diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php
index cdd950ec4d..eeb7ad0dea 100644
--- a/phpBB/admin/admin_users.php
+++ b/phpBB/admin/admin_users.php
@@ -947,7 +947,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$avatar = '
';
break;
case USER_AVATAR_REMOTE:
- $avatar = '
';
+ $avatar = (isset($HTTP_GET_VARS['p_sid'])) ? $lang['Priv_Img'] . " $user_avatar" : '';
break;
case USER_AVATAR_GALLERY:
$avatar = '
';
@@ -1143,8 +1143,9 @@ else
'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"),
- 'S_USER_ACTION' => append_sid("admin_users.$phpEx"),
- 'S_USER_SELECT' => $select_list)
+ 'S_USER_ACTION' => "admin_users.$phpEx?sid=" . $userdata['session_id'],
+ 'S_USER_SELECT' => $select_list,
+ 'S_HIDDEN_FIELDS' => '')
);
$template->pparse('body');
diff --git a/phpBB/admin/pagestart.php b/phpBB/admin/pagestart.php
index 2db4ad903d..e674f0c2c3 100644
--- a/phpBB/admin/pagestart.php
+++ b/phpBB/admin/pagestart.php
@@ -52,6 +52,13 @@ if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
redirect("index.$phpEx?sid=" . $userdata['session_id']);
}
+$p_sid = (isset($HTTP_GET_VARS['p_sid'])) ? $HTTP_GET_VARS['p_sid'] : ((isset($HTTP_POST_VARS['p_sid'])) ? $HTTP_POST_VARS['p_sid'] : '');
+
+if ($p_sid !== $userdata['priv_session_id'])
+{
+ redirect("index.$phpEx?sid=" . $userdata['session_id']);
+}
+
if (!$userdata['session_admin'])
{
redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));
diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php
index 6971cd5af3..d33233fc69 100644
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -92,7 +92,7 @@ function prepare_bbcode_template($bbcode_tpl)
$bbcode_tpl['code_open'] = str_replace('{L_CODE}', $lang['Code'], $bbcode_tpl['code_open']);
- $bbcode_tpl['img'] = str_replace('{URL}', '\\1', $bbcode_tpl['img']);
+ $bbcode_tpl['img'] = str_replace('{URL}', '\\1', get_image_tag_replacement($bbcode_tpl));
// We do URLs in several different ways..
$bbcode_tpl['url1'] = str_replace('{URL}', '\\1', $bbcode_tpl['url']);
@@ -115,6 +115,31 @@ function prepare_bbcode_template($bbcode_tpl)
}
+/**
+* Disables the img tag for privileged pages. It also implements a compability hack for old templates.
+*/
+function get_image_tag_replacement($bbcode_tpl)
+{
+ global $lang, $HTTP_POST_VARS, $HTTP_GET_VARS;
+ $bb_tmpl = '';
+ if (isset($HTTP_POST_VARS['p_sid']))
+ {
+ if (isset($bbcode_tpl['p_img']))
+ {
+ $bb_tmpl = str_replace('{L_PRIV_IMG}', $lang['Priv_Img'], $bbcode_tpl['p_img']);
+ }
+ else
+ {
+ $bb_tmpl = $lang['Priv_Img'] . ': {URL}';
+ }
+ }
+ else
+ {
+ $bb_tmpl = $bbcode_tpl['img'];
+ }
+ return $bb_tmpl;
+}
+
/**
* Does second-pass bbencoding. This should be used before displaying the message in
* a thread. Assumes the message is already first-pass encoded, and we are given the
diff --git a/phpBB/includes/page_tail.php b/phpBB/includes/page_tail.php
index 2386034cda..f33e9f08d9 100644
--- a/phpBB/includes/page_tail.php
+++ b/phpBB/includes/page_tail.php
@@ -30,7 +30,7 @@ global $do_gzip_compress;
//
// Show the overall footer.
