From c41388ce8ab2268cd97c1c7d2d2791faddf23ea3 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Sun, 18 May 2008 20:06:15 +0000
Subject: [PATCH] some adjustements (changes to sessions code need to be
 backwards-compatible) - henry, do not forget to include this into your merge
 to 3.2.x too.

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8565 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 2eafdc7e80..435618f7ff 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -264,16 +264,17 @@ class session
 
 				$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
 				$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
-				
+
 				// referer checks
-				$check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH;
+				// The @ before $config['referer_validation'] suppresses notices present while running the updater
+				$check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH);
 				$referer_valid = true;
+
 				// we assume HEAD and TRACE to be foul play and thus only whitelist GET
-				if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
+				if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
 				{
 					$referer_valid = $this->validate_referer($check_referer_path);
 				}
-				
 
 				if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid)
 				{
@@ -1119,7 +1120,7 @@ class session
 			trigger_error($message);
 		}
 
-		return ($banned) ? true : false;
+		return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned;
 	}
 
 	/**
@@ -1297,10 +1298,10 @@ class session
 			$this->set_login_key($user_id);
 		}
 	}
-	
-	
+
+
 	/**
-	* Check if the request originated from the same page. 
+	* Check if the request originated from the same page.
 	* @param bool $check_script_path If true, the path will be checked as well
 	*/
 	function validate_referer($check_script_path = false)