mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-21 00:02:18 +02:00
Code Issues Releases Wiki Activity

Okay, let's be a little more paranoid.

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@8457 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof 2008-03-22 13:44:20 +00:00
parent b9f2896bae
commit 991f68a85b
14 changed files with 124 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
phpBB/admin/admin_users.php
View File

@ -947,7 +947,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$avatar = '<img src="../' . $board_config['avatar_path'] . '/' . $user_avatar . '" alt="" />';
break;
case USER_AVATAR_REMOTE:
$avatar = '<img src="' . $user_avatar . '" alt="" />';
$avatar = (isset($HTTP_GET_VARS['p_sid'])) ? $lang['Priv_Img'] . " $user_avatar" : '<img src="' . $user_avatar . '" alt="" />';
break;
case USER_AVATAR_GALLERY:
$avatar = '<img src="../' . $board_config['avatar_gallery_path'] . '/' . $user_avatar . '" alt="" />';
@ -1143,8 +1143,9 @@ else
'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"),
'S_USER_ACTION' => append_sid("admin_users.$phpEx"),
'S_USER_SELECT' => $select_list)
'S_USER_ACTION' => "admin_users.$phpEx?sid=" . $userdata['session_id'],
'S_USER_SELECT' => $select_list,
'S_HIDDEN_FIELDS' => '<input type="hidden" name="p_sid" value="' . $userdata['priv_session_id'] . '"/>')
);
$template->pparse('body');

7
phpBB/admin/pagestart.php
View File

@ -52,6 +52,13 @@ if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
redirect("index.$phpEx?sid=" . $userdata['session_id']);
}
$p_sid = (isset($HTTP_GET_VARS['p_sid'])) ? $HTTP_GET_VARS['p_sid'] : ((isset($HTTP_POST_VARS['p_sid'])) ? $HTTP_POST_VARS['p_sid'] : '');
if ($p_sid !== $userdata['priv_session_id'])
{
redirect("index.$phpEx?sid=" . $userdata['session_id']);
}
if (!$userdata['session_admin'])
{
redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));

27
phpBB/includes/bbcode.php
View File

@ -92,7 +92,7 @@ function prepare_bbcode_template($bbcode_tpl)
$bbcode_tpl['code_open'] = str_replace('{L_CODE}', $lang['Code'], $bbcode_tpl['code_open']);
$bbcode_tpl['img'] = str_replace('{URL}', '\\1', $bbcode_tpl['img']);
$bbcode_tpl['img'] = str_replace('{URL}', '\\1', get_image_tag_replacement($bbcode_tpl));
// We do URLs in several different ways..
$bbcode_tpl['url1'] = str_replace('{URL}', '\\1', $bbcode_tpl['url']);
@ -115,6 +115,31 @@ function prepare_bbcode_template($bbcode_tpl)
}
/**
* Disables the img tag for privileged pages. It also implements a compability hack for old templates.
*/
function get_image_tag_replacement($bbcode_tpl)
{
global $lang, $HTTP_POST_VARS, $HTTP_GET_VARS;
$bb_tmpl = '';
if (isset($HTTP_POST_VARS['p_sid']))
{
if (isset($bbcode_tpl['p_img']))
{
$bb_tmpl = str_replace('{L_PRIV_IMG}', $lang['Priv_Img'], $bbcode_tpl['p_img']);
}
else
{
$bb_tmpl = $lang['Priv_Img'] . ': {URL}';
}
}
else
{
$bb_tmpl = $bbcode_tpl['img'];
}
return $bb_tmpl;
}
/**
* Does second-pass bbencoding. This should be used before displaying the message in
* a thread. Assumes the message is already first-pass encoded, and we are given the

2
phpBB/includes/page_tail.php
View File

@ -30,7 +30,7 @@ global $do_gzip_compress;
//
// Show the overall footer.
//
$admin_link = ( $userdata['user_level'] == ADMIN ) ? '<a href="admin/index.' . $phpEx . '?sid=' . $userdata['session_id'] . '">' . $lang['Admin_panel'] . '</a><br /><br />' : '';
$admin_link = ( $userdata['user_level'] == ADMIN ) ? '<a href="admin/index.' . $phpEx . '?sid=' . $userdata['session_id'] . '&amp;p_sid=' . $userdata['priv_session_id'] . '">' . $lang['Admin_panel'] . '</a><br /><br />' : '';
$template->set_filenames(array(
'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl')