//
-$admin_link = ( $userdata['user_level'] == ADMIN ) ? '' . $lang['Admin_panel'] . '
' : '';
+ $admin_link = ( $userdata['user_level'] == ADMIN ) ? '' . $lang['Admin_panel'] . '
' : '';
$template->set_filenames(array(
'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl')
diff --git a/phpBB/includes/sessions.php b/phpBB/includes/sessions.php
index f2557b8741..8953fb3316 100644
--- a/phpBB/includes/sessions.php
+++ b/phpBB/includes/sessions.php
@@ -178,10 +178,11 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
$session_id = md5(dss_rand());
+ $priv_session_id = md5(dss_rand());
$sql = "INSERT INTO " . SESSIONS_TABLE . "
- (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
- VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)";
+ (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin, priv_session_id)
+ VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin, '$priv_session_id')";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
@@ -242,6 +243,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
}
$userdata['session_id'] = $session_id;
+ $userdata['priv_session_id'] = $priv_session_id;
$userdata['session_ip'] = $user_ip;
$userdata['session_user_id'] = $user_id;
$userdata['session_logged_in'] = $login;
@@ -266,7 +268,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
function session_pagestart($user_ip, $thispage_id)
{
global $db, $lang, $board_config;
- global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
+ global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID, $P_SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
@@ -333,7 +335,7 @@ function session_pagestart($user_ip, $thispage_id)
if ($ip_check_s == $ip_check_u)
{
$SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '';
-
+ $P_SID = (defined('IN_ADMIN')) ? 'p_sid=' . $userdata['priv_session_id'] : '';
//
// Only update session DB a minute or so after last update
//
@@ -565,12 +567,16 @@ function session_reset_keys($user_id, $user_ip)
//
function append_sid($url, $non_html_amp = false)
{
- global $SID;
+ global $SID, $P_SID;
if ( !empty($SID) && !preg_match('#sid=#', $url) )
{
$url .= ( ( strpos($url, '?') !== false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID;
}
+ if ( !empty($P_SID) && !preg_match('#p_sid=#', $url) )
+ {
+ $url .= ( ( strpos($url, '?') !== false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $P_SID;
+ }
return $url;
}
diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql
index 74018873db..7a49f1134f 100644
--- a/phpBB/install/schemas/mssql_schema.sql
+++ b/phpBB/install/schemas/mssql_schema.sql
@@ -193,6 +193,7 @@ CREATE TABLE [phpbb_sessions] (
[session_page] [int] NULL ,
[session_logged_in] [smallint] NULL,
[session_admin] [smallint] NULL
+ [priv_session_id] [char] (32) NOT NULL ,
) ON [PRIMARY]
GO
diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql
index 3a31b1b291..f1bcc2de06 100644
--- a/phpBB/install/schemas/mysql_schema.sql
+++ b/phpBB/install/schemas/mysql_schema.sql
@@ -307,6 +307,7 @@ CREATE TABLE phpbb_sessions (
session_page int(11) DEFAULT '0' NOT NULL,
session_logged_in tinyint(1) DEFAULT '0' NOT NULL,
session_admin tinyint(2) DEFAULT '0' NOT NULL,
+ priv_session_id char(32) DEFAULT '' NOT NULL,
PRIMARY KEY (session_id),
KEY session_user_id (session_user_id),
KEY session_id_ip_user_id (session_id, session_ip, session_user_id)
diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql
index f14c7503af..e019f5ae9e 100644
--- a/phpBB/install/schemas/postgres_schema.sql
+++ b/phpBB/install/schemas/postgres_schema.sql
@@ -291,6 +291,7 @@ CREATE TABLE phpbb_sessions (
session_page int4 DEFAULT '0' NOT NULL,
session_logged_in int2 DEFAULT '0' NOT NULL,
session_admin int2 DEFAULT '0' NOT NULL,
+ priv_session_id char(32) DEFAULT '0' NOT NULL,
CONSTRAINT phpbb_session_pkey PRIMARY KEY (session_id)
);
CREATE INDEX session_user_id_phpbb_sessions_index ON phpbb_sessions (session_user_id);
diff --git a/phpBB/install/update_to_latest.php b/phpBB/install/update_to_latest.php
index 19d03503c0..e9482ea555 100644
--- a/phpBB/install/update_to_latest.php
+++ b/phpBB/install/update_to_latest.php
@@ -671,6 +671,36 @@ switch ($row['config_value'])
}
break;
+
+ case '.0.23':
+
+ switch (SQL_LAYER)
+ {
+ case 'mysql':
+ case 'mysql4':
+ $sql[] = "ALTER TABLE " . SESSIONS_TABLE . "
+ ADD COLUMN priv_session_id char(32) DEFAULT '' NOT NULL";
+ break;
+
+ case 'postgresql':
+ $sql[] = "ALTER TABLE " . SESSIONS_TABLE . "
+ ADD COLUMN priv_session_id char(32)";
+ $sql[] = "ALTER TABLE " . SESSIONS_TABLE . "
+ ALTER COLUMN priv_session_id SET DEFAULT ''";
+ break;
+
+ case 'mssql-odbc':
+ case 'mssql':
+ $sql[] = "ALTER TABLE " . SESSIONS_TABLE . " ADD
+ priv_session_id char (32) NOT NULL";
+ break;
+
+ case 'msaccess':
+ $sql[] = "ALTER TABLE " . SESSIONS_TABLE . " ADD
+ priv_session_id char (32) NOT NULL";
+ break;
+ }
+
}
echo "Updating database schema
\n";
diff --git a/phpBB/language/lang_english/lang_main.php b/phpBB/language/lang_english/lang_main.php
index 5c9b972f01..ab847fa75f 100644
--- a/phpBB/language/lang_english/lang_main.php
+++ b/phpBB/language/lang_english/lang_main.php
@@ -283,6 +283,7 @@ $lang['Delete_post'] = 'Delete this post';
$lang['wrote'] = 'wrote'; // proceeds the username and is followed by the quoted text
$lang['Quote'] = 'Quote'; // comes before bbcode quote output.
