[ticket/16211] Prevent skipping COPPA via URL parameter

PHPBB3-16211

phpBB/includes/ucp/ucp_register.php

@@ -40,6 +40,7 @@ class ucp_register
 		}
 
 		$coppa			= $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
+		$token			= $request->variable('hash', '');
 		$agreed			= $request->variable('agreed', false);
 		$submit			= $request->is_set_post('submit');
 		$change_lang	= $request->variable('change_lang', '');
@@ -50,6 +51,11 @@ class ucp_register
 			$agreed = false;
 		}
 
+		if ($coppa !== false && !check_link_hash($token, 'coppa') && !check_form_key('ucp_register'))
+		{
+			$coppa = false;
+		}
+
 		/**
 		* Add UCP register data before they are assigned to the template or submitted
 		*
@@ -164,13 +170,15 @@ class ucp_register
 					->format($user->lang['DATE_FORMAT'], true);
 				unset($now);
 
+				$coppa_link_hash = '&hash=' . generate_link_hash('coppa');
+
 				$template_vars = array(
 					'S_LANG_OPTIONS'	=> (count($lang_row) > 1) ? language_select($user_lang) : '',
 					'L_COPPA_NO'		=> sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
 					'L_COPPA_YES'		=> sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
 
-					'U_COPPA_NO'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0'),
-					'U_COPPA_YES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1'),
+					'U_COPPA_NO'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0' . $coppa_link_hash),
+					'U_COPPA_YES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1' . $coppa_link_hash),
 
 					'S_SHOW_COPPA'		=> true,
 					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),