makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/delete-auto-logins] checks form key

Browse source 
The form key is checked after submission if not correct error is returned.

PHPBB3-9647
This commit is contained in:
Dhruv Goel 2012-04-01 16:57:46 +05:30
parent 79ef960435
commit 4129711e9f
1 changed files with 23 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
phpBB/includes/ucp/ucp_profile.php
View file

@ -627,6 +627,13 @@ class ucp_profile
{ {
$keys = request_var('keys', array('')); $keys = request_var('keys', array(''));
if (!check_form_key('ucp_autologin_keys'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
if (!empty($keys)) if (!empty($keys))
{ {
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
@ -641,6 +648,10 @@ class ucp_profile
} }
} }
// Replace "error" strings with their real, localised form
$error = array_map(array($user, 'lang'), $error);
}
$sql = 'SELECT key_id, last_ip, last_login $sql = 'SELECT key_id, last_ip, last_login
FROM ' . SESSIONS_KEYS_TABLE . ' FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user->data['user_id']; WHERE user_id = ' . (int) $user->data['user_id'];
@ -650,6 +661,8 @@ class ucp_profile
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
{ {
$template->assign_block_vars('sessions', array( $template->assign_block_vars('sessions', array(
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'KEY' => $row['key_id'], 'KEY' => $row['key_id'],
'IP' => $row['last_ip'], 'IP' => $row['last_ip'],
'LOGIN_TIME' => $row['last_login'], 'LOGIN_TIME' => $row['last_login'],