mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-09 02:06:32 +02:00
Code Issues Releases Wiki Activity

Remove user facing session_id checks, they remain in admin and mod panels, fix bug which allows sending email via board even when disabled

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3481 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
2003-02-21 11:16:44 +00:00
parent e6e429b7f9
commit ea33ee4b11
9 changed files with 31 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
phpBB/includes/usercp_sendpasswd.php
View File

@@ -29,12 +29,6 @@ if ( !defined('IN_PHPBB') )
if ( isset($HTTP_POST_VARS['submit']) )
{
// session id check
if ($sid == '' || $sid != $userdata['session_id'])
{
message_die(GENERAL_ERROR, 'Invalid_session');
}
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags($HTTP_POST_VARS['username'])) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';
@@ -133,7 +127,7 @@ $template->assign_vars(array(
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],
'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />',
'S_HIDDEN_FIELDS' => '',
'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=sendpassword"))
);