16
phpBB/includes/sessions.php
View File

@ -178,10 +178,11 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
$session_id = md5(dss_rand());
$priv_session_id = md5(dss_rand());
$sql = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)";
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin, priv_session_id)
VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin, '$priv_session_id')";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
@ -242,6 +243,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
}
$userdata['session_id'] = $session_id;
$userdata['priv_session_id'] = $priv_session_id;
$userdata['session_ip'] = $user_ip;
$userdata['session_user_id'] = $user_id;
$userdata['session_logged_in'] = $login;
@ -266,7 +268,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
function session_pagestart($user_ip, $thispage_id)
{
global $db, $lang, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID, $P_SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
@ -333,7 +335,7 @@ function session_pagestart($user_ip, $thispage_id)
if ($ip_check_s == $ip_check_u)
{
$SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '';
$P_SID = (defined('IN_ADMIN')) ? 'p_sid=' . $userdata['priv_session_id'] : '';
//
// Only update session DB a minute or so after last update
//
@ -565,12 +567,16 @@ function session_reset_keys($user_id, $user_ip)
//
function append_sid($url, $non_html_amp = false)
{
global $SID;
global $SID, $P_SID;
if ( !empty($SID) && !preg_match('#sid=#', $url) )
{
$url .= ( ( strpos($url, '?') !== false ) ? ( ( $non_html_amp ) ? '&' : '&amp;' ) : '?' ) . $SID;
}
if ( !empty($P_SID) && !preg_match('#p_sid=#', $url) )
{
$url .= ( ( strpos($url, '?') !== false ) ? ( ( $non_html_amp ) ? '&' : '&amp;' ) : '?' ) . $P_SID;
}
return $url;
}

1
phpBB/install/schemas/mssql_schema.sql
View File

@ -193,6 +193,7 @@ CREATE TABLE [phpbb_sessions] (
[session_page] [int] NULL ,
[session_logged_in] [smallint] NULL,
[session_admin] [smallint] NULL
[priv_session_id] [char] (32) NOT NULL ,
) ON [PRIMARY]
GO

1
phpBB/install/schemas/mysql_schema.sql
View File

@ -307,6 +307,7 @@ CREATE TABLE phpbb_sessions (
session_page int(11) DEFAULT '0' NOT NULL,
session_logged_in tinyint(1) DEFAULT '0' NOT NULL,
session_admin tinyint(2) DEFAULT '0' NOT NULL,
priv_session_id char(32) DEFAULT '' NOT NULL,
PRIMARY KEY (session_id),
KEY session_user_id (session_user_id),
KEY session_id_ip_user_id (session_id, session_ip, session_user_id)

1
phpBB/install/schemas/postgres_schema.sql
View File

@ -291,6 +291,7 @@ CREATE TABLE phpbb_sessions (
session_page int4 DEFAULT '0' NOT NULL,
session_logged_in int2 DEFAULT '0' NOT NULL,
session_admin int2 DEFAULT '0' NOT NULL,
priv_session_id char(32) DEFAULT '0' NOT NULL,
CONSTRAINT phpbb_session_pkey PRIMARY KEY (session_id)
);
CREATE INDEX session_user_id_phpbb_sessions_index ON phpbb_sessions (session_user_id);