$lang['Code'] = 'Code'; // comes before bbcode code output.
+$lang['Priv_Img'] = 'Image display disabled'; // Explanation for missing images in the ModCP.
$lang['Edited_time_total'] = 'Last edited by %s on %s; edited %d time in total'; // Last edited by me on 12 Oct 2001; edited 1 time in total
$lang['Edited_times_total'] = 'Last edited by %s on %s; edited %d times in total'; // Last edited by me on 12 Oct 2001; edited 2 times in total
diff --git a/phpBB/modcp.php b/phpBB/modcp.php
index 699a636f32..24faa0860e 100644
--- a/phpBB/modcp.php
+++ b/phpBB/modcp.php
@@ -116,6 +116,15 @@ else
{
$sid = '';
}
+// privileged session id check
+if (!empty($HTTP_POST_VARS['p_sid']) || !empty($HTTP_GET_VARS['p_sid']))
+{
+ $p_sid = (!empty($HTTP_POST_VARS['p_sid'])) ? $HTTP_POST_VARS['p_sid'] : $HTTP_GET_VARS['p_sid'];
+}
+else
+{
+ $p_sid = '';
+}
//
// Obtain relevant data
@@ -175,7 +184,7 @@ init_userprefs($userdata);
//
// session id check
-if ($sid == '' || $sid != $userdata['session_id'])
+if ($p_sid === '' || $p_sid !== $userdata['priv_session_id'])
{
message_die(GENERAL_ERROR, 'Invalid_session');
}
@@ -398,12 +407,12 @@ switch( $mode )
if ( !empty($topic_id) )
{
- $redirect_page = "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'];
+ $redirect_page = append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id");
$l_redirect = sprintf($lang['Click_return_forum'], '', '');
}
else
{
- $redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'];
+ $redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&p_sid=" . $userdata['priv_session_id']);
$l_redirect = sprintf($lang['Click_return_modcp'], '', '');
}
@@ -421,7 +430,7 @@ switch( $mode )
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
- $hidden_fields = '';
+ $hidden_fields = '';
if ( isset($HTTP_POST_VARS['topic_id_list']) )
{
@@ -557,16 +566,16 @@ switch( $mode )
if ( !empty($topic_id) )
{
- $redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'];
+ $redirect_page = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id");
$message .= sprintf($lang['Click_return_topic'], '', '');
}
else
{
- $redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'];
+ $redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&p_sid=" . $userdata['priv_session_id']);
$message .= sprintf($lang['Click_return_modcp'], '', '');
}
- $message = $message . '
' . sprintf($lang['Click_return_forum'], '', '');
+ $message = $message . '
' . sprintf($lang['Click_return_forum'], '', '');
$template->assign_vars(array(
'META' => '')
@@ -581,7 +590,7 @@ switch( $mode )
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
- $hidden_fields = '';
+ $hidden_fields = '';
if ( isset($HTTP_POST_VARS['topic_id_list']) )
{
@@ -650,16 +659,16 @@ switch( $mode )
if ( !empty($topic_id) )
{
- $redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'];
+ $redirect_page = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id");
$message = sprintf($lang['Click_return_topic'], '', '');
}
else
{
- $redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'];
+ $redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&p_sid=" . $userdata['priv_session_id']);
$message = sprintf($lang['Click_return_modcp'], '', '');
}
- $message = $message . '
' . sprintf($lang['Click_return_forum'], '', '');
+ $message = $message . '
' . sprintf($lang['Click_return_forum'], '', '');
$template->assign_vars(array(
'META' => '')
@@ -695,16 +704,16 @@ switch( $mode )
if ( !empty($topic_id) )
{
- $redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'];
