diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php
index c648fdf100..3f0aa4009b 100644
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@@ -15,7 +15,6 @@
*/
define('IN_PHPBB', true);
define('ADMIN_START', true);
-define('NEED_SID', true);
// Include files
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
diff --git a/phpBB/config/test/config.yml b/phpBB/config/test/config.yml
index a603f59dec..b923e2cb04 100644
--- a/phpBB/config/test/config.yml
+++ b/phpBB/config/test/config.yml
@@ -4,3 +4,6 @@ imports:
core:
require_dev_dependencies: true
allow_install_dir: true
+
+ session:
+ force_sid: false
diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php
index c5f7789de8..bffe993bc7 100644
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -327,7 +327,7 @@ class acp_prune
'USERNAME' => $usernames[$user_id],
'USER_ID' => $user_id,
'U_PROFILE' => get_username_string('profile', $user_id, $usernames[$user_id]),
- 'U_USER_ADMIN' => ($auth->acl_get('a_user')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview&u=' . $user_id, true, $user->session_id) : '',
+ 'U_USER_ADMIN' => ($auth->acl_get('a_user')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview&u=' . $user_id) : '',
));
}
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index e2a28c05b1..4123452445 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -1148,7 +1148,7 @@ class acp_users
'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
- 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
+ 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue') : '',
'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '',
'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index af7b6e5f94..ce9e655c11 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1460,7 +1460,7 @@ function tracking_unserialize($string, $max_depth = 3)
* @param string $url The url the session id needs to be appended to (can have params)
* @param mixed $params String or array of additional url parameters
* @param bool $is_amp Is url using & (true) or & (false)
-* @param string $session_id Possibility to use a custom session id instead of the global one
+* @param string $session_id Possibility to use a custom session id instead of the global one; deprecated as of 4.0.0-a1
* @param bool $is_route Is url generated by a route.
*
* @return string The corrected url.
@@ -1835,7 +1835,7 @@ function build_url($strip_vars = false)
$redirect = str_replace('&', '&', $redirect);
}
- return $redirect . ((strpos($redirect, '?') === false) ? '?' : '');
+ return $redirect;
}
/**
@@ -3716,7 +3716,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
// Generate logged in/logged out status
if ($user->data['user_id'] != ANONYMOUS)
{
- $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout', true, $user->session_id);
+ $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout');
$l_login_logout = $user->lang['LOGOUT'];
}
else
@@ -3930,7 +3930,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
'U_REGISTER' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
'U_PROFILE' => append_sid("{$phpbb_root_path}ucp.$phpEx"),
'U_USER_PROFILE' => get_username_string('profile', $user->data['user_id'], $user->data['username'], $user->data['user_colour']),
- 'U_MODCP' => append_sid("{$phpbb_root_path}mcp.$phpEx", false, true, $user->session_id),
+ 'U_MODCP' => append_sid("{$phpbb_root_path}mcp.$phpEx"),
'U_FAQ' => $controller_helper->route('phpbb_help_faq_controller'),
'U_SEARCH_SELF' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=egosearch'),
'U_SEARCH_NEW' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=newposts'),
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index 6d7d97922d..cf9d96c8af 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -1689,8 +1689,8 @@ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabl
'S_WARNINGS' => ($auth->acl_getf_global('m_') || $auth->acl_get('m_warn')) ? true : false,
'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id=$user_id&sr=posts") : '',
- 'U_NOTES' => ($user_notes_enabled && $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $user_id, true, $user->session_id) : '',
- 'U_WARN' => ($warn_user_enabled && $auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $user_id, true, $user->session_id) : '',
+ 'U_NOTES' => ($user_notes_enabled && $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $user_id) : '',
+ 'U_WARN' => ($warn_user_enabled && $auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $user_id) : '',
'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && $can_receive_pm) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&u=' . $user_id) : '',
'U_EMAIL' => $email,
'U_JABBER' => ($data['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=jabber&u=' . $user_id) : '',
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 4ec032c0a9..11c9aad8eb 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -1247,7 +1247,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
'POST_TIME' => $row['post_time'],
'USER_ID' => $row['user_id'],
'U_MINI_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'],
- 'U_MCP_DETAILS' => ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=post_details&f=' . $forum_id . '&p=' . $row['post_id'], true, $user->session_id) : '',
+ 'U_MCP_DETAILS' => ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=post_details&f=' . $forum_id . '&p=' . $row['post_id']) : '',
'POSTER_QUOTE' => ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) ? addslashes(get_username_string('username', $poster_id, $row['username'], $row['user_colour'], $row['post_username'])) : '',
);
diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php
index 32ecff6652..e2eba5fd10 100644
--- a/phpBB/includes/mcp/mcp_forum.php
+++ b/phpBB/includes/mcp/mcp_forum.php
@@ -50,10 +50,17 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
$url = append_sid("{$phpbb_root_path}mcp.$phpEx?$url_extra");
+ add_form_key('mcp_forum');
+
// Resync Topics
switch ($action)
{
case 'resync':
+ if (!check_form_key('mcp_forum'))
+ {
+ trigger_error('FORM_INVALID');
+ }
+
$topic_ids = $request->variable('topic_id_list', array(0));
mcp_resync_topics($topic_ids);
break;
diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php
index 3477e880ec..a79d382b36 100644
--- a/phpBB/includes/mcp/mcp_topic.php
+++ b/phpBB/includes/mcp/mcp_topic.php
@@ -55,9 +55,16 @@ function mcp_topic_view($id, $mode, $action)
$submitted_id_list = $request->variable('post_ids', array(0));
$checked_ids = $post_id_list = $request->variable('post_id_list', array(0));
+ add_form_key('mcp_topic');
+
// Resync Topic?
if ($action == 'resync')
{
+ if (!check_form_key('mcp_topic'))
+ {
+ trigger_error('FORM_INVALID');
+ }
+
if (!function_exists('mcp_resync_topics'))
{
include($phpbb_root_path . 'includes/mcp/mcp_forum.' . $phpEx);
@@ -90,7 +97,7 @@ function mcp_topic_view($id, $mode, $action)
$subject = $topic_info['topic_title'];
}
- // Restore or pprove posts?
+ // Restore or approve posts?
if (($action == 'restore' || $action == 'approve') && $auth->acl_get('m_approve', $topic_info['forum_id']))
{
if (!class_exists('mcp_queue'))
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index 7cb4c85916..8fe4c30179 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -542,7 +542,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
$message_parser->message = ($action == 'reply') ? '' : $message_text;
unset($message_text);
- $s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=$mode&action=$action", true, $user->session_id);
+ $s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=$mode&action=$action");
$s_action .= (($folder_id) ? "&f=$folder_id" : '') . (($msg_id) ? "&p=$msg_id" : '');
// Delete triggered ?