30
phpBB/install/update_to_latest.php
View File

@ -671,6 +671,36 @@ switch ($row['config_value'])
}
break;
case '.0.23':
switch (SQL_LAYER)
{
case 'mysql':
case 'mysql4':
$sql[] = "ALTER TABLE " . SESSIONS_TABLE . "
ADD COLUMN priv_session_id char(32) DEFAULT '' NOT NULL";
break;
case 'postgresql':
$sql[] = "ALTER TABLE " . SESSIONS_TABLE . "
ADD COLUMN priv_session_id char(32)";
$sql[] = "ALTER TABLE " . SESSIONS_TABLE . "
ALTER COLUMN priv_session_id SET DEFAULT ''";
break;
case 'mssql-odbc':
case 'mssql':
$sql[] = "ALTER TABLE " . SESSIONS_TABLE . " ADD
priv_session_id char (32) NOT NULL";
break;
case 'msaccess':
$sql[] = "ALTER TABLE " . SESSIONS_TABLE . " ADD
priv_session_id char (32) NOT NULL";
break;
}
}
echo "<h2>Updating database schema</h2>\n";

1
phpBB/language/lang_english/lang_main.php
View File

@ -283,6 +283,7 @@ $lang['Delete_post'] = 'Delete this post';
$lang['wrote'] = 'wrote'; // proceeds the username and is followed by the quoted text
$lang['Quote'] = 'Quote'; // comes before bbcode quote output.
$lang['Code'] = 'Code'; // comes before bbcode code output.
$lang['Priv_Img'] = 'Image display disabled'; // Explanation for missing images in the ModCP.
$lang['Edited_time_total'] = 'Last edited by %s on %s; edited %d time in total'; // Last edited by me on 12 Oct 2001; edited 1 time in total
$lang['Edited_times_total'] = 'Last edited by %s on %s; edited %d times in total'; // Last edited by me on 12 Oct 2001; edited 2 times in total

