More updates, append sid to admin browsing

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3101 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 14:18:52 +00:00 · 2002-11-26 11:42:12 +00:00 · 2002-11-26 11:42:12 +00:00 · b21463b2ab
commit b21463b2ab
parent d996f4e3f9
7 changed files with 34 additions and 16 deletions
--- a/phpBB/admin/admin_disallow.php
+++ b/phpBB/admin/admin_disallow.php
@ -41,8 +41,12 @@ if( isset($HTTP_POST_VARS['add_name']) )
 {
 	include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
-	$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user'];
+	$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']);
 	if ($disallowed_user == '')
 	{
 		message_die(MESSAGE, $lang['Fields_empty']);
 	}
 	if( !validate_username($disallowed_user) )
 	{
 		$message = $lang['Disallowed_already'];
--- a/phpBB/admin/pagestart.php
+++ b/phpBB/admin/pagestart.php
@ -26,7 +26,7 @@ if ( !defined('IN_PHPBB') )
 }
 define('IN_ADMIN', true);
-
+// Include files
 include($phpbb_root_path . 'common.'.$phpEx);
 //
@ -37,6 +37,7 @@ init_userprefs($userdata);
 //
 // End session management
 //
 if (!$userdata['session_logged_in'])
 {
 	$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
@ -48,6 +49,17 @@ else if( $userdata['user_level'] != ADMIN )
 	message_die(GENERAL_MESSAGE, $lang['Not_admin']);
 }
 if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
 {
 	$url = preg_replace('/sid=([^&]*)(&?)/i', '', $HTTP_SERVER_VARS['REQUEST_URI']);
 	$url = preg_replace('/\?$/', '', $url);
 	$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
 	$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
 	header($header_location . $url);
 	exit;
 }
 if (empty($no_page_header))
 {
 	// Not including the pageheader can be neccesarry if META tags are
--- a/phpBB/db/oracle.php
+++ b/phpBB/db/oracle.php
@ -296,7 +296,7 @@ class sql_db
 		{
 			$rows = @OCIFetchStatement($query_id, $results);
 			@OCIExecute($query_id, OCI_DEFAULT);
-			for($i = 0; $i <= $rows; $i++)
+			for($i = 0; $i < $rows; $i++)
 			{
 				@OCIFetchInto($query_id, $tmp_result, OCI_ASSOC+OCI_RETURN_NULLS);
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -91,7 +91,9 @@ h3 {font-size:12pt;color:blue}
 <li>Changed field size of timezone to decimal(5,2) where applicable</li>
 <li>Fixed missing sid append to URL when redirecting to newest reply</li>
 <li>Fixed missing slashes in private IP preg check</li>
-<li></li>
+<li>Fixed session not setting userdata['user_id'] to ANON as appropriate</li>
 <li>Added check for non-empty name in disallow admin</li>
 <li>Fixed validation of SSL website addresses in profile</li>
 <li></li>
 <li></li>
 </ul>
--- a/phpBB/includes/functions_validate.php
+++ b/phpBB/includes/functions_validate.php
@ -164,12 +164,12 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca
 	// contains at least one dot.
 	if ( $website != "" )
 	{
-		if ( !preg_match('#^http:\/\/#i', $website) )
+		if ( !preg_match('#^http[s]?:\/\/#i', $website) )
 		{
 			$website = 'http://' . $website;
 		}
-		if ( !preg_match('#^http\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) )
+		if ( !preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) )
 		{
 			$website = '';
 		}
--- a/phpBB/includes/page_tail.php
+++ b/phpBB/includes/page_tail.php
@ -28,7 +28,7 @@ if ( !defined('IN_PHPBB') )
 //
 // Show the overall footer.
 //
-$admin_link = ( $userdata['user_level'] == ADMIN ) ? '<a href="' . append_sid("admin/index.$phpEx") . '">' . $lang['Admin_panel'] . '</a><br /><br />' : '';
+$admin_link = ( $userdata['user_level'] == ADMIN ) ? '<a href="admin/index.' . $phpEx . '?sid=' . $userdata['session_id'] . '">' . $lang['Admin_panel'] . '</a><br /><br />' : '';
 $template->set_filenames(array(
 	'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl')
--- a/phpBB/includes/sessions.php
+++ b/phpBB/includes/sessions.php
@ -84,7 +84,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
 					// No match; don't login, set as anonymous user
 					$login = 0; 
 					$enable_autologin = 0; 
-					$user_id = ANONYMOUS;
+					$user_id = $userdata['user_id'] = ANONYMOUS;
 				}
 			}
 			else
@ -92,7 +92,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
 				// Autologin is not set. Don't login, set as anonymous user
 				$login = 0;
 				$enable_autologin = 0;
-				$user_id = ANONYMOUS;
+				$user_id = $userdata['user_id'] = ANONYMOUS;
 			}
 		}
 		else
@ -182,7 +182,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
 	setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
 	setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
-	$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
+	$SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '';
 	return $userdata;
 }
@ -252,7 +252,7 @@ function session_pagestart($user_ip, $thispage_id)
 			if ($ip_check_s == $ip_check_u)
 			{
-				$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
+				$SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '';
 				//
 				// Only update session DB a minute or so after last update