diff --git a/phpBB/index.php b/phpBB/index.php
index c41de04b4d..d797ae1230 100644
--- a/phpBB/index.php
+++ b/phpBB/index.php
@@ -228,7 +228,7 @@ $template->assign_vars(array(
'S_INDEX' => true,
'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '',
- 'U_MCP' => ($auth->acl_get('m_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=front', true, $user->session_id) : '')
+ 'U_MCP' => ($auth->acl_get('m_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=front') : '')
);
$page_title = ($config['board_index_text'] !== '') ? $config['board_index_text'] : $user->lang['INDEX'];
diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php
index b9c69c9296..530f73b16e 100644
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -794,8 +794,8 @@ switch ($mode)
'S_CUSTOM_FIELDS' => (isset($profile_fields['row']) && count($profile_fields['row'])) ? true : false,
'U_USER_ADMIN' => ($auth->acl_get('a_user')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview&u=' . $user_id, true, $user->session_id) : '',
- 'U_USER_BAN' => ($auth->acl_get('m_ban') && $user_id != $user->data['user_id']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=ban&mode=user&u=' . $user_id, true, $user->session_id) : '',
- 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
+ 'U_USER_BAN' => ($auth->acl_get('m_ban') && $user_id != $user->data['user_id']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=ban&mode=user&u=' . $user_id) : '',
+ 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx") : '',
'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_id}&hash=" . generate_link_hash('switchperm')) : '',
'U_EDIT_SELF' => ($user_id == $user->data['user_id'] && $auth->acl_get('u_chgprofileinfo')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=ucp_profile&mode=profile_info') : '',
diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php
index 3262e6bbc4..e163894b4d 100644
--- a/phpBB/phpbb/controller/helper.php
+++ b/phpBB/phpbb/controller/helper.php
@@ -307,7 +307,7 @@ class helper
'TRANSLATION_INFO' => $this->language->is_set('TRANSLATION_INFO') ? $this->language->lang('TRANSLATION_INFO') : '',
'CREDIT_LINE' => $this->language->lang('POWERED_BY', 'phpBB® Forum Software © phpBB Limited'),
- 'U_ACP' => ($this->auth->acl_get('a_') && !empty($this->user->data['is_registered'])) ? append_sid("{$this->admin_path}index.{$this->php_ext}", false, true, $this->user->session_id) : '',
+ 'U_ACP' => ($this->auth->acl_get('a_') && !empty($this->user->data['is_registered'])) ? append_sid("{$this->admin_path}index.{$this->php_ext}") : '',
]);
if ($run_cron)
diff --git a/phpBB/phpbb/di/extension/container_configuration.php b/phpBB/phpbb/di/extension/container_configuration.php
index 697f083a4e..b3a726ad2a 100644
--- a/phpBB/phpbb/di/extension/container_configuration.php
+++ b/phpBB/phpbb/di/extension/container_configuration.php
@@ -62,6 +62,7 @@ class container_configuration implements ConfigurationInterface
->arrayNode('session')
->addDefaultsIfNotSet()
->children()
+ ->booleanNode('force_sid')->defaultValue(false)->end()
->booleanNode('log_errors')->defaultValue(false)->end()
->end()
->end()
diff --git a/phpBB/phpbb/log/log.php b/phpBB/phpbb/log/log.php
index 6142246477..988fa6f705 100644
--- a/phpBB/phpbb/log/log.php
+++ b/phpBB/phpbb/log/log.php
@@ -748,7 +748,7 @@ class log implements \phpbb\log\log_interface
{
$log[$key]['viewtopic'] = (isset($topic_auth['f_read'][$row['topic_id']])) ? append_sid("{$this->phpbb_root_path}viewtopic.{$this->php_ext}", 'f=' . $topic_auth['f_read'][$row['topic_id']] . '&t=' . $row['topic_id']) : false;
$log[$key]['viewpost'] = (isset($topic_auth['f_read'][$row['topic_id']]) && $row['post_id']) ? append_sid("{$this->phpbb_root_path}viewtopic.{$this->php_ext}", 'f=' . $topic_auth['f_read'][$row['topic_id']] . '&t=' . $row['topic_id'] . '&p=' . $row['post_id'] . '#p' . $row['post_id']) : false;
