From 32830195ee5922875a605f7d7c5db42c7c233941 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Tue, 3 Dec 2002 20:34:54 +0000 Subject: [PATCH] More updates git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3172 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_selects.php | 2 +- phpBB/includes/page_header.php | 2 +- phpBB/includes/usercp_email.php | 3 ++- phpBB/includes/usercp_register.php | 12 ++++++------ phpBB/includes/usercp_sendpasswd.php | 3 ++- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/phpBB/includes/functions_selects.php b/phpBB/includes/functions_selects.php index f669b27499..33e07652e7 100644 --- a/phpBB/includes/functions_selects.php +++ b/phpBB/includes/functions_selects.php @@ -28,7 +28,7 @@ function language_select($default, $select_name = "language", $dirname="language { global $phpEx, $phpbb_root_path; - $dir = opendir($phpbb_root_path . $dirname); + $dir = opendir(realpath($dirname)); $lang = array(); while ( $file = readdir($dir) ) diff --git a/phpBB/includes/page_header.php b/phpBB/includes/page_header.php index 9c321055dc..f8cc327c7e 100644 --- a/phpBB/includes/page_header.php +++ b/phpBB/includes/page_header.php @@ -273,7 +273,7 @@ if ( $userdata['session_logged_in'] ) else { $s_privmsg_new = 0; - $icon_pm = $images['pm_no_new_msg']; + $icon_pm = $images['pm_new_msg']; } } else diff --git a/phpBB/includes/usercp_email.php b/phpBB/includes/usercp_email.php index 4c86664b79..1e0e250e39 100644 --- a/phpBB/includes/usercp_email.php +++ b/phpBB/includes/usercp_email.php @@ -61,7 +61,8 @@ if ( $result = $db->sql_query($sql) ) if ( isset($HTTP_POST_VARS['submit']) ) { - if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id']) + // session id check + if ($sid == '' || $sid != $userdata['session_id']) { message_die(ERROR, 'Invalid_session'); } diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php index bc7a5c9ca3..06653a6739 100644 --- a/phpBB/includes/usercp_register.php +++ b/phpBB/includes/usercp_register.php @@ -33,7 +33,7 @@ if ( !defined('IN_PHPBB') ) // function show_coppa() { - global $template, $lang, $phpbb_root_path, $phpEx; + global $userdata, $template, $lang, $phpbb_root_path, $phpEx; $template->set_filenames(array( 'body' => 'agreement.tpl') @@ -46,8 +46,8 @@ function show_coppa() "AGREE_UNDER_13" => $lang['Agree_under_13'], 'DO_NOT_AGREE' => $lang['Agree_not'], - "U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&agreed=true"), - "U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&agreed=true&coppa=true")) + "U_AGREE_OVER13" => "profile.$phpEx?mode=register&agreed=true&sid=" . $userdata['session_id'], + "U_AGREE_UNDER13" => "profile.$phpEx?mode=register&agreed=true&coppa=true&sid=" . $userdata['session_id']) ); $template->pparse('body'); @@ -80,9 +80,10 @@ if ( isset($HTTP_POST_VARS['cancelavatar']) || $mode == 'register' ) { - if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id']) + // session id check + if ($sid == '' || $sid != $userdata['session_id']) { - message_die(ERROR, 'Invalid_session_id'); + message_die(ERROR, 'Invalid_session'); } include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); @@ -246,7 +247,6 @@ if ( isset($HTTP_POST_VARS['submit']) ) $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Fields_empty']; } - } $passwd_sql = ''; diff --git a/phpBB/includes/usercp_sendpasswd.php b/phpBB/includes/usercp_sendpasswd.php index 3399c081f7..21942b36e2 100644 --- a/phpBB/includes/usercp_sendpasswd.php +++ b/phpBB/includes/usercp_sendpasswd.php @@ -29,7 +29,8 @@ if ( !defined('IN_PHPBB') ) if ( isset($HTTP_POST_VARS['submit']) ) { - if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id']) + // session id check + if ($sid == '' || $sid != $userdata['session_id']) { message_die(ERROR, 'Invalid_session'); }