diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php
index 80e102db21..a5dedfeebb 100644
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@@ -60,8 +60,15 @@ class acp_main
{
if ($action === 'admlogout')
{
- $user->unset_admin();
- redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
+ if (check_link_hash($request->variable('hash', ''), 'acp_logout'))
+ {
+ $user->unset_admin();
+ redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
+ }
+ else
+ {
+ redirect(append_sid("{$phpbb_admin_path}index.$phpEx"));
+ }
}
if (!confirm_box(true))
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index ce9e655c11..324946ad80 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -3716,7 +3716,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
// Generate logged in/logged out status
if ($user->data['user_id'] != ANONYMOUS)
{
- $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout');
+ $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout&hash=' . generate_link_hash('ucp_logout'));
$l_login_logout = $user->lang['LOGOUT'];
}
else
diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php
index ba1584ab82..4baae44c84 100644
--- a/phpBB/includes/functions_acp.php
+++ b/phpBB/includes/functions_acp.php
@@ -85,7 +85,7 @@ function adm_page_header($page_title)
'PHPBB_MAJOR' => $phpbb_major,
'U_LOGOUT' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'),
- 'U_ADM_LOGOUT' => append_sid("{$phpbb_admin_path}index.$phpEx", 'action=admlogout'),
+ 'U_ADM_LOGOUT' => append_sid("{$phpbb_admin_path}index.$phpEx", 'action=admlogout&hash=' . generate_link_hash('acp_logout')),
'U_ADM_INDEX' => append_sid("{$phpbb_admin_path}index.$phpEx"),
'U_INDEX' => append_sid("{$phpbb_root_path}index.$phpEx"),
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 400970242d..eb038cc8e5 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -275,7 +275,7 @@ class session
$SID = '?sid=';
$_SID = '';
- if (empty($this->session_id))
+ if (empty($this->session_id) && $phpbb_container->getParameter('session.force_sid'))
{
$this->session_id = $_SID = $request->variable('sid', '');
$SID = '?sid=' . $this->session_id;
@@ -284,7 +284,7 @@ class session
}
else
{
- $this->session_id = $_SID = $request->variable('sid', '');
+ $this->session_id = $_SID = $phpbb_container->getParameter('session.force_sid') ? $request->variable('sid', '') : '';
$SID = '?sid=' . $this->session_id;
}
diff --git a/phpBB/styles/prosilver/template/index_body.html b/phpBB/styles/prosilver/template/index_body.html
index 94d069b597..4b41e2b83c 100644
--- a/phpBB/styles/prosilver/template/index_body.html
+++ b/phpBB/styles/prosilver/template/index_body.html
@@ -25,7 +25,7 @@
{L_FORGOT_PASS}
- |
+ |
{S_LOGIN_REDIRECT}
diff --git a/phpBB/styles/prosilver/template/login_body.html b/phpBB/styles/prosilver/template/login_body.html
index 14df8c23a2..cfb15bca79 100644
--- a/phpBB/styles/prosilver/template/login_body.html
+++ b/phpBB/styles/prosilver/template/login_body.html
@@ -28,7 +28,7 @@
-
-
+
diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html
index c6053e7f88..428e5dc9fd 100644
--- a/phpBB/styles/prosilver/template/viewforum_body.html
+++ b/phpBB/styles/prosilver/template/viewforum_body.html
@@ -106,7 +106,7 @@
-
+
diff --git a/phpBB/ucp.php b/phpBB/ucp.php
index 817ea72111..240d9f0741 100644
--- a/phpBB/ucp.php
+++ b/phpBB/ucp.php
@@ -103,7 +103,7 @@ switch ($mode)
break;
case 'logout':
- if ($user->data['user_id'] != ANONYMOUS && $request->is_set('sid') && $request->variable('sid', '') === $user->session_id)
+ if ($user->data['user_id'] != ANONYMOUS && check_link_hash($request->variable('hash', ''), 'ucp_logout'))
{
$user->session_kill();
}
diff --git a/tests/functional/auth_test.php b/tests/functional/auth_test.php
index 23807c43dc..a0c96b21ea 100644
