diff --git a/phpBB/groupcp.php b/phpBB/groupcp.php
index 55209cd02c..7a88fef9a7 100644
--- a/phpBB/groupcp.php
+++ b/phpBB/groupcp.php
@@ -160,11 +160,6 @@ if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id )
redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true));
}
- if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
-
$sql = "SELECT group_moderator
FROM " . GROUPS_TABLE . "
WHERE group_id = $group_id";
@@ -214,11 +209,6 @@ else if ( isset($HTTP_POST_VARS['joingroup']) && $group_id )
redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true));
}
- if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
-
$sql = "SELECT ug.user_id, g.group_type
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
WHERE g.group_id = $group_id
@@ -324,11 +314,6 @@ else if ( isset($HTTP_POST_VARS['unsub']) || isset($HTTP_POST_VARS['unsubpending
redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true));
}
- if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
-
if ( $confirm )
{
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
@@ -375,7 +360,7 @@ else if ( isset($HTTP_POST_VARS['unsub']) || isset($HTTP_POST_VARS['unsubpending
{
$unsub_msg = ( isset($HTTP_POST_VARS['unsub']) ) ? $lang['Confirm_unsub'] : $lang['Confirm_unsub_pending'];
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
$page_title = $lang['Group_Control_Panel'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
@@ -473,11 +458,6 @@ else if ( $group_id )
redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true));
}
- if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
-
if ( !$is_moderator )
{
$template->assign_vars(array(
@@ -912,7 +892,7 @@ else if ( $group_id )
generate_user_info($group_moderator, $board_config['default_dateformat'], $is_moderator, $from, $posts, $joined, $poster_avatar, $profile_img, $profile, $search_img, $search, $pm_img, $pm, $email_img, $email, $www_img, $www, $icq_status_img, $icq_img, $icq, $aim_img, $aim, $msn_img, $msn, $yim_img, $yim);
- $s_hidden_fields .= '';
+ $s_hidden_fields .= '';
$template->assign_vars(array(
'L_GROUP_INFORMATION' => $lang['Group_Information'],
@@ -1258,7 +1238,7 @@ else
$template->assign_block_vars('switch_groups_remaining', array() );
}
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
$template->assign_vars(array(
'L_GROUP_MEMBERSHIP_DETAILS' => $lang['Group_member_details'],
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 2da9518b04..19199444cf 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -152,6 +152,7 @@ define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access');
define('BANLIST_TABLE', $table_prefix.'banlist');
define('CATEGORIES_TABLE', $table_prefix.'categories');
define('CONFIG_TABLE', $table_prefix.'config');
+define('CONFIRM_TABLE', $table_prefix.'confirm');
define('DISALLOW_TABLE', $table_prefix.'disallow');
define('FORUMS_TABLE', $table_prefix.'forums');
define('GROUPS_TABLE', $table_prefix.'groups');
diff --git a/phpBB/includes/functions_post.php b/phpBB/includes/functions_post.php
index 8b84a76c87..b5ae99d289 100644
--- a/phpBB/includes/functions_post.php
+++ b/phpBB/includes/functions_post.php
@@ -222,7 +222,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
$current_time = time();
- if ($mode == 'newtopic' || $mode == 'reply')
+ if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost')
{
//
// Flood control
@@ -242,7 +242,8 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
}
}
}
- else if ($mode == 'editpost')
+
+ if ($mode == 'editpost')
{
remove_search_post($post_id);
}
diff --git a/phpBB/includes/usercp_email.php b/phpBB/includes/usercp_email.php
index 788cff0af1..5dd3d8ef8c 100644
--- a/phpBB/includes/usercp_email.php
+++ b/phpBB/includes/usercp_email.php
@@ -27,6 +27,12 @@ if ( !defined('IN_PHPBB') )
exit;
}
+// Is send through board enabled? No, return to index
+if (!$board_config['board_email_form'])
+{
+ redirect(append_sid("index.$phpEx"));
+}
+
if ( !empty($HTTP_GET_VARS[POST_USERS_URL]) || !empty($HTTP_POST_VARS[POST_USERS_URL]) )
{
$user_id = ( !empty($HTTP_GET_VARS[POST_USERS_URL]) ) ? intval($HTTP_GET_VARS[POST_USERS_URL]) : intval($HTTP_POST_VARS[POST_USERS_URL]);
@@ -61,12 +67,6 @@ if ( $result = $db->sql_query($sql) )
if ( isset($HTTP_POST_VARS['submit']) )
{
- // session id check
- if ($sid == '' || $sid != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
-
$error = FALSE;
if ( !empty($HTTP_POST_VARS['subject']) )
@@ -175,7 +175,7 @@ if ( $result = $db->sql_query($sql) )
$template->assign_vars(array(
'USERNAME' => $username,