+ $redirect_page = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id");
$message = sprintf($lang['Click_return_topic'], '', '');
}
else
{
- $redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'];
+ $redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&p_sid=" . $userdata['priv_session_id']);
$message = sprintf($lang['Click_return_modcp'], '', '');
}
- $message = $message . '
' . sprintf($lang['Click_return_forum'], '', '');
+ $message = $message . '
' . sprintf($lang['Click_return_forum'], '', '');
$template->assign_vars(array(
'META' => '')
@@ -1019,7 +1028,7 @@ switch( $mode )
'IP' => $ip_this_post,
- 'U_LOOKUP_IP' => "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=$post_id&" . POST_TOPIC_URL . "=$topic_id&rdns=$ip_this_post&sid=" . $userdata['session_id'])
+ 'U_LOOKUP_IP' => append_sid("modcp.$phpEx?mode=ip&" . POST_POST_URL . "=$post_id&" . POST_TOPIC_URL . "=$topic_id&rdns=$ip_this_post&p_sid=" . $userdata['priv_session_id']))
);
//
@@ -1060,7 +1069,7 @@ switch( $mode )
'IP' => $ip,
'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] ),
- 'U_LOOKUP_IP' => "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=$post_id&" . POST_TOPIC_URL . "=$topic_id&rdns=" . $row['poster_ip'] . "&sid=" . $userdata['session_id'])
+ 'U_LOOKUP_IP' => append_sid("modcp.$phpEx?mode=ip&" . POST_POST_URL . "=$post_id&" . POST_TOPIC_URL . "=$topic_id&rdns=" . $row['poster_ip'] . "&p_sid=" . $userdata['priv_session_id']))
);
$i++;
@@ -1100,7 +1109,7 @@ switch( $mode )
'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] ),
'L_SEARCH_POSTS' => sprintf($lang['Search_user_posts'], $username),
- 'U_PROFILE' => ($id == ANONYMOUS) ? "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $post_id . "&" . POST_TOPIC_URL . "=" . $topic_id . "&sid=" . $userdata['session_id'] : append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$id"),
+ 'U_PROFILE' => ($id == ANONYMOUS) ? append_sid("modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $post_id . "&" . POST_TOPIC_URL . "=" . $topic_id . "&p_sid=" . $userdata['priv_session_id']) : append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$id"),
'U_SEARCHPOSTS' => append_sid("search.$phpEx?search_author=" . (($id == ANONYMOUS) ? 'Anonymous' : urlencode($username)) . "&showresults=topics"))
);
@@ -1133,7 +1142,7 @@ switch( $mode )
'L_SELECT' => $lang['Select'],
'U_VIEW_FORUM' => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"),
- 'S_HIDDEN_FIELDS' => '',
+ 'S_HIDDEN_FIELDS' => '',
'S_MODCP_ACTION' => append_sid("modcp.$phpEx"))
);
@@ -1221,7 +1230,7 @@ switch( $mode )
$topic_title = preg_replace($orig_word, $replacement_word, $topic_title);
}
- $u_view_topic = "modcp.$phpEx?mode=split&" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'];
+ $u_view_topic = append_sid("modcp.$phpEx?mode=split&" . POST_TOPIC_URL . "=$topic_id&p_sid=" . $userdata['priv_session_id']);
$topic_replies = $row['topic_replies'];
$last_post_time = create_date($board_config['default_dateformat'], $row['post_time'], $board_config['board_timezone']);
@@ -1241,7 +1250,7 @@ switch( $mode )
}
$template->assign_vars(array(
- 'PAGINATION' => generate_pagination("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'], $forum_topics, $board_config['topics_per_page'], $start),
+ 'PAGINATION' => generate_pagination("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&p_sid=" . $userdata['priv_session_id'], $forum_topics, $board_config['topics_per_page'], $start),