49
phpBB/modcp.php
View File

@ -116,6 +116,15 @@ else
{
$sid = '';
}
// privileged session id check
if (!empty($HTTP_POST_VARS['p_sid']) || !empty($HTTP_GET_VARS['p_sid']))
{
$p_sid = (!empty($HTTP_POST_VARS['p_sid'])) ? $HTTP_POST_VARS['p_sid'] : $HTTP_GET_VARS['p_sid'];
}
else
{
$p_sid = '';
}
//
// Obtain relevant data
@ -175,7 +184,7 @@ init_userprefs($userdata);
//
// session id check
if ($sid == '' || $sid != $userdata['session_id'])
if ($p_sid === '' || $p_sid !== $userdata['priv_session_id'])
{
message_die(GENERAL_ERROR, 'Invalid_session');
}
@ -398,12 +407,12 @@ switch( $mode )
if ( !empty($topic_id) )
{
$redirect_page = "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;sid=" . $userdata['session_id'];
$redirect_page = append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id");
$l_redirect = sprintf($lang['Click_return_forum'], '<a href="' . $redirect_page . '">', '</a>');
}
else
{
$redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;sid=" . $userdata['session_id'];
$redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;p_sid=" . $userdata['priv_session_id']);
$l_redirect = sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>');
}
@ -421,7 +430,7 @@ switch( $mode )
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
$hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
$hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="p_sid" value="' . $userdata['priv_session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
if ( isset($HTTP_POST_VARS['topic_id_list']) )
{
@ -557,16 +566,16 @@ switch( $mode )
if ( !empty($topic_id) )
{
$redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;sid=" . $userdata['session_id'];
$redirect_page = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id");
$message .= sprintf($lang['Click_return_topic'], '<a href="' . $redirect_page . '">', '</a>');
}
else
{
$redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;sid=" . $userdata['session_id'];
$redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;p_sid=" . $userdata['priv_session_id']);
$message .= sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>');
}
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . "viewforum.$phpEx?" . POST_FORUM_URL . "=$old_forum_id&amp;sid=" . $userdata['session_id'] . '">', '</a>');
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$old_forum_id&amp;p_sid=" . $userdata['priv_session_id']) . '">', '</a>');
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">')
@ -581,7 +590,7 @@ switch( $mode )
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
$hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
$hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="p_sid" value="' . $userdata['priv_session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
if ( isset($HTTP_POST_VARS['topic_id_list']) )
{
@ -650,16 +659,16 @@ switch( $mode )
if ( !empty($topic_id) )
{
$redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;sid=" . $userdata['session_id'];
$redirect_page = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id");
$message = sprintf($lang['Click_return_topic'], '<a href="' . $redirect_page . '">', '</a>');
}
else
{
$redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;sid=" . $userdata['session_id'];
$redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;p_sid=" . $userdata['priv_session_id']);
$message = sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>');
}
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;sid=" . $userdata['session_id'] . '">', '</a>');
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">')
@ -695,16 +704,16 @@ switch( $mode )
if ( !empty($topic_id) )
{
$redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;sid=" . $userdata['session_id'];
$redirect_page = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id");
