mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-24 18:41:52 +02:00
Code Issues Releases Wiki Activity

Fix Bug - Fix general error while registration, through undefined variable $config in validate_referer (Patch by wjvriend)

Browse Source 
Authorised by: bantu

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9917 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Joas Schilling
2009-08-04 10:04:54 +00:00
parent 1f871950d8
commit c8daec7c82
2 changed files with 4 additions and 1 deletions
phpBB
docs
CHANGELOG.html
includes
session.php

1
phpBB/docs/CHANGELOG.html

@@ -186,6 +186,7 @@
<li>[Fix] Do not try to create thumbnails for images we cannot open properly. (Bug #48695)</li> <li>[Fix] Do not try to create thumbnails for images we cannot open properly. (Bug #48695)</li>
<li>[Fix] Apply locale-independent basename() to attachment filenames. New function added: utf8_basename(). (Bug #43335 - Patch by ocean=Yohsuke)</li> <li>[Fix] Apply locale-independent basename() to attachment filenames. New function added: utf8_basename(). (Bug #43335 - Patch by ocean=Yohsuke)</li>
<li>[Fix] Adjust build_url() to not prepend $phpbb_root_path if path returned from redirect() is an URL. This fixes redirect issues with some installations and bridges. (Bug #47535)</li> <li>[Fix] Adjust build_url() to not prepend $phpbb_root_path if path returned from redirect() is an URL. This fixes redirect issues with some installations and bridges. (Bug #47535)</li>
<li>[Fix] Fix general error while registration, through undefined variable $config in validate_referer (Bug #49035 - Patch by wjvriend)</li>
<li>[Change] Change the data format of the default file ACM to be more secure from tampering and have better performance.</li> <li>[Change] Change the data format of the default file ACM to be more secure from tampering and have better performance.</li>
<li>[Change] Add index on log_time to the log table to prevent slowdown on boards with many log entries. (Bug #44665 - Patch by bantu)</li> <li>[Change] Add index on log_time to the log table to prevent slowdown on boards with many log entries. (Bug #44665 - Patch by bantu)</li>
<li>[Change] Template engine now permits to a limited extent variable includes.</li> <li>[Change] Template engine now permits to a limited extent variable includes.</li>

4
phpBB/includes/session.php

@@ -1364,6 +1364,8 @@ class session
*/ */
function validate_referer($check_script_path = false) function validate_referer($check_script_path = false)
{ {
global $config;
// no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason) // no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason)
if (empty($this->referer) || empty($this->host)) if (empty($this->referer) || empty($this->host))
{ {
@@ -1373,7 +1375,7 @@ class session
$host = htmlspecialchars($this->host); $host = htmlspecialchars($this->host);
$ref = substr($this->referer, strpos($this->referer, '://') + 3); $ref = substr($this->referer, strpos($this->referer, '://') + 3);
if (!(stripos($ref, $host) === 0) && (!$config['force_server'] || !(stripos($ref, $config['server_name']) === 0))) if (!(stripos($ref, $host) === 0) && (!$config['force_server_vars'] || !(stripos($ref, $config['server_name']) === 0)))
{ {
return false; return false;
} }