'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['topics_per_page'] ) + 1 ), ceil( $forum_topics / $board_config['topics_per_page'] )),
'L_GOTO_PAGE' => $lang['Goto_page'])
);
diff --git a/phpBB/templates/subSilver/bbcode.tpl b/phpBB/templates/subSilver/bbcode.tpl
index 6f86f55353..ab5f0a21e8 100755
--- a/phpBB/templates/subSilver/bbcode.tpl
+++ b/phpBB/templates/subSilver/bbcode.tpl
@@ -54,6 +54,7 @@
+{L_PRIV_IMG}:{URL}
{DESCRIPTION}
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index 92d4f7f545..dfb2542309 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -372,7 +372,7 @@ $s_auth_can .= ( ( $is_auth['auth_vote'] ) ? $lang['Rules_vote_can'] : $lang['Ru
if ( $is_auth['auth_mod'] )
{
- $s_auth_can .= sprintf($lang['Rules_moderate'], "', '');
+ $s_auth_can .= sprintf($lang['Rules_moderate'], '', '');
}
//
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 8a0c73521d..fee84e2d1c 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -590,15 +590,15 @@ $topic_mod = '';
if ( $is_auth['auth_mod'] )
{
- $s_auth_can .= sprintf($lang['Rules_moderate'], "', '');
+ $s_auth_can .= sprintf($lang['Rules_moderate'], '', '');
- $topic_mod .= "![' . $lang['Delete_topic'] . '](' . $images['topic_mod_delete'] . ' "' . $lang['Delete_topic'] . '")
';
+ $topic_mod .= ' ';
- $topic_mod .= "![' . $lang['Move_topic'] . '](' . $images['topic_mod_move'] . ' "' . $lang['Move_topic'] . '")
';
+ $topic_mod .= ' ';
- $topic_mod .= ( $forum_topic_data['topic_status'] == TOPIC_UNLOCKED ) ? "![' . $lang['Lock_topic'] . '](' . $images['topic_mod_lock'] . ' "' . $lang['Lock_topic'] . '")
' : "![' . $lang['Unlock_topic'] . '](' . $images['topic_mod_unlock'] . ' "' . $lang['Unlock_topic'] . '")
';
+ $topic_mod .= ( $forum_topic_data['topic_status'] == TOPIC_UNLOCKED ) ? ' ' : ' ';
- $topic_mod .= "![' . $lang['Split_topic'] . '](' . $images['topic_mod_split'] . ' "' . $lang['Split_topic'] . '")
';
+ $topic_mod .= ' ';
}
//
@@ -1008,13 +1008,13 @@ for($i = 0; $i < $total_posts; $i++)
if ( $is_auth['auth_mod'] )
{
- $temp_url = "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&" . POST_TOPIC_URL . "=" . $topic_id . "&sid=" . $userdata['session_id'];
+ $temp_url = "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&" . POST_TOPIC_URL . "=" . $topic_id . "&p_sid=" . $userdata['priv_session_id'];
$ip_img = '![' . $lang['View_IP'] . '](' . $images['icon_ip'] . ' "' . $lang['View_IP'] . '")
';
$ip = '' . $lang['View_IP'] . '';
- $temp_url = "posting.$phpEx?mode=delete&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&sid=" . $userdata['session_id'];
+ $temp_url = "posting.$phpEx?mode=delete&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&p_sid=" . $userdata['priv_session_id'];
$delpost_img = '![' . $lang['Delete_post'] . '](' . $images['icon_delpost'] . ' "' . $lang['Delete_post'] . '")
';
- $delpost = '' . $lang['Delete_post'] . '';
+ $delpost = '' . $lang['Delete_post'] . '';
}
else
{
@@ -1023,9 +1023,9 @@ for($i = 0; $i < $total_posts; $i++)
if ( $userdata['user_id'] == $poster_id && $is_auth['auth_delete'] && $forum_topic_data['topic_last_post_id'] == $postrow[$i]['post_id'] )
{
- $temp_url = "posting.$phpEx?mode=delete&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&sid=" . $userdata['session_id'];
+ $temp_url = "posting.$phpEx?mode=delete&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&p_sid=" . $userdata['priv_session_id'];
$delpost_img = '';
- $delpost = '' . $lang['Delete_post'] . '';
+ $delpost = '' . $lang['Delete_post'] . '';
}
else
{