makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-29 06:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/16825] Do not use session ID from URL if force_sid is not enabled

Browse source 
PHPBB3-16825
This commit is contained in:
Marc Alexander 2021-07-26 21:03:14 +02:00
parent 9eb21f28fc
commit 03ec6ce0a9
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
phpBB/phpbb/session.php
View file

@ -275,7 +275,7 @@ class session
$SID = '?sid=';
$_SID = '';
if (empty($this->session_id))
if (empty($this->session_id) && $phpbb_container->getParameter('session.force_sid'))
{
$this->session_id = $_SID = $request->variable('sid', '');
$SID = '?sid=' . $this->session_id;
@ -284,7 +284,7 @@ class session
}
else
{
$this->session_id = $_SID = $request->variable('sid', '');
$this->session_id = $_SID = $phpbb_container->getParameter('session.force_sid') ? $request->variable('sid', '') : '';
$SID = '?sid=' . $this->session_id;
}