mirror of
https://github.com/phpbb/phpbb.git
synced 2025-05-05 15:16:16 +02:00
Remove user facing session_id checks, they remain in admin and mod panels, fix bug which allows sending email via board even when disabled
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3481 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
parent
e6e429b7f9
commit
ea33ee4b11
@ -160,11 +160,6 @@ if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id )
|
||||
redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true));
|
||||
}
|
||||
|
||||
if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
$sql = "SELECT group_moderator
|
||||
FROM " . GROUPS_TABLE . "
|
||||
WHERE group_id = $group_id";
|
||||
@ -214,11 +209,6 @@ else if ( isset($HTTP_POST_VARS['joingroup']) && $group_id )
|
||||
redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true));
|
||||
}
|
||||
|
||||
if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
$sql = "SELECT ug.user_id, g.group_type
|
||||
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
|
||||
WHERE g.group_id = $group_id
|
||||
@ -324,11 +314,6 @@ else if ( isset($HTTP_POST_VARS['unsub']) || isset($HTTP_POST_VARS['unsubpending
|
||||
redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true));
|
||||
}
|
||||
|
||||
if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
if ( $confirm )
|
||||
{
|
||||
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
|
||||
@ -375,7 +360,7 @@ else if ( isset($HTTP_POST_VARS['unsub']) || isset($HTTP_POST_VARS['unsubpending
|
||||
{
|
||||
$unsub_msg = ( isset($HTTP_POST_VARS['unsub']) ) ? $lang['Confirm_unsub'] : $lang['Confirm_unsub_pending'];
|
||||
|
||||
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" /><input type="hidden" name="unsub" value="1" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" /><input type="hidden" name="unsub" value="1" />';
|
||||
|
||||
$page_title = $lang['Group_Control_Panel'];
|
||||
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
|
||||
@ -473,11 +458,6 @@ else if ( $group_id )
|
||||
redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true));
|
||||
}
|
||||
|
||||
if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
if ( !$is_moderator )
|
||||
{
|
||||
$template->assign_vars(array(
|
||||
@ -912,7 +892,7 @@ else if ( $group_id )
|
||||
|
||||
generate_user_info($group_moderator, $board_config['default_dateformat'], $is_moderator, $from, $posts, $joined, $poster_avatar, $profile_img, $profile, $search_img, $search, $pm_img, $pm, $email_img, $email, $www_img, $www, $icq_status_img, $icq_img, $icq, $aim_img, $aim, $msn_img, $msn, $yim_img, $yim);
|
||||
|
||||
$s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
|
||||
$s_hidden_fields .= '';
|
||||
|
||||
$template->assign_vars(array(
|
||||
'L_GROUP_INFORMATION' => $lang['Group_Information'],
|
||||
@ -1258,7 +1238,7 @@ else
|
||||
$template->assign_block_vars('switch_groups_remaining', array() );
|
||||
}
|
||||
|
||||
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
|
||||
$s_hidden_fields = '';
|
||||
|
||||
$template->assign_vars(array(
|
||||
'L_GROUP_MEMBERSHIP_DETAILS' => $lang['Group_member_details'],
|
||||
|
||||
@ -152,6 +152,7 @@ define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access');
|
||||
define('BANLIST_TABLE', $table_prefix.'banlist');
|
||||
define('CATEGORIES_TABLE', $table_prefix.'categories');
|
||||
define('CONFIG_TABLE', $table_prefix.'config');
|
||||
define('CONFIRM_TABLE', $table_prefix.'confirm');
|
||||
define('DISALLOW_TABLE', $table_prefix.'disallow');
|
||||
define('FORUMS_TABLE', $table_prefix.'forums');
|
||||
define('GROUPS_TABLE', $table_prefix.'groups');
|
||||
|
||||
@ -222,7 +222,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
|
||||
|
||||
$current_time = time();
|
||||
|
||||
if ($mode == 'newtopic' || $mode == 'reply')
|
||||
if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost')
|
||||
{
|
||||
//
|
||||
// Flood control
|
||||
@ -242,7 +242,8 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
|
||||
}
|
||||
}
|
||||
}
|
||||
else if ($mode == 'editpost')
|
||||
|
||||
if ($mode == 'editpost')
|
||||
{
|
||||
remove_search_post($post_id);
|
||||
}
|
||||
|
||||
@ -27,6 +27,12 @@ if ( !defined('IN_PHPBB') )
|
||||
exit;
|
||||
}
|
||||
|
||||
// Is send through board enabled? No, return to index
|
||||
if (!$board_config['board_email_form'])
|
||||
{
|
||||
redirect(append_sid("index.$phpEx"));
|
||||
}
|
||||
|
||||
if ( !empty($HTTP_GET_VARS[POST_USERS_URL]) || !empty($HTTP_POST_VARS[POST_USERS_URL]) )
|
||||
{
|
||||
$user_id = ( !empty($HTTP_GET_VARS[POST_USERS_URL]) ) ? intval($HTTP_GET_VARS[POST_USERS_URL]) : intval($HTTP_POST_VARS[POST_USERS_URL]);
|
||||
@ -61,12 +67,6 @@ if ( $result = $db->sql_query($sql) )
|
||||
|
||||
if ( isset($HTTP_POST_VARS['submit']) )
|
||||
{
|
||||
// session id check
|
||||
if ($sid == '' || $sid != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
$error = FALSE;
|
||||
|
||||
if ( !empty($HTTP_POST_VARS['subject']) )
|
||||
@ -175,7 +175,7 @@ if ( $result = $db->sql_query($sql) )
