Menu
▾
▴
[mxbb-commits] core/includes/sessions/phpbb3 session.php, 1.49, 1.50
|
From: Florin C B. <ory...@us...> - 2013-06-06 14:42:54
|
Update of /cvsroot/mxbb/core/includes/sessions/phpbb3 In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv25451 Modified Files: session.php Log Message: fix@ removed extra line that breaks login Index: session.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/session.php,v retrieving revision 1.49 retrieving revision 1.50 diff -C2 -d -r1.49 -r1.50 *** session.php 5 Jun 2013 14:05:59 -0000 1.49 --- session.php 6 Jun 2013 14:42:52 -0000 1.50 *************** *** 237,241 **** $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; - $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost'; $this->page = $this->extract_current_page($phpbb_root_path); --- 237,240 ---- *************** *** 244,248 **** if ($board_config['forwarded_for_check']) { ! $this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->forwarded_for)); // Whoa these look impressive! --- 243,247 ---- if ($board_config['forwarded_for_check']) { ! $this->forwarded_for = preg_replace('#, +#', ', ', $this->forwarded_for); // Whoa these look impressive! *************** *** 253,257 **** // split the list of IPs ! $ips = explode(' ', $this->forwarded_for); foreach ($ips as $ip) { --- 252,256 ---- // split the list of IPs ! $ips = explode(', ', $this->forwarded_for); foreach ($ips as $ip) { *************** *** 754,758 **** 'session_admin' => ($set_admin) ? 1 : 0, 'session_viewonline' => ($viewonline) ? 1 : 0, - 'session_lang' => (string) $this->lang_name, ); --- 753,756 ---- *************** *** 1351,1354 **** --- 1349,1401 ---- } } + + /** + * Check if the request originated from the same page. + * @param bool $check_script_path If true, the path will be checked as well + */ + function validate_referer($check_script_path = false) + { + global $board_config; + + // no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason) + if (empty($this->referer) || empty($this->host)) + { + return true; + } + + $host = htmlspecialchars($this->host); + $ref = substr($this->referer, strpos($this->referer, '://') + 3); + + if (!(stripos($ref, $host) === 0) && (!$board_config['force_server_vars'] || !(stripos($ref, $board_config['server_name']) === 0))) + { + return false; + } + else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '') + { + $ref = substr($ref, strlen($host)); + $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + + if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) + { + $ref = substr($ref, strlen(":$server_port")); + } + + if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) + { + return false; + } + } + + return true; + } + + function unset_admin() + { + global $db; + $sql = 'UPDATE ' . SESSIONS_TABLE . ' + SET session_admin = 0 + WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\''; + $db->sql_query($sql); + } /** ******************************************************************************************************* *************** *** 1367,1372 **** $session_lang = ''; ! ! //Added here for reference and future implementation of a lang block in mx_coreblocks were board_config can be taken from portal_config if ($board_config['lang_select_enable'] || $board_config['lang_click_enable']) { --- 1414,1420 ---- $session_lang = ''; ! /* ! * Added here for reference and future implementation of a lang block in mx_coreblocks were board_config can be taken from portal_config ! * if ($board_config['lang_select_enable'] || $board_config['lang_click_enable']) { *************** *** 1421,1425 **** } } ! $lang_set = !$lang_set ? (defined('IN_ADMIN') ? 'acp/common' : 'common') : $lang_set; --- 1469,1473 ---- } } ! */ $lang_set = !$lang_set ? (defined('IN_ADMIN') ? 'acp/common' : 'common') : $lang_set; *************** *** 1514,1524 **** if (("$include_result".include $this->lang_path . "common.$phpEx") === false) { if ((@include $phpbb_root_path . $this->lang_path . "common.$phpEx") === false) { ! die('Language file ' . $this->lang_path . "common.$phpEx" . ' couldn\'t be opened.'); //this will fix the path for anonymouse users } } // We include common language file here to not load it every time a custom language file is included $this->add_lang($lang_set); unset($lang_set); } --- 1562,1577 ---- if (("$include_result".include $this->lang_path . "common.$phpEx") === false) { + //this will fix the path for anonymouse users if ((@include $phpbb_root_path . $this->lang_path . "common.$phpEx") === false) { ! die('Language file ' . $this->lang_path . "common.$phpEx" . ' couldn\'t be opened.'); } } + + // // We include common language file here to not load it every time a custom language file is included + // $this->add_lang($lang_set); + unset($lang_set); } *************** *** 2037,2071 **** $language_filename = $this->lang_path . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx; } - - if (!file_exists($language_filename)) - { - global $config; - - if ($this->lang_name == 'en') - { - // The user's selected language is missing the file, the board default's language is missing the file, and the file doesn't exist in /en. - $language_filename = str_replace($this->lang_path . 'en', $this->lang_path . $this->data['user_lang'], $language_filename); - $include_result = (defined('DEBUG_EXTRA')) ? trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR) : ""; // Do not suppress error if in DEBUG_EXTRA mode - } - else if ($this->lang_name == basename($config['default_lang'])) - { - // Fall back to the English Language - $this->lang_name = 'en'; - $this->set_lang($lang, $help, $lang_file, $use_db, $use_help); - } - else if ($this->lang_name == $this->data['user_lang']) - { - // Fall back to the board default language - $this->lang_name = basename($config['default_lang']); - $this->set_lang($lang, $help, $lang_file, $use_db, $use_help); - } ! // Reset the lang name ! $this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']); ! return; ! } ! $include_result = (defined('DEBUG_EXTRA')) ? "@" : ""; //Fix for mxp; Do not suppress error if in DEBUG_EXTRA mode ! if (("$include_result".include $language_filename) === false) { if ((@include $phpbb_root_path . $language_filename) === false) { --- 2090,2098 ---- $language_filename = $this->lang_path . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx; } ! //fix for mxp ! if ((@include $language_filename) === false) