makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/16207] Stop forcing session id in URLs

Browse source 
PHPBB3-16207
This commit is contained in:
Marc Alexander 2021-07-17 21:27:12 +02:00
parent a207454692
commit 5b68527eec
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
7 changed files with 8 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/acp/acp_prune.php
View file

@ -327,7 +327,7 @@ class acp_prune
'USERNAME' => $usernames[$user_id], 'USERNAME' => $usernames[$user_id],
'USER_ID' => $user_id, 'USER_ID' => $user_id,
'U_PROFILE' => get_username_string('profile', $user_id, $usernames[$user_id]), 'U_PROFILE' => get_username_string('profile', $user_id, $usernames[$user_id]),
'U_USER_ADMIN' => ($auth->acl_get('a_user')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview&u=' . $user_id, true, $user->session_id) : '', 'U_USER_ADMIN' => ($auth->acl_get('a_user')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview&u=' . $user_id) : '',
)); ));
} }

2
phpBB/includes/functions.php
View file

@ -3716,7 +3716,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
// Generate logged in/logged out status // Generate logged in/logged out status
if ($user->data['user_id'] != ANONYMOUS) if ($user->data['user_id'] != ANONYMOUS)
{ {
$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout', true, $user->session_id); $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout');
$l_login_logout = $user->lang['LOGOUT']; $l_login_logout = $user->lang['LOGOUT'];
} }
else else

2
phpBB/includes/ucp/ucp_pm_compose.php
View file

@ -542,7 +542,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
$message_parser->message = ($action == 'reply') ? '' : $message_text; $message_parser->message = ($action == 'reply') ? '' : $message_text;
unset($message_text); unset($message_text);
$s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=$mode&action=$action", true, $user->session_id); $s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=$mode&action=$action");
$s_action .= (($folder_id) ? "&f=$folder_id" : '') . (($msg_id) ? "&p=$msg_id" : ''); $s_action .= (($folder_id) ? "&f=$folder_id" : '') . (($msg_id) ? "&p=$msg_id" : '');
// Delete triggered ? // Delete triggered ?

2
phpBB/phpbb/controller/helper.php
View file

@ -307,7 +307,7 @@ class helper
'TRANSLATION_INFO' => $this->language->is_set('TRANSLATION_INFO') ? $this->language->lang('TRANSLATION_INFO') : '', 'TRANSLATION_INFO' => $this->language->is_set('TRANSLATION_INFO') ? $this->language->lang('TRANSLATION_INFO') : '',
'CREDIT_LINE' => $this->language->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Limited'), 'CREDIT_LINE' => $this->language->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Limited'),
'U_ACP' => ($this->auth->acl_get('a_') && !empty($this->user->data['is_registered'])) ? append_sid("{$this->admin_path}index.{$this->php_ext}", false, true, $this->user->session_id) : '', 'U_ACP' => ($this->auth->acl_get('a_') && !empty($this->user->data['is_registered'])) ? append_sid("{$this->admin_path}index.{$this->php_ext}") : '',
]); ]);
if ($run_cron) if ($run_cron)

2
phpBB/phpbb/log/log.php
View file

@ -748,7 +748,7 @@ class log implements \phpbb\log\log_interface
{ {
$log[$key]['viewtopic'] = (isset($topic_auth['f_read'][$row['topic_id']])) ? append_sid("{$this->phpbb_root_path}viewtopic.{$this->php_ext}", 'f=' . $topic_auth['f_read'][$row['topic_id']] . '&amp;t=' . $row['topic_id']) : false; $log[$key]['viewtopic'] = (isset($topic_auth['f_read'][$row['topic_id']])) ? append_sid("{$this->phpbb_root_path}viewtopic.{$this->php_ext}", 'f=' . $topic_auth['f_read'][$row['topic_id']] . '&amp;t=' . $row['topic_id']) : false;
$log[$key]['viewpost'] = (isset($topic_auth['f_read'][$row['topic_id']]) && $row['post_id']) ? append_sid("{$this->phpbb_root_path}viewtopic.{$this->php_ext}", 'f=' . $topic_auth['f_read'][$row['topic_id']] . '&amp;t=' . $row['topic_id'] . '&amp;p=' . $row['post_id'] . '#p' . $row['post_id']) : false; $log[$key]['viewpost'] = (isset($topic_auth['f_read'][$row['topic_id']]) && $row['post_id']) ? append_sid("{$this->phpbb_root_path}viewtopic.{$this->php_ext}", 'f=' . $topic_auth['f_read'][$row['topic_id']] . '&amp;t=' . $row['topic_id'] . '&amp;p=' . $row['post_id'] . '#p' . $row['post_id']) : false;
$log[$key]['viewlogs'] = (isset($topic_auth['m_'][$row['topic_id']])) ? append_sid("{$this->phpbb_root_path}mcp.{$this->php_ext}", 'i=logs&amp;mode=topic_logs&amp;t=' . $row['topic_id'], true, $this->user->session_id) : false; $log[$key]['viewlogs'] = (isset($topic_auth['m_'][$row['topic_id']])) ? append_sid("{$this->phpbb_root_path}mcp.{$this->php_ext}", 'i=logs&amp;mode=topic_logs&amp;t=' . $row['topic_id']) : false;
} }
} }

12
phpBB/phpbb/session.php
View file

@ -272,8 +272,8 @@ class session
$this->cookie_data['k'] = $request->variable($config['cookie_name'] . '_k', '', false, \phpbb\request\request_interface::COOKIE); $this->cookie_data['k'] = $request->variable($config['cookie_name'] . '_k', '', false, \phpbb\request\request_interface::COOKIE);
$this->session_id = $request->variable($config['cookie_name'] . '_sid', '', false, \phpbb\request\request_interface::COOKIE); $this->session_id = $request->variable($config['cookie_name'] . '_sid', '', false, \phpbb\request\request_interface::COOKIE);
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; $SID = '?sid=';
$_SID = (defined('NEED_SID')) ? $this->session_id : ''; $_SID = '';
if (empty($this->session_id)) if (empty($this->session_id))
{ {
@ -343,14 +343,6 @@ class session
} }
} }
// if no session id is set, redirect to index.php
$session_id = $request->variable('sid', '');
if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id))
{
send_status_line(401, 'Unauthorized');
redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
}
// if session id is set // if session id is set
if (!empty($this->session_id)) if (!empty($this->session_id))
{ {

4
phpBB/viewtopic.php
View file

@ -645,9 +645,7 @@ $s_quickmod_action = append_sid(
'start' => $start, 'start' => $start,
'quickmod' => 1, 'quickmod' => 1,
'redirect' => urlencode(str_replace('&amp;', '&', $viewtopic_url)), 'redirect' => urlencode(str_replace('&amp;', '&', $viewtopic_url)),
), )
true,
$user->session_id
); );
$quickmod_array = array( $quickmod_array = array(