|
||||
$template->assign_vars(array(
|
||||
'USERNAME' => $username,
|
||||
|
||||
'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />',
|
||||
'S_HIDDEN_FIELDS' => '',
|
||||
'S_POST_ACTION' => append_sid("profile.$phpEx?&mode=email&" . POST_USERS_URL . "=$user_id"),
|
||||
|
||||
'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'],
|
||||
|
||||
@ -46,8 +46,8 @@ function show_coppa()
|
||||
"AGREE_UNDER_13" => $lang['Agree_under_13'],
|
||||
'DO_NOT_AGREE' => $lang['Agree_not'],
|
||||
|
||||
"U_AGREE_OVER13" => "profile.$phpEx?mode=register&agreed=true&sid=" . $userdata['session_id'],
|
||||
"U_AGREE_UNDER13" => "profile.$phpEx?mode=register&agreed=true&coppa=true&sid=" . $userdata['session_id'])
|
||||
"U_AGREE_OVER13" => "profile.$phpEx?mode=register&agreed=true",
|
||||
"U_AGREE_UNDER13" => "profile.$phpEx?mode=register&agreed=true&coppa=true")
|
||||
);
|
||||
|
||||
$template->pparse('body');
|
||||
@ -80,12 +80,6 @@ if (
|
||||
isset($HTTP_POST_VARS['cancelavatar']) ||
|
||||
$mode == 'register' )
|
||||
{
|
||||
// session id check
|
||||
if ($sid == '' || $sid != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
|
||||
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
|
||||
include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
|
||||
@ -765,7 +759,7 @@ else
|
||||
}
|
||||
}
|
||||
|
||||
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
|
||||
if( $mode == 'editprofile' )
|
||||
{
|
||||
$s_hidden_fields .= '<input type="hidden" name="user_id" value="' . $userdata['user_id'] . '" />';
|
||||
|
||||
@ -29,12 +29,6 @@ if ( !defined('IN_PHPBB') )
|
||||
|
||||
if ( isset($HTTP_POST_VARS['submit']) )
|
||||
{
|
||||
// session id check
|
||||
if ($sid == '' || $sid != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags($HTTP_POST_VARS['username'])) : '';
|
||||
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';
|
||||
|
||||
@ -133,7 +127,7 @@ $template->assign_vars(array(
|
||||
'L_SUBMIT' => $lang['Submit'],
|
||||
'L_RESET' => $lang['Reset'],
|
||||
|
||||
'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />',
|
||||
'S_HIDDEN_FIELDS' => '',
|
||||
'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=sendpassword"))
|
||||
);
|
||||
|
||||
|
||||
@ -92,13 +92,13 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
|
||||
else
|
||||
{
|
||||
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
|
||||
$redirect = str_replace("?", "&", $redirect);
|
||||
$redirect = str_replace('?', '&', $redirect);
|
||||
|
||||
$template->assign_vars(array(
|
||||
'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id'] . '">')
|
||||
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
|
||||
);
|
||||
|
||||
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id'] . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
|
||||
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
|
||||
|
||||
message_die(GENERAL_MESSAGE, $message);
|
||||
}
|
||||
@ -110,22 +110,16 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
|
||||
$redirect = str_replace("?", "&", $redirect);
|
||||
|
||||
$template->assign_vars(array(
|
||||
'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id'] . '">')
|
||||
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
|
||||
);
|
||||
|
||||
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id'] . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
|
||||
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
|
||||
|
||||
message_die(GENERAL_MESSAGE, $message);
|
||||
}
|
||||
}
|
||||
else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
|
||||
{
|
||||
// session id check
|
||||
if ($sid == '' || $sid != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
if( $userdata['session_logged_in'] )
|
||||
{
|
||||
session_end($userdata['session_id'], $userdata['user_id']);
|
||||
@ -201,7 +195,7 @@ else
|
||||
|
||||
$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
|
||||
|
||||
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="redirect" value="' . $forward_page . '" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';
|
||||
|
||||
make_jumpbox('viewforum.'.$phpEx, $forum_id);
|
||||
$template->assign_vars(array(
|
||||
|
||||
@ -119,26 +119,6 @@ if ( isset($HTTP_POST_VARS['cancel']) )
|
||||
redirect(append_sid($redirect, true) . $post_append);
|
||||
}
|
||||
|
||||
//
|
||||
// Compare sid ... if sids don't match
|
||||
// output message ... note that AOL'ers may
|
||||
// obtain this error until the session code
|
||||
// is modified to change the 6 to 4 in the IP
|
||||
// comparison checks ... or if a user takes
|
||||
// longer than session time to submit the form
|
||||
// both can be easily altered by the admin
|
||||
//
|
||||
if ( $submit || $refresh )
|
||||
{
|
||||
if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
|
||||
{
|
||||
// I've not added this to the language set at this time ... re-releasing
|
||||
// every single language to include this for the once in a blue moon
|
||||
// time it will be output is just not worthwhile at present.