- $log[$key]['viewlogs'] = (isset($topic_auth['m_'][$row['topic_id']])) ? append_sid("{$this->phpbb_root_path}mcp.{$this->php_ext}", 'i=logs&mode=topic_logs&t=' . $row['topic_id'], true, $this->user->session_id) : false;
+ $log[$key]['viewlogs'] = (isset($topic_auth['m_'][$row['topic_id']])) ? append_sid("{$this->phpbb_root_path}mcp.{$this->php_ext}", 'i=logs&mode=topic_logs&t=' . $row['topic_id']) : false;
}
}
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index e3dcd3a37f..400970242d 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -272,8 +272,8 @@ class session
$this->cookie_data['k'] = $request->variable($config['cookie_name'] . '_k', '', false, \phpbb\request\request_interface::COOKIE);
$this->session_id = $request->variable($config['cookie_name'] . '_sid', '', false, \phpbb\request\request_interface::COOKIE);
- $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
- $_SID = (defined('NEED_SID')) ? $this->session_id : '';
+ $SID = '?sid=';
+ $_SID = '';
if (empty($this->session_id))
{
@@ -343,14 +343,6 @@ class session
}
}
- // if no session id is set, redirect to index.php
- $session_id = $request->variable('sid', '');
- if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id))
- {
- send_status_line(401, 'Unauthorized');
- redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
- }
-
// if session id is set
if (!empty($this->session_id))
{
@@ -791,8 +783,11 @@ class session
}
// refresh data
- $SID = '?sid=' . $this->session_id;
- $_SID = $this->session_id;
+ if ($phpbb_container->getParameter('session.force_sid'))
+ {
+ $SID = '?sid=' . $this->session_id;
+ $_SID = $this->session_id;
+ }
$this->data = array_merge($this->data, $sql_ary);
if (!$bot)
@@ -833,8 +828,11 @@ class session
WHERE user_id = ' . (int) $this->data['user_id'];
$db->sql_query($sql);
- $SID = '?sid=';
- $_SID = '';
+ if ($phpbb_container->getParameter('session.force_sid'))
+ {
+ $SID = '?sid=';
+ $_SID = '';
+ }
}
$session_data = $sql_ary;
diff --git a/phpBB/search.php b/phpBB/search.php
index 8decc78bb5..c3c2629da5 100644
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -1099,8 +1099,8 @@ if ($keywords || $author || $author_id || $search_id || $submit)
$topic_unapproved = (($row['topic_visibility'] == ITEM_UNAPPROVED || $row['topic_visibility'] == ITEM_REAPPROVE) && $auth->acl_get('m_approve', $forum_id)) ? true : false;
$posts_unapproved = ($row['topic_visibility'] == ITEM_APPROVED && $row['topic_posts_unapproved'] && $auth->acl_get('m_approve', $forum_id)) ? true : false;
$topic_deleted = $row['topic_visibility'] == ITEM_DELETED;
- $u_mcp_queue = ($topic_unapproved || $posts_unapproved) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=' . (($topic_unapproved) ? 'approve_details' : 'unapproved_posts') . "&t=$result_topic_id", true, $user->session_id) : '';
- $u_mcp_queue = (!$u_mcp_queue && $topic_deleted) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&mode=deleted_topics&t=$result_topic_id", true, $user->session_id) : $u_mcp_queue;
+ $u_mcp_queue = ($topic_unapproved || $posts_unapproved) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=' . (($topic_unapproved) ? 'approve_details' : 'unapproved_posts') . "&t=$result_topic_id") : '';
+ $u_mcp_queue = (!$u_mcp_queue && $topic_deleted) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&mode=deleted_topics&t=$result_topic_id") : $u_mcp_queue;
$row['topic_title'] = preg_replace('#(?!<.*)(?]*(?:)#isu', '$1', $row['topic_title']);
@@ -1150,7 +1150,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
'U_LAST_POST_AUTHOR' => get_username_string('profile', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']),
