From d07e152ea7e820c5a0e47aeb8004fa0b5621a314 Mon Sep 17 00:00:00 2001
From: Chris Smith <toonarmy@phpbb.com>
Date: Sat, 13 Mar 2010 01:54:04 +0000
Subject: [PATCH] [bug/58025] Search robots are now redirected if they send a
 SID in the request

Previously search robots could stumble upon a board link somewhere on the web
containing a SID they'd follow it and end up indexing that page with the SID
in the request URI, this fix prevents that by redirecting them to the same URI
just without the SID.
---
 phpBB/docs/CHANGELOG.html  | 1 +
 phpBB/includes/session.php | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 7b8d8f63f2..7df49bd81b 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -103,6 +103,7 @@
 		<li>[Fix] Allow multibyte keys in request_var(). (Bug #51555)</li>
 		<li>[Fix] Prevent wrong tar archive type detection. (Bug #12531)</li>
 		<li>[Fix] Correct redirection after login to forum not in web root (Bug #58755)</li>
+		<li>[Fix] Redirect search engines that access pages with SIDs in the URL. (Bug #58025)</li>
 		<li>[Feature] Support for Microsoft's Native SQL Server Driver for PHP (Bug #57055 - Patch by Chris Pucci at Microsoft)</li>
 	</ul>
 
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 1a302d5991..8beb0161f9 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -608,6 +608,12 @@ class session
 		}
 		else
 		{
+			// Bot user, if they have a SID in the Request URI we need to get rid of it
+			// otherwise they'll index this page with the SID, duplicate content oh my!
+			if (isset($_GET['sid']))
+			{
+				redirect(build_url(array('sid')));
+			}
 			$this->data['session_last_visit'] = $this->time_now;
 		}