mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-21 00:02:18 +02:00
Code Issues Releases Wiki Activity

[ticket/9629] Allow style.php to retrieve its session ID from cookies

Browse Source 
style.php takes a session ID to ensure it gets the right language for a user,
but that session ID is always passed in GET. This allows change allows the SID
to be read from the cookie, and theoretically makes it friendlier for caching
engines like Varnish.

PHPBB3-9629
This commit is contained in:
Josh Woody 2010-05-30 12:24:56 -05:00 committed by Andreas Fischer
parent e46745ed34
commit c40b2c7601
2 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/functions.php
View File

@ -4318,7 +4318,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/",
'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/",
'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/",
'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang'], true, $user->session_id),
'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang']),
'T_STYLESHEET_NAME' => $user->theme['theme_name'],
'T_THEME_NAME' => $user->theme['theme_path'],

21
phpBB/style.php
View File

@ -45,15 +45,8 @@ if (!empty($load_extensions) && function_exists('dl'))
}
}
$sid = (isset($_GET['sid']) && !is_array($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : '';
$id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;
if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
{
$sid = '';
}
// This is a simple script to grab and output the requested CSS data stored in the DB
// We include a session_id check to try and limit 3rd party linking ... unless they
// happen to have a current session it will output nothing. We will also cache the
@ -81,6 +74,20 @@ if ($id)
$config = $cache->obtain_config();
$user = false;
// try to get a session ID from REQUEST array
$sid = request_var('sid', '');
if (!$sid)
{
// if that failed, then look in the cookies
$sid = request_var($config['cookie_name'] . '_sid', '', false, true);
}
if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
{
$sid = '';
}
if ($sid)
{
$sql = 'SELECT u.user_id, u.user_lang