diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php index b2a1da8d30..1fec768cbc 100644 --- a/phpBB/admin/admin_users.php +++ b/phpBB/admin/admin_users.php @@ -65,8 +65,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | { $user_id = intval( $HTTP_POST_VARS['id'] ); - $this_userdata = get_userdata($user_id); - if( !$this_userdata ) + if (!($this_userdata = get_userdata($user_id))) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } @@ -179,26 +178,14 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " - WHERE ( ( privmsgs_from_userid = $user_id - AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " ) - OR ( privmsgs_from_userid = $user_id - AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " ) - OR ( privmsgs_to_userid = $user_id - AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " ) - OR ( privmsgs_to_userid = $user_id - AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) - OR ( privmsgs_from_userid = $user_id - AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )"; + WHERE privmsgs_from_userid = $user_id + OR privmsgs_to_userid = $user_id"; if ( !($result = $db->sql_query($sql)) ) { - message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql); + message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql); } - - // + // This little bit of code directly from the private messaging section. - // Thanks Paul! - // - while ( $row_privmsgs = $db->sql_fetchrow($result) ) { $mark_list[] = $row_privmsgs['privmsgs_id']; @@ -208,22 +195,11 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | { $delete_sql_id = implode(', ', $mark_list); - // - // We shouldn't need to worry about updating conters here... - // They are already gone! - // - $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . " WHERE privmsgs_text_id IN ($delete_sql_id)"; $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_id IN ($delete_sql_id)"; - // - // Shouldn't need the switch statement here, either, as we just want - // to take out all of the private messages. This will not affect - // the other messages we want to keep; the ids are unique. - // - if ( !$db->sql_query($delete_sql) ) { message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql); @@ -234,22 +210,6 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql); } } - - $sql = "UPDATE " . PRIVMSGS_TABLE . " - SET privmsgs_to_userid = " . DELETED . " - WHERE privmsgs_to_userid = $user_id"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql); - } - - $sql = "UPDATE " . PRIVMSGS_TABLE . " - SET privmsgs_from_userid = " . DELETED . " - WHERE privmsgs_from_userid = $user_id"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql); - } $message = $lang['User_deleted'] . '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 83149ca9fc..393ff32aed 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -133,6 +133,9 @@ h3 {font-size:12pt;color:blue}
  • Fixed ability of users to edit polls even after they have received votes
  • Fixed header Location to be absolute URL as per HTTP 1.1 spec - noted by PhilippK
  • Added additional session_id checks to MCP, topic subscription, PM and similar items
    • +
  • Fixed colour select box in posting_body to reset to Default colour after selection
    • +
  • Altered PM icon to show new image until messages have been read
    • +
  • Fixed incomplete deletion of PMs when removing the associated user
  • diff --git a/phpBB/includes/page_header.php b/phpBB/includes/page_header.php index f8cc327c7e..e90783d9d5 100644 --- a/phpBB/includes/page_header.php +++ b/phpBB/includes/page_header.php @@ -75,7 +75,7 @@ if ( $userdata['session_logged_in'] ) } else { - $u_login_logout = 'login.'.$phpEx . '&sid=' . $userdata['session_id']; + $u_login_logout = 'login.'.$phpEx; $l_login_logout = $lang['Login']; } diff --git a/phpBB/privmsg.php b/phpBB/privmsg.php index 207ef02894..3eb831c28d 100644 --- a/phpBB/privmsg.php +++ b/phpBB/privmsg.php @@ -69,6 +69,16 @@ else $folder = 'inbox'; } +// session id check +if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid'])) +{ + $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid']; +} +else +{ + $sid = ''; +} + // // Start session management // @@ -644,6 +654,13 @@ else if ( ( $delete && $mark_list ) || $delete_all ) { redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true)); } + + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + message_die(ERROR, 'Invalid_session'); + } + if ( isset($mark_list) && !is_array($mark_list) ) { // Set to empty array instead of '0' if nothing is selected. @@ -652,7 +669,7 @@ else if ( ( $delete && $mark_list ) || $delete_all ) if ( !$confirm ) { - $s_hidden_fields = ''; + $s_hidden_fields = ''; $s_hidden_fields .= ( isset($HTTP_POST_VARS['delete']) ) ? '' : ''; for($i = 0; $i < count($mark_list); $i++) @@ -842,6 +859,12 @@ else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' ) redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true)); } + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + message_die(ERROR, 'Invalid_session'); + } + // // See if recipient is at their savebox limit // @@ -939,13 +962,12 @@ else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' ) } else if ( $submit || $refresh || $mode != '' ) { - if ( !$userdata['session_logged_in'] ) { $user_id = ( isset($HTTP_GET_VARS[POST_USERS_URL]) ) ? '&' . POST_USERS_URL . '=' . intval($HTTP_GET_VARS[POST_USERS_URL]) : ''; redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=$folder&mode=$mode" . $user_id, true)); } - + // // Toggles // @@ -1006,6 +1028,12 @@ else if ( $submit || $refresh || $mode != '' ) if ( $submit ) { + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + message_die(ERROR, 'Invalid_session'); + } + if ( !empty($HTTP_POST_VARS['username']) ) { $to_username = $HTTP_POST_VARS['username']; @@ -1444,7 +1472,7 @@ else if ( $submit || $refresh || $mode != '' ) $preview_message = make_clickable($preview_message); $preview_message = str_replace("\n", '
    ', $preview_message); - $s_hidden_fields = ''; + $s_hidden_fields = ''; $s_hidden_fields .= ''; if ( isset($privmsg_id) ) @@ -1566,7 +1594,7 @@ else if ( $submit || $refresh || $mode != '' ) $post_a = $lang['Edit_message']; } - $s_hidden_fields = ''; + $s_hidden_fields = ''; $s_hidden_fields .= ''; if ( $mode == 'edit' ) { diff --git a/phpBB/profile.php b/phpBB/profile.php index 42211d64d9..3d96605640 100644 --- a/phpBB/profile.php +++ b/phpBB/profile.php @@ -34,6 +34,16 @@ init_userprefs($userdata); // End session management // +// session id check +if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid'])) +{ + $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid']; +} +else +{ + $sid = ''; +} + // // Set default email variables // diff --git a/phpBB/templates/subSilver/posting_body.tpl b/phpBB/templates/subSilver/posting_body.tpl index 924ffcb16a..701aebda22 100644 --- a/phpBB/templates/subSilver/posting_body.tpl +++ b/phpBB/templates/subSilver/posting_body.tpl @@ -355,7 +355,7 @@ function storeCaret(textEl) {
     {L_FONT_COLOR}: -