'U_TOPIC_AUTHOR' => get_username_string('profile', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),
'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&view=unread') . '#unread',
- 'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=reports&t=' . $result_topic_id, true, $user->session_id),
+ 'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=reports&t=' . $result_topic_id),
'U_MCP_QUEUE' => $u_mcp_queue,
);
}
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index 949ddba163..f799fea00b 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -428,7 +428,7 @@ $template->assign_vars(array(
'S_IS_LOCKED' => ($forum_data['forum_status'] == ITEM_LOCKED) ? true : false,
'S_VIEWFORUM' => true,
- 'U_MCP' => ($auth->acl_get('m_', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "f=$forum_id&i=main&mode=forum_view", true, $user->session_id) : '',
+ 'U_MCP' => ($auth->acl_get('m_', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "f=$forum_id&i=main&mode=forum_view") : '',
'U_POST_NEW_TOPIC' => ($auth->acl_get('f_post', $forum_id) || $user->data['user_id'] == ANONYMOUS) ? append_sid("{$phpbb_root_path}posting.$phpEx", 'mode=post&f=' . $forum_id) : '',
'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id" . ((strlen($u_sort_param)) ? "&$u_sort_param" : '') . (($start == 0) ? '' : "&start=$start")),
'U_CANONICAL' => generate_board_url() . '/' . append_sid("viewforum.$phpEx", "f=$forum_id" . (($start) ? "&start=$start" : ''), true, ''),
@@ -947,8 +947,8 @@ if (count($topic_list))
$posts_unapproved = ($row['topic_visibility'] == ITEM_APPROVED && $row['topic_posts_unapproved'] && $auth->acl_get('m_approve', $row['forum_id']));
$topic_deleted = $row['topic_visibility'] == ITEM_DELETED;
- $u_mcp_queue = ($topic_unapproved || $posts_unapproved) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=' . (($topic_unapproved) ? 'approve_details' : 'unapproved_posts') . "&t=$topic_id", true, $user->session_id) : '';
- $u_mcp_queue = (!$u_mcp_queue && $topic_deleted) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=deleted_topics&t=' . $topic_id, true, $user->session_id) : $u_mcp_queue;
+ $u_mcp_queue = ($topic_unapproved || $posts_unapproved) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=' . (($topic_unapproved) ? 'approve_details' : 'unapproved_posts') . "&t=$topic_id") : '';
+ $u_mcp_queue = (!$u_mcp_queue && $topic_deleted) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=deleted_topics&t=' . $topic_id) : $u_mcp_queue;
// Send vars to template
$topic_row = array(
@@ -1005,7 +1005,7 @@ if (count($topic_list))
'U_TOPIC_AUTHOR' => get_username_string('profile', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),
'U_VIEW_TOPIC' => $view_topic_url,
'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
- 'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=reports&f=' . $row['forum_id'] . '&t=' . $topic_id, true, $user->session_id),
+ 'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=reports&f=' . $row['forum_id'] . '&t=' . $topic_id),
'U_MCP_QUEUE' => $u_mcp_queue,
'S_TOPIC_TYPE_SWITCH' => ($s_type_switch == $s_type_switch_test) ? -1 : $s_type_switch_test,
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 27210be068..3bb07da9df 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -645,9 +645,7 @@ $s_quickmod_action = append_sid(
'start' => $start,
'quickmod' => 1,
'redirect' => urlencode(str_replace('&', '&', $viewtopic_url)),
- ),
- true,
- $user->session_id
+ )
);
$quickmod_array = array(
@@ -791,7 +789,7 @@ $template->assign_vars(array(
'TOPIC_AUTHOR' => get_username_string('username', $topic_data['topic_poster'], $topic_data['topic_first_poster_name'], $topic_data['topic_first_poster_colour']),
'TOTAL_POSTS' => $user->lang('VIEW_TOPIC_POSTS', (int) $total_posts),