- 'S_HIDDEN_FIELDS' => '',
+ 'S_HIDDEN_FIELDS' => '',
'S_POST_ACTION' => append_sid("profile.$phpEx?&mode=email&" . POST_USERS_URL . "=$user_id"),
'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'],
diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php
index c5adb86445..642f5471d4 100644
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -46,8 +46,8 @@ function show_coppa()
"AGREE_UNDER_13" => $lang['Agree_under_13'],
'DO_NOT_AGREE' => $lang['Agree_not'],
- "U_AGREE_OVER13" => "profile.$phpEx?mode=register&agreed=true&sid=" . $userdata['session_id'],
- "U_AGREE_UNDER13" => "profile.$phpEx?mode=register&agreed=true&coppa=true&sid=" . $userdata['session_id'])
+ "U_AGREE_OVER13" => "profile.$phpEx?mode=register&agreed=true",
+ "U_AGREE_UNDER13" => "profile.$phpEx?mode=register&agreed=true&coppa=true")
);
$template->pparse('body');
@@ -80,12 +80,6 @@ if (
isset($HTTP_POST_VARS['cancelavatar']) ||
$mode == 'register' )
{
- // session id check
- if ($sid == '' || $sid != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
-
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
@@ -765,7 +759,7 @@ else
}
}
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
if( $mode == 'editprofile' )
{
$s_hidden_fields .= '';
diff --git a/phpBB/includes/usercp_sendpasswd.php b/phpBB/includes/usercp_sendpasswd.php
index c8de08d97e..d906856536 100644
--- a/phpBB/includes/usercp_sendpasswd.php
+++ b/phpBB/includes/usercp_sendpasswd.php
@@ -29,12 +29,6 @@ if ( !defined('IN_PHPBB') )
if ( isset($HTTP_POST_VARS['submit']) )
{
- // session id check
- if ($sid == '' || $sid != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
-
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags($HTTP_POST_VARS['username'])) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';
@@ -133,7 +127,7 @@ $template->assign_vars(array(
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],
- 'S_HIDDEN_FIELDS' => '',
+ 'S_HIDDEN_FIELDS' => '',
'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=sendpassword"))
);
diff --git a/phpBB/login.php b/phpBB/login.php
index 72c995575f..64fe4c3590 100644
--- a/phpBB/login.php
+++ b/phpBB/login.php
@@ -92,13 +92,13 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
- $redirect = str_replace("?", "&", $redirect);
+ $redirect = str_replace('?', '&', $redirect);
$template->assign_vars(array(
- 'META' => '')
+ 'META' => "")
);
- $message = $lang['Error_login'] . '
' . sprintf($lang['Click_return_login'], '', '') . '
' . sprintf($lang['Click_return_index'], '', '');
+ $message = $lang['Error_login'] . '
' . sprintf($lang['Click_return_login'], "", '') . '
' . sprintf($lang['Click_return_index'], '', '');
message_die(GENERAL_MESSAGE, $message);
}
@@ -110,22 +110,16 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
$redirect = str_replace("?", "&", $redirect);
$template->assign_vars(array(
- 'META' => '')
+ 'META' => "")
);
- $message = $lang['Error_login'] . '
' . sprintf($lang['Click_return_login'], '', '') . '
' . sprintf($lang['Click_return_index'], '', '');
+ $message = $lang['Error_login'] . '
' . sprintf($lang['Click_return_login'], "", '') . '
' . sprintf($lang['Click_return_index'], '', '');
message_die(GENERAL_MESSAGE, $message);
}
}
else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
{
- // session id check
- if ($sid == '' || $sid != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
-
if( $userdata['session_logged_in'] )
{
session_end($userdata['session_id'], $userdata['user_id']);
@@ -201,7 +195,7 @@ else
$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
make_jumpbox('viewforum.'.$phpEx, $forum_id);
$template->assign_vars(array(
diff --git a/phpBB/posting.php b/phpBB/posting.php
index 2cfd897711..134e7cca07 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -119,26 +119,6 @@ if ( isset($HTTP_POST_VARS['cancel']) )
redirect(append_sid($redirect, true) . $post_append);
}
-//
-// Compare sid ... if sids don't match
-// output message ... note that AOL'ers may
-// obtain this error until the session code
-// is modified to change the 6 to 4 in the IP
-// comparison checks ... or if a user takes
-// longer than session time to submit the form
-// both can be easily altered by the admin
-//
-if ( $submit || $refresh )
-{
- if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
- {
- // I've not added this to the language set at this time ... re-releasing
- // every single language to include this for the once in a blue moon
- // time it will be output is just not worthwhile at present.
- message_die(GENERAL_MESSAGE, 'Invalid_session');
- }
-}
-
//
// What auth type do we need to check?
//
@@ -434,7 +414,7 @@ if ( ( $delete || $poll_delete || $mode == 'delete' ) && !$confirm )
//
// Confirm deletion
//
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
$s_hidden_fields .= ( $delete || $mode == "delete" ) ? '' : '';
$l_confirm = ( $delete || $mode == 'delete' ) ? $lang['Confirm_delete'] : $lang['Confirm_delete_poll'];
@@ -926,7 +906,7 @@ if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] )
}
}
-$hidden_form_fields = '';
+$hidden_form_fields = '';
switch( $mode )
{
diff --git a/phpBB/privmsg.php b/phpBB/privmsg.php
index 39e7369bb6..fedb83525d 100644
--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@@ -437,7 +437,7 @@ else if ( $mode == 'read' )
$l_box_name = $lang['Sent'];
}
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
$page_title = $lang['Read_pm'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
@@ -664,12 +664,6 @@ else if ( ( $delete && $mark_list ) || $delete_all )
redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
}
- // session id check
- if ($sid == '' || $sid != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
-
if ( isset($mark_list) && !is_array($mark_list) )
{
// Set to empty array instead of '0' if nothing is selected.
@@ -678,7 +672,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
if ( !$confirm )
{
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
$s_hidden_fields .= ( isset($HTTP_POST_VARS['delete']) ) ? '' : '';
for($i = 0; $i < count($mark_list); $i++)
@@ -896,12 +890,6 @@ else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
{
redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
}
-
- // session id check
- if ($sid == '' || $sid != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
if (sizeof($mark_list))
{
@@ -1150,12 +1138,6 @@ else if ( $submit || $refresh || $mode != '' )
if ( $submit )
{
- // session id check
- if ($sid == '' || $sid != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
-
if ( !empty($HTTP_POST_VARS['username']) )
{
$to_username = $HTTP_POST_VARS['username'];
@@ -1594,7 +1576,7 @@ else if ( $submit || $refresh || $mode != '' )
$preview_message = make_clickable($preview_message);
$preview_message = str_replace("\n", '
', $preview_message);
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
$s_hidden_fields .= '';
if ( isset($privmsg_id) )
@@ -1716,7 +1698,7 @@ else if ( $submit || $refresh || $mode != '' )
$post_a = $lang['Edit_message'];
}
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
$s_hidden_fields .= '';
if ( $mode == 'edit' )
{
@@ -2082,7 +2064,7 @@ $template->assign_vars(array(
'L_SAVE_MARKED' => $lang['Save_marked'],
'S_PRIVMSGS_ACTION' => append_sid("privmsg.$phpEx?folder=$folder"),
- 'S_HIDDEN_FIELDS' => '',
+ 'S_HIDDEN_FIELDS' => '',
'S_POST_NEW_MSG' => $post_new_mesg_url,
'S_SELECT_MSG_DAYS' => $select_msg_days,