From c42b75d1bc1154c849b5f55becfc42452242c86d Mon Sep 17 00:00:00 2001
From: Graham Eames <grahamje@users.sourceforge.net>
Date: Sun, 1 Oct 2006 11:10:15 +0000
Subject: [PATCH] Prevent cookies from other applications interfering with our
 forms

git-svn-id: file:///svn/phpbb/trunk@6423 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions.php | 11 ++++++++++-
 phpBB/includes/session.php   |  6 +++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index fb0258996c..6093976084 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -52,8 +52,17 @@ function set_var(&$result, $var, $type, $multibyte = false)
 *
 * Used to get passed variable
 */
-function request_var($var_name, $default, $multibyte = false)
+function request_var($var_name, $default, $multibyte = false, $cookie = false)
 {
+	if (!$cookie && isset($_COOKIE[$var_name]))
+	{
+		if (!isset($_GET[$var_name]) && !isset($_POST[$var_name]))
+		{
+			return (is_array($default)) ? array() : $default;
+		}
+		$_REQUEST[$var_name] = isset($_POST[$var_name]) ? $_POST[$var_name] : $_GET[$var_name];
+	}
+
 	if (!isset($_REQUEST[$var_name]) || (is_array($_REQUEST[$var_name]) && !is_array($default)) || (is_array($default) && !is_array($_REQUEST[$var_name])))
 	{
 		return (is_array($default)) ? array() : $default;
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index b61643dea5..9c720bbb52 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -151,9 +151,9 @@ class session
 			// Switch to request_var ... can this cause issues, can a _GET/_POST param
 			// be used to poison this? Not sure that it makes any difference in terms of
 			// the end result, be it a cookie or param.
-			$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0);
-			$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '');
-			$this->session_id 		= request_var($config['cookie_name'] . '_sid', '');
+			$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
+			$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
+			$this->session_id 		= request_var($config['cookie_name'] . '_sid', '', false, true);
 
 			$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
 			$_SID = (defined('NEED_SID')) ? $this->session_id : '';