|
||||
message_die(GENERAL_MESSAGE, 'Invalid_session');
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// What auth type do we need to check?
|
||||
//
|
||||
@ -434,7 +414,7 @@ if ( ( $delete || $poll_delete || $mode == 'delete' ) && !$confirm )
|
||||
//
|
||||
// Confirm deletion
|
||||
//
|
||||
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_POST_URL . '" value="' . $post_id . '" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="' . POST_POST_URL . '" value="' . $post_id . '" />';
|
||||
$s_hidden_fields .= ( $delete || $mode == "delete" ) ? '<input type="hidden" name="mode" value="delete" />' : '<input type="hidden" name="mode" value="poll_delete" />';
|
||||
|
||||
$l_confirm = ( $delete || $mode == 'delete' ) ? $lang['Confirm_delete'] : $lang['Confirm_delete_poll'];
|
||||
@ -926,7 +906,7 @@ if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] )
|
||||
}
|
||||
}
|
||||
|
||||
$hidden_form_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" />';
|
||||
$hidden_form_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
|
||||
|
||||
switch( $mode )
|
||||
{
|
||||
|
||||
@ -437,7 +437,7 @@ else if ( $mode == 'read' )
|
||||
$l_box_name = $lang['Sent'];
|
||||
}
|
||||
|
||||
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mark[]" value="' . $privmsgs_id . '" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="mark[]" value="' . $privmsgs_id . '" />';
|
||||
|
||||
$page_title = $lang['Read_pm'];
|
||||
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
|
||||
@ -664,12 +664,6 @@ else if ( ( $delete && $mark_list ) || $delete_all )
|
||||
redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
|
||||
}
|
||||
|
||||
// session id check
|
||||
if ($sid == '' || $sid != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
if ( isset($mark_list) && !is_array($mark_list) )
|
||||
{
|
||||
// Set to empty array instead of '0' if nothing is selected.
|
||||
@ -678,7 +672,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
|
||||
|
||||
if ( !$confirm )
|
||||
{
|
||||
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
|
||||
$s_hidden_fields .= ( isset($HTTP_POST_VARS['delete']) ) ? '<input type="hidden" name="delete" value="true" />' : '<input type="hidden" name="deleteall" value="true" />';
|
||||
|
||||
for($i = 0; $i < count($mark_list); $i++)
|
||||
@ -896,12 +890,6 @@ else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
|
||||
{
|
||||
redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
|
||||
}
|
||||
|
||||
// session id check
|
||||
if ($sid == '' || $sid != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
if (sizeof($mark_list))
|
||||
{
|
||||
@ -1150,12 +1138,6 @@ else if ( $submit || $refresh || $mode != '' )
|
||||
|
||||
if ( $submit )
|
||||
{
|
||||
// session id check
|
||||
if ($sid == '' || $sid != $userdata['session_id'])
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
if ( !empty($HTTP_POST_VARS['username']) )
|
||||
{
|
||||
$to_username = $HTTP_POST_VARS['username'];
|
||||
@ -1594,7 +1576,7 @@ else if ( $submit || $refresh || $mode != '' )
|
||||
$preview_message = make_clickable($preview_message);
|
||||
$preview_message = str_replace("\n", '<br />', $preview_message);
|
||||
|
||||
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="folder" value="' . $folder . '" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
|
||||
$s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
|
||||
|
||||
if ( isset($privmsg_id) )
|
||||
@ -1716,7 +1698,7 @@ else if ( $submit || $refresh || $mode != '' )
|
||||
$post_a = $lang['Edit_message'];
|
||||
}
|
||||
|
||||
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="folder" value="' . $folder . '" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
|
||||
$s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
|
||||
if ( $mode == 'edit' )
|
||||
{
|
||||
@ -2082,7 +2064,7 @@ $template->assign_vars(array(
|
||||
'L_SAVE_MARKED' => $lang['Save_marked'],
|
||||
|
||||
'S_PRIVMSGS_ACTION' => append_sid("privmsg.$phpEx?folder=$folder"),
|
||||
'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />',
|
||||
'S_HIDDEN_FIELDS' => '',
|
||||
'S_POST_NEW_MSG' => $post_new_mesg_url,
|
||||
'S_SELECT_MSG_DAYS' => $select_msg_days,
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user