- 'U_MCP' => ($auth->acl_get('m_', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&mode=topic_view&f=$forum_id&t=$topic_id" . (($start == 0) ? '' : "&start=$start") . ((strlen($u_sort_param)) ? "&$u_sort_param" : ''), true, $user->session_id) : '',
+ 'U_MCP' => ($auth->acl_get('m_', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&mode=topic_view&f=$forum_id&t=$topic_id" . (($start == 0) ? '' : "&start=$start") . ((strlen($u_sort_param)) ? "&$u_sort_param" : '')) : '',
'MODERATORS' => (isset($forum_moderators[$forum_id]) && count($forum_moderators[$forum_id])) ? implode($user->lang['COMMA_SEPARATOR'], $forum_moderators[$forum_id]) : '',
'POST_IMG' => ($topic_data['forum_status'] == ITEM_LOCKED) ? $user->img('button_topic_locked', 'FORUM_LOCKED') : $user->img('button_topic_new', 'POST_NEW_TOPIC'),
@@ -2065,7 +2063,7 @@ for ($i = 0, $end = count($post_list); $i < $end; ++$i)
'U_EDIT' => ($edit_allowed) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f=$forum_id&p={$row['post_id']}") : '',
'U_QUOTE' => ($quote_allowed) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=quote&f=$forum_id&p={$row['post_id']}") : '',
- 'U_INFO' => ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&mode=post_details&f=$forum_id&p=" . $row['post_id'], true, $user->session_id) : '',
+ 'U_INFO' => ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&mode=post_details&f=$forum_id&p=" . $row['post_id']) : '',
'U_DELETE' => ($delete_allowed) ? append_sid("{$phpbb_root_path}posting.$phpEx", 'mode=' . (($softdelete_allowed) ? 'soft_delete' : 'delete') . "&f=$forum_id&p={$row['post_id']}") : '',
'U_SEARCH' => $user_cache[$poster_id]['search'],
@@ -2075,14 +2073,14 @@ for ($i = 0, $end = count($post_list); $i < $end; ++$i)
'U_APPROVE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p={$row['post_id']}&f=$forum_id&redirect=" . urlencode(str_replace('&', '&', $viewtopic_url . '&p=' . $row['post_id'] . '#p' . $row['post_id']))),
'U_REPORT' => ($auth->acl_get('f_report', $forum_id)) ? $phpbb_container->get('controller.helper')->route('phpbb_report_post_controller', array('id' => $row['post_id'])) : '',
- 'U_MCP_REPORT' => ($auth->acl_get('m_report', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $forum_id . '&p=' . $row['post_id'], true, $user->session_id) : '',
- 'U_MCP_APPROVE' => ($auth->acl_get('m_approve', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $forum_id . '&p=' . $row['post_id'], true, $user->session_id) : '',
- 'U_MCP_RESTORE' => ($auth->acl_get('m_approve', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=' . (($topic_data['topic_visibility'] != ITEM_DELETED) ? 'deleted_posts' : 'deleted_topics') . '&f=' . $forum_id . '&p=' . $row['post_id'], true, $user->session_id) : '',
+ 'U_MCP_REPORT' => ($auth->acl_get('m_report', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $forum_id . '&p=' . $row['post_id']) : '',
+ 'U_MCP_APPROVE' => ($auth->acl_get('m_approve', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $forum_id . '&p=' . $row['post_id']) : '',
+ 'U_MCP_RESTORE' => ($auth->acl_get('m_approve', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=' . (($topic_data['topic_visibility'] != ITEM_DELETED) ? 'deleted_posts' : 'deleted_topics') . '&f=' . $forum_id . '&p=' . $row['post_id']) : '',
'U_MINI_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'],
'U_NEXT_POST_ID' => ($i < $i_total && isset($rowset[$post_list[$i + 1]])) ? $rowset[$post_list[$i + 1]]['post_id'] : '',
'U_PREV_POST_ID' => $prev_post_id,
- 'U_NOTES' => ($auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $poster_id, true, $user->session_id) : '',
- 'U_WARN' => ($auth->acl_get('m_warn') && $poster_id != $user->data['user_id'] && $poster_id != ANONYMOUS) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_post&f=' . $forum_id . '&p=' . $row['post_id'], true, $user->session_id) : '',