$message = sprintf($lang['Click_return_topic'], '<a href="' . $redirect_page . '">', '</a>');
}
else
{
$redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;sid=" . $userdata['session_id'];
$redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;p_sid=" . $userdata['priv_session_id']);
$message = sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>');
}
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;sid=" . $userdata['session_id'] . '">', '</a>');
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">')
@ -1019,7 +1028,7 @@ switch( $mode )
'IP' => $ip_this_post,
'U_LOOKUP_IP' => "modcp.$phpEx?mode=ip&amp;" . POST_POST_URL . "=$post_id&amp;" . POST_TOPIC_URL . "=$topic_id&amp;rdns=$ip_this_post&amp;sid=" . $userdata['session_id'])
'U_LOOKUP_IP' => append_sid("modcp.$phpEx?mode=ip&amp;" . POST_POST_URL . "=$post_id&amp;" . POST_TOPIC_URL . "=$topic_id&amp;rdns=$ip_this_post&amp;p_sid=" . $userdata['priv_session_id']))
);
//
@ -1060,7 +1069,7 @@ switch( $mode )
'IP' => $ip,
'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] ),
'U_LOOKUP_IP' => "modcp.$phpEx?mode=ip&amp;" . POST_POST_URL . "=$post_id&amp;" . POST_TOPIC_URL . "=$topic_id&amp;rdns=" . $row['poster_ip'] . "&amp;sid=" . $userdata['session_id'])
'U_LOOKUP_IP' => append_sid("modcp.$phpEx?mode=ip&amp;" . POST_POST_URL . "=$post_id&amp;" . POST_TOPIC_URL . "=$topic_id&amp;rdns=" . $row['poster_ip'] . "&amp;p_sid=" . $userdata['priv_session_id']))
);
$i++;
@ -1100,7 +1109,7 @@ switch( $mode )
'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] ),
'L_SEARCH_POSTS' => sprintf($lang['Search_user_posts'], $username),
'U_PROFILE' => ($id == ANONYMOUS) ? "modcp.$phpEx?mode=ip&amp;" . POST_POST_URL . "=" . $post_id . "&amp;" . POST_TOPIC_URL . "=" . $topic_id . "&amp;sid=" . $userdata['session_id'] : append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=$id"),
'U_PROFILE' => ($id == ANONYMOUS) ? append_sid("modcp.$phpEx?mode=ip&amp;" . POST_POST_URL . "=" . $post_id . "&amp;" . POST_TOPIC_URL . "=" . $topic_id . "&amp;p_sid=" . $userdata['priv_session_id']) : append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=$id"),
'U_SEARCHPOSTS' => append_sid("search.$phpEx?search_author=" . (($id == ANONYMOUS) ? 'Anonymous' : urlencode($username)) . "&amp;showresults=topics"))
);
@ -1133,7 +1142,7 @@ switch( $mode )
'L_SELECT' => $lang['Select'],
'U_VIEW_FORUM' => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"),
'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />',
'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="p_sid" value="' . $userdata['priv_session_id'] . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />',
'S_MODCP_ACTION' => append_sid("modcp.$phpEx"))
);
@ -1221,7 +1230,7 @@ switch( $mode )
$topic_title = preg_replace($orig_word, $replacement_word, $topic_title);
}
$u_view_topic = "modcp.$phpEx?mode=split&amp;" . POST_TOPIC_URL . "=$topic_id&amp;sid=" . $userdata['session_id'];
$u_view_topic = append_sid("modcp.$phpEx?mode=split&amp;" . POST_TOPIC_URL . "=$topic_id&amp;p_sid=" . $userdata['priv_session_id']);
$topic_replies = $row['topic_replies'];
$last_post_time = create_date($board_config['default_dateformat'], $row['post_time'], $board_config['board_timezone']);
@ -1241,7 +1250,7 @@ switch( $mode )
}
$template->assign_vars(array(
'PAGINATION' => generate_pagination("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;sid=" . $userdata['session_id'], $forum_topics, $board_config['topics_per_page'], $start),
'PAGINATION' => generate_pagination("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;p_sid=" . $userdata['priv_session_id'], $forum_topics, $board_config['topics_per_page'], $start),
'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['topics_per_page'] ) + 1 ), ceil( $forum_topics / $board_config['topics_per_page'] )),
'L_GOTO_PAGE' => $lang['Goto_page'])
);

