From 2ac2d296e0581bcee218e8e06e734691b016e577 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Fri, 8 Oct 2004 11:01:30 +0000 Subject: [PATCH] - cur_page no longer in use - fix confirm box (since it used cur_page) :) git-svn-id: file:///svn/phpbb/trunk@4996 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 14 +++++++++----- phpBB/includes/session.php | 3 +-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 8604a80e84..ecb7e5acb1 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1038,7 +1038,8 @@ function meta_refresh($time, $url) // Build Confirm box function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html') { - global $user, $template, $_POST, $SID, $db; + global $user, $template, $db; + global $SID, $phpEx; if (isset($_POST['cancel'])) { @@ -1087,17 +1088,20 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo // If activation key already exist, we better do not re-use the key (something very strange is going on...) if (request_var('confirm_key', '')) { -// $user->cur_page = preg_replace('#^(.*?)[&|\?]act_key=[A-Z0-9]{10}(.*?)#', '\1\2', str_replace('&', '&', $user->cur_page)); - // Need to adjust... - trigger_error('Hacking attempt'); + // This should not occur, therefore we cancel the operation to safe the user + return false; } + // re-add $SID + $u_action = (strpos($user->page, ".{$phpEx}?") !== false) ? str_replace(".{$phpEx}?", ".$phpEx$SID&", $user->page) . '&' : $user->page . '?'; + $u_action .= 'confirm_key=' . $confirm_key; + $template->assign_vars(array( 'MESSAGE_TITLE' => $user->lang[$title], 'MESSAGE_TEXT' => $user->lang[$title . '_CONFIRM'], 'YES_VALUE' => $user->lang['YES'], - 'S_CONFIRM_ACTION' => $user->cur_page . ((strpos($user->cur_page, '?') !== false) ? '&' : '?') . 'confirm_key=' . $confirm_key, + 'S_CONFIRM_ACTION' => $u_action, 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields) ); diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index add209bd83..36ca2c1ae7 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -18,7 +18,6 @@ class session var $browser = ''; var $ip = ''; var $page = ''; - var $cur_page = ''; var $current_page_filename = ''; var $load; @@ -782,7 +781,7 @@ class user extends session return $imgs[$img . $suffix]; } - // Start code for checking/setting option bit field for user table (if we go that way) + // Start code for checking/setting option bit field for user table function optionget($key, $data = false) { if (!isset($this->keyvalues[$key]))