mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

Remove user facing session_id checks, they remain in admin and mod panels, fix bug which allows sending email via board even when disabled

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3481 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
2003-02-21 11:16:44 +00:00
parent e6e429b7f9
commit ea33ee4b11
9 changed files with 31 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
phpBB/posting.php
View File

@@ -119,26 +119,6 @@ if ( isset($HTTP_POST_VARS['cancel']) )
redirect(append_sid($redirect, true) . $post_append);
}
//
// Compare sid ... if sids don't match
// output message ... note that AOL'ers may
// obtain this error until the session code
// is modified to change the 6 to 4 in the IP
// comparison checks ... or if a user takes
// longer than session time to submit the form
// both can be easily altered by the admin
//
if ( $submit || $refresh )
{
if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
{
// I've not added this to the language set at this time ... re-releasing
// every single language to include this for the once in a blue moon
// time it will be output is just not worthwhile at present.
message_die(GENERAL_MESSAGE, 'Invalid_session');
}
}
//
// What auth type do we need to check?
//
@@ -434,7 +414,7 @@ if ( ( $delete || $poll_delete || $mode == 'delete' ) && !$confirm )
//
// Confirm deletion
//
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_POST_URL . '" value="' . $post_id . '" />';
$s_hidden_fields = '<input type="hidden" name="' . POST_POST_URL . '" value="' . $post_id . '" />';
$s_hidden_fields .= ( $delete || $mode == "delete" ) ? '<input type="hidden" name="mode" value="delete" />' : '<input type="hidden" name="mode" value="poll_delete" />';
$l_confirm = ( $delete || $mode == 'delete' ) ? $lang['Confirm_delete'] : $lang['Confirm_delete_poll'];
@@ -926,7 +906,7 @@ if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] )
}
}
$hidden_form_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" />';
$hidden_form_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
switch( $mode )
{