--- a/tests/functional/auth_test.php
+++ b/tests/functional/auth_test.php
@@ -60,12 +60,7 @@ class phpbb_functional_auth_test extends phpbb_functional_test_case
$this->login();
$this->add_lang('ucp');
- // logout
- $crawler = self::request('GET', 'ucp.php?sid=' . $this->sid . '&mode=logout');
-
- // look for a register link, which should be visible only when logged out
- $crawler = self::request('GET', 'index.php');
- $this->assertStringContainsString($this->lang('REGISTER'), $crawler->filter('.navbar')->text());
+ $this->logout();
}
public function test_acp_login()
diff --git a/tests/functional/mcp_test.php b/tests/functional/mcp_test.php
index a9ba2f3a83..11b877be20 100644
--- a/tests/functional/mcp_test.php
+++ b/tests/functional/mcp_test.php
@@ -46,6 +46,7 @@ class phpbb_functional_mcp_test extends phpbb_functional_test_case
public function test_move_post_to_topic($crawler)
{
$this->login();
+ $this->add_lang('mcp');
// Select the post in MCP
$form = $crawler->selectButton($this->lang('SUBMIT'))->form(array(
@@ -55,18 +56,11 @@ class phpbb_functional_mcp_test extends phpbb_functional_test_case
$crawler = self::submit($form);
$this->assertStringContainsString($this->lang('MERGE_POSTS'), $crawler->filter('html')->text());
- return $crawler;
- }
-
- /**
- * @depends test_move_post_to_topic
- */
- public function test_confirm_result($crawler)
- {
- $this->add_lang('mcp');
$form = $crawler->selectButton('Yes')->form();
$crawler = self::submit($form);
$this->assertStringContainsString($this->lang('POSTS_MERGED_SUCCESS'), $crawler->text());
+
+ return $crawler;
}
public function test_delete_logs()
diff --git a/tests/functional/report_post_captcha_test.php b/tests/functional/report_post_captcha_test.php
index e4c2ff6ab7..1c7435fcf3 100644
--- a/tests/functional/report_post_captcha_test.php
+++ b/tests/functional/report_post_captcha_test.php
@@ -64,8 +64,8 @@ class phpbb_functional_report_post_captcha_test extends phpbb_functional_test_ca
$values = $form->getValues();
$values["setting[1][2][f_report]"] = $report_post_allowed;
$form->setValues($values);
- $crawler = self::submit($form);
+ self::submit($form);
- $crawler = self::request('GET', 'ucp.php?mode=logout&sid=' . $this->sid);
+ $this->logout();
}
}
diff --git a/tests/functional/ucp_profile_test.php b/tests/functional/ucp_profile_test.php
index 18839a5a68..311a30d56b 100644
--- a/tests/functional/ucp_profile_test.php
+++ b/tests/functional/ucp_profile_test.php
@@ -89,7 +89,10 @@ class phpbb_functional_ucp_profile_test extends phpbb_functional_test_case
$this->assertStringContainsString($key_id, $crawler->filter('label[for="' . $key_id . '"]')->text());
$form = $crawler->selectButton('submit')->form();
- $form['keys'][0]->tick();
+ foreach ($form['keys'] as $key)
+ {
+ $key->tick();
+ }
$crawler = self::submit($form);
$this->assertStringContainsString($this->lang('AUTOLOGIN_SESSION_KEYS_DELETED'), $crawler->filter('html')->text());
diff --git a/tests/test_framework/phpbb_functional_test_case.php b/tests/test_framework/phpbb_functional_test_case.php
index 600fbe60be..8d48821f47 100644
--- a/tests/test_framework/phpbb_functional_test_case.php
+++ b/tests/test_framework/phpbb_functional_test_case.php
@@ -829,10 +829,13 @@ class phpbb_functional_test_case extends phpbb_test_case
{
$this->add_lang('ucp');
- $crawler = self::request('GET', 'ucp.php?sid=' . $this->sid . '&mode=logout');
+ $crawler = self::request('GET', 'index.php');
+ $logout_link = $crawler->filter('a[title="' . $this->lang('LOGOUT') . '"]')->attr('href');
+ self::request('GET', $logout_link);
+
+ $crawler = self::request('GET', $logout_link);
$this->assertStringContainsString($this->lang('REGISTER'), $crawler->filter('.navbar')->text());
unset($this->sid);
-
}
/**