1
phpBB/templates/subSilver/bbcode.tpl
View File

@ -54,6 +54,7 @@
<!-- BEGIN size_close --></span><!-- END size_close -->
<!-- BEGIN img --><img src="{URL}" border="0" /><!-- END img -->
<!-- BEGIN p_img -->{L_PRIV_IMG}:{URL}<!-- END p_img -->
<!-- BEGIN url --><a href="{URL}" target="_blank" class="postlink">{DESCRIPTION}</a><!-- END url -->

2
phpBB/viewforum.php
View File

@ -372,7 +372,7 @@ $s_auth_can .= ( ( $is_auth['auth_vote'] ) ? $lang['Rules_vote_can'] : $lang['Ru
if ( $is_auth['auth_mod'] )
{
$s_auth_can .= sprintf($lang['Rules_moderate'], "<a href=\"modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;start=" . $start . "&amp;sid=" . $userdata['session_id'] . '">', '</a>');
$s_auth_can .= sprintf($lang['Rules_moderate'], '<a href="' . append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;start=" . $start . "&amp;p_sid=" . $userdata['priv_session_id']) . '">', '</a>');
}
//

20
phpBB/viewtopic.php
View File

@ -590,15 +590,15 @@ $topic_mod = '';
if ( $is_auth['auth_mod'] )
{
$s_auth_can .= sprintf($lang['Rules_moderate'], "<a href=\"modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;sid=" . $userdata['session_id'] . '">', '</a>');
$s_auth_can .= sprintf($lang['Rules_moderate'], '<a href="' . append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&amp;p_sid=" . $userdata['priv_session_id']) . '">', '</a>');
$topic_mod .= "<a href=\"modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=delete&amp;sid=" . $userdata['session_id'] . '"><img src="' . $images['topic_mod_delete'] . '" alt="' . $lang['Delete_topic'] . '" title="' . $lang['Delete_topic'] . '" border="0" /></a>&nbsp;';
$topic_mod .= '<a href="' . append_sid("modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=delete&amp;p_sid=" . $userdata['priv_session_id']) . '"><img src="' . $images['topic_mod_delete'] . '" alt="' . $lang['Delete_topic'] . '" title="' . $lang['Delete_topic'] . '" border="0" /></a>&nbsp;';
$topic_mod .= "<a href=\"modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=move&amp;sid=" . $userdata['session_id'] . '"><img src="' . $images['topic_mod_move'] . '" alt="' . $lang['Move_topic'] . '" title="' . $lang['Move_topic'] . '" border="0" /></a>&nbsp;';
$topic_mod .= '<a href="' . append_sid("modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=move&amp;p_sid=" . $userdata['priv_session_id']) . '"><img src="' . $images['topic_mod_move'] . '" alt="' . $lang['Move_topic'] . '" title="' . $lang['Move_topic'] . '" border="0" /></a>&nbsp;';
$topic_mod .= ( $forum_topic_data['topic_status'] == TOPIC_UNLOCKED ) ? "<a href=\"modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=lock&amp;sid=" . $userdata['session_id'] . '"><img src="' . $images['topic_mod_lock'] . '" alt="' . $lang['Lock_topic'] . '" title="' . $lang['Lock_topic'] . '" border="0" /></a>&nbsp;' : "<a href=\"modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=unlock&amp;sid=" . $userdata['session_id'] . '"><img src="' . $images['topic_mod_unlock'] . '" alt="' . $lang['Unlock_topic'] . '" title="' . $lang['Unlock_topic'] . '" border="0" /></a>&nbsp;';
$topic_mod .= ( $forum_topic_data['topic_status'] == TOPIC_UNLOCKED ) ? '<a href="' . append_sid("modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=lock&amp;p_sid=" . $userdata['priv_session_id']) . '"><img src="' . $images['topic_mod_lock'] . '" alt="' . $lang['Lock_topic'] . '" title="' . $lang['Lock_topic'] . '" border="0" /></a>&nbsp;' : '<a href="' . append_sid("modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=unlock&amp;p_sid=" . $userdata['priv_session_id']) . '"><img src="' . $images['topic_mod_unlock'] . '" alt="' . $lang['Unlock_topic'] . '" title="' . $lang['Unlock_topic'] . '" border="0" /></a>&nbsp;';
$topic_mod .= "<a href=\"modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=split&amp;sid=" . $userdata['session_id'] . '"><img src="' . $images['topic_mod_split'] . '" alt="' . $lang['Split_topic'] . '" title="' . $lang['Split_topic'] . '" border="0" /></a>&nbsp;';
$topic_mod .= '<a href="' . append_sid("modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=split&amp;p_sid=" . $userdata['priv_session_id']) . '"><img src="' . $images['topic_mod_split'] . '" alt="' . $lang['Split_topic'] . '" title="' . $lang['Split_topic'] . '" border="0" /></a>&nbsp;';
}
//
@ -1008,13 +1008,13 @@ for($i = 0; $i < $total_posts; $i++)
if ( $is_auth['auth_mod'] )
{
$temp_url = "modcp.$phpEx?mode=ip&amp;" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&amp;" . POST_TOPIC_URL . "=" . $topic_id . "&amp;sid=" . $userdata['session_id'];
$temp_url = "modcp.$phpEx?mode=ip&amp;" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&amp;" . POST_TOPIC_URL . "=" . $topic_id . "&amp;p_sid=" . $userdata['priv_session_id'];
$ip_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_ip'] . '" alt="' . $lang['View_IP'] . '" title="' . $lang['View_IP'] . '" border="0" /></a>';
$ip = '<a href="' . $temp_url . '">' . $lang['View_IP'] . '</a>';
$temp_url = "posting.$phpEx?mode=delete&amp;" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&amp;sid=" . $userdata['session_id'];
$temp_url = "posting.$phpEx?mode=delete&amp;" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&amp;p_sid=" . $userdata['priv_session_id'];
$delpost_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_delpost'] . '" alt="' . $lang['Delete_post'] . '" title="' . $lang['Delete_post'] . '" border="0" /></a>';
$delpost = '<a href="' . $temp_url . '">' . $lang['Delete_post'] . '</a>';
$delpost = '<a href="' . append_sid($temp_url) . '">' . $lang['Delete_post'] . '</a>';
}
else
{
@ -1023,9 +1023,9 @@ for($i = 0; $i < $total_posts; $i++)
if ( $userdata['user_id'] == $poster_id && $is_auth['auth_delete'] && $forum_topic_data['topic_last_post_id'] == $postrow[$i]['post_id'] )
{
$temp_url = "posting.$phpEx?mode=delete&amp;" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&amp;sid=" . $userdata['session_id'];
$temp_url = "posting.$phpEx?mode=delete&amp;" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&amp;p_sid=" . $userdata['priv_session_id'];
$delpost_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_delpost'] . '" alt="' . $lang['Delete_post'] . '" title="' . $lang['Delete_post'] . '" border="0" /></a>';
$delpost = '<a href="' . $temp_url . '">' . $lang['Delete_post'] . '</a>';
$delpost = '<a href="' . append_sid($temp_url) . '">' . $lang['Delete_post'] . '</a>';
}
else
{