makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 12:28:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/10913] Redirect to index if session id is required but was not sent

Browse source 
PHPBB3-10913
This commit is contained in:
Nils Adermann 2012-05-29 14:54:04 +02:00
parent efa96e1817
commit 42dd60edad
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
phpBB/includes/session.php
View file

@ -322,8 +322,15 @@ class session
} }
} }
// Is session_id is set or session_id is set and matches the url param if required // if no session id is set, redirect to index.php
if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid']))) if (defined('NEED_SID') && (!isset($_GET['sid']) || $this->session_id !== $_GET['sid']))
{
send_status_line(401, 'Not authorized');
redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
}
// if session id is set
if (!empty($this->session_id))
{ {
$sql = 'SELECT u.*, s.* $sql = 'SELECT u.*, s.*
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u