130
commit 7524ca5249
3 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
phpBB/includes/session.php
View File

@@ -39,7 +39,7 @@ class session
*
* @param string $root_path current root path (phpbb_root_path)
*/
function extract_current_page($root_path)
public static function extract_current_page($root_path)
{
$page_array = array();
@@ -160,7 +160,7 @@ class session
$this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
$this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
$this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$this->page = $this->extract_current_page(PHPBB_ROOT_PATH);
$this->page = self::extract_current_page(PHPBB_ROOT_PATH);
// if the forwarded for header shall be checked we have to validate its contents
if ($config['forwarded_for_check'])
@@ -266,7 +266,7 @@ class session
$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
// referer checks
$check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH;
$referer_valid = true;
@@ -275,7 +275,7 @@ class session
{
$referer_valid = $this->validate_referer($check_referer_path);
}
if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid)
{
@@ -1287,10 +1287,10 @@ class session
$this->set_login_key($user_id);
}
}
/**
* Check if the request originated from the same page.
* Check if the request originated from the same page.
* @param bool $check_script_path If true, the path will be checked as well
*/
function validate_referer($check_script_path = false)