+ 'U_NOTES' => ($auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $poster_id) : '',
+ 'U_WARN' => ($auth->acl_get('m_warn') && $poster_id != $user->data['user_id'] && $poster_id != ANONYMOUS) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_post&f=' . $forum_id . '&p=' . $row['post_id']) : '',
'POST_ID' => $row['post_id'],
'POST_NUMBER' => $i + $start + 1,
diff --git a/tests/functional/extension_controller_test.php b/tests/functional/extension_controller_test.php
index d99a622093..7db05a9e3d 100644
--- a/tests/functional/extension_controller_test.php
+++ b/tests/functional/extension_controller_test.php
@@ -184,7 +184,6 @@ class phpbb_functional_extension_controller_test extends phpbb_functional_test_c
$row_num = str_replace('redirect_expected_', '', $redirect);
$redirect = $crawler->filter('#redirect_' . $row_num)->text();
- $redirect = substr($redirect, 0, strpos($redirect, 'sid') - 1);
$this->assertEquals($crawler->filter('#redirect_expected_' . $row_num)->text(), $redirect);
}
diff --git a/tests/functional/mcp_test.php b/tests/functional/mcp_test.php
index 87a98dae74..a9ba2f3a83 100644
--- a/tests/functional/mcp_test.php
+++ b/tests/functional/mcp_test.php
@@ -34,6 +34,8 @@ class phpbb_functional_mcp_test extends phpbb_functional_test_case
*/
public function test_handle_quickmod($crawler)
{
+ $this->login();
+
// Test moving a post
return $this->get_quickmod_page(0, 'MERGE_POSTS', $crawler);
}
@@ -43,6 +45,8 @@ class phpbb_functional_mcp_test extends phpbb_functional_test_case
*/
public function test_move_post_to_topic($crawler)
{
+ $this->login();
+
// Select the post in MCP
$form = $crawler->selectButton($this->lang('SUBMIT'))->form(array(
'to_topic_id' => 1,
diff --git a/tests/functions/build_url_test.php b/tests/functions/build_url_test.php
index bc775d87ec..db9ce2964a 100644
--- a/tests/functions/build_url_test.php
+++ b/tests/functions/build_url_test.php
@@ -39,12 +39,12 @@ class phpbb_build_url_test extends phpbb_test_case
array(
'index.php',
false,
- 'phpBB/index.php?',
+ 'phpBB/index.php',
),
array(
'index.php',
't',
- 'phpBB/index.php?',
+ 'phpBB/index.php',
),
array(
'viewtopic.php?t=5&f=4',
@@ -59,12 +59,12 @@ class phpbb_build_url_test extends phpbb_test_case
array(
'viewtopic.php?f=2&style=1&t=6',
array('f', 'style', 't'),
- 'phpBB/viewtopic.php?',
+ 'phpBB/viewtopic.php',
),
array(
'http://test.phpbb.com/viewtopic.php?f=2&style=1&t=6',
array('f', 'style', 't'),
- 'http://test.phpbb.com/viewtopic.php?',
+ 'http://test.phpbb.com/viewtopic.php',
),
array(
'posting.php?f=2&mode=delete&p=20%22%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E',
diff --git a/tests/mock/container_builder.php b/tests/mock/container_builder.php
index 22241528d3..5b73256fdd 100644
--- a/tests/mock/container_builder.php
+++ b/tests/mock/container_builder.php
@@ -22,6 +22,7 @@ class phpbb_mock_container_builder implements ContainerInterface
{
$this->setParameter('debug.load_time', false);
$this->setParameter('session.log_errors', false);
+ $this->setParameter('session.force_sid', true);
}
/**
diff --git a/tests/test_framework/phpbb_functional_test_case.php b/tests/test_framework/phpbb_functional_test_case.php
index 467eb72eba..600fbe60be 100644
--- a/tests/test_framework/phpbb_functional_test_case.php
+++ b/tests/test_framework/phpbb_functional_test_case.php
@@ -1396,7 +1396,7 @@ class phpbb_functional_test_case extends phpbb_test_case
}
$link = $crawler->filter('#quickmod')->selectLink($this->lang($action))->link()->getUri();
- return self::request('GET', substr($link, strpos($link, 'mcp.')));
+ return self::request('GET', substr($link, strpos($link, 'mcp.')) . "&sid={$this->sid}");
}
/**