mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-09 19:26:53 +02:00
some adjustements (changes to sessions code need to be backwards-compatible) - henry, do not forget to include this into your merge to 3.2.x too.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8565 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
@ -266,15 +266,16 @@ class session
|
||||
$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
|
||||
|
||||
// referer checks
|
||||
$check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH;
|
||||
// The @ before $config['referer_validation'] suppresses notices present while running the updater
|
||||
$check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH);
|
||||
$referer_valid = true;
|
||||
|
||||
// we assume HEAD and TRACE to be foul play and thus only whitelist GET
|
||||
if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
|
||||
if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
|
||||
{
|
||||
$referer_valid = $this->validate_referer($check_referer_path);
|
||||
}
|
||||
|
||||
|
||||
if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid)
|
||||
{
|
||||
$session_expired = false;
|
||||
@ -1119,7 +1120,7 @@ class session
|
||||
trigger_error($message);
|
||||
}
|
||||
|
||||
return ($banned) ? true : false;
|
||||
return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user