Menu
▾
▴
[mxbb-commits] core/includes/sessions/internal session.php, 1.4, 1.5 login.php, 1.3, 1.4
|
From: MW <jo...@us...> - 2008-02-09 12:41:17
|
Update of /cvsroot/mxbb/core/includes/sessions/internal In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv25492/includes/sessions/internal Modified Files: session.php login.php Log Message: part of project wide change of using request_vars wrapper class instead of explicite and unfiltered $HTML_*_VARS Index: login.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/internal/login.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** login.php 4 Feb 2008 15:56:43 -0000 1.3 --- login.php 9 Feb 2008 12:41:11 -0000 1.4 *************** *** 15,22 **** } ! if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) ) { ! $username = isset($HTTP_POST_VARS['username']) ? phpBB2::phpbb_clean_username($HTTP_POST_VARS['username']) : ''; ! $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; $sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try --- 15,22 ---- } ! if ($mx_request_vars->is_request('login') && (!$userdata['session_logged_in'] || $mx_request_vars->is_post('admin')) ) { ! $username = $mx_request_vars->is_post('username') ? phpBB2::phpbb_clean_username($mx_request_vars->post('username', MX_TYPE_NO_TAGS)) : ''; ! $password = $mx_request_vars->post('password', MX_TYPE_NO_TAGS); $sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try *************** *** 55,61 **** if( md5($password) == $row['user_password'] && $row['user_active'] ) { ! $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; ! $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; $session_id = $mx_user->mx_session_create($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); --- 55,61 ---- if( md5($password) == $row['user_password'] && $row['user_active'] ) { ! $autologin = $mx_request_vars->is_post('autologin'); ! $admin = $mx_request_vars->is_post('admin'); $session_id = $mx_user->mx_session_create($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); *************** *** 66,70 **** { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : $fromurl; mx_redirect(mx3_append_sid($url, false, false, $session_id)); } --- 66,71 ---- { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; ! $url = $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS); ! $url = ( !empty($url) ) ? str_replace('&', '&', $url) : $fromurl; mx_redirect(mx3_append_sid($url, false, false, $session_id)); } *************** *** 87,93 **** } ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; ! $redirect = str_replace('?', '&', $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { --- 88,97 ---- } ! $redirect = $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS); ! if (!empty($redirect)) ! { ! $redirect = str_replace('&', '&', $redirect); ! $redirect = str_replace('?', '&', $redirect); ! } if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { *************** *** 106,111 **** else { ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ""; ! $redirect = str_replace("?", "&", $redirect); if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) --- 110,119 ---- else { ! $redirect = $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS); ! if (!empty($redirect)) ! { ! $redirect = str_replace('&', '&', $redirect); ! $redirect = str_replace('?', '&', $redirect); ! } if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) *************** *** 122,126 **** } } ! else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) { // session id check --- 130,134 ---- } } ! else if ($mx_request_vars->is_request('logout') && $userdata['session_logged_in'] ) { // session id check *************** *** 135,142 **** } ! if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect'])) { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : $fromurl; mx_redirect(mx3_append_sid($url, false, false, $session_id)); } --- 143,150 ---- } ! if (!$mx_request_vars->is_empty_request('redirect')) { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; ! $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : $fromurl; mx_redirect(mx3_append_sid($url, false, false, $session_id)); } *************** *** 148,152 **** else { ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx"; mx_redirect(mx_append_sid($url, false)); } --- 156,160 ---- else { ! $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx_append_sid($url, false)); } Index: session.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/internal/session.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** session.php 5 Feb 2008 18:37:20 -0000 1.4 --- session.php 9 Feb 2008 12:41:11 -0000 1.5 *************** *** 53,57 **** { global $db, $board_config; ! global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; --- 53,57 ---- { global $db, $board_config; ! global $HTTP_COOKIE_VARS, $mx_request_vars, $SID; $cookiename = $board_config['cookie_name']; *************** *** 69,73 **** { $sessiondata = array(); ! $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } --- 69,73 ---- { $sessiondata = array(); ! $session_id = $mx_request_vars->get('sid', mztnt); $sessionmethod = SESSION_METHOD_GET; } *************** *** 294,298 **** { global $db, $lang, $board_config; ! global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; --- 294,298 ---- { global $db, $lang, $board_config; ! global $HTTP_COOKIE_VARS, $mx_request_vars, $SID; $cookiename = $board_config['cookie_name']; *************** *** 313,317 **** { $sessiondata = array(); ! $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } --- 313,317 ---- { $sessiondata = array(); ! $session_id = $mx_request_vars->get('sid',MX_TYPE_NO_TAGS); $sessionmethod = SESSION_METHOD_GET; } *************** *** 429,433 **** { global $db, $lang, $board_config, $userdata; ! global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; --- 429,433 ---- { global $db, $lang, $board_config, $userdata; ! global $HTTP_COOKIE_VARS, $SID; $cookiename = $board_config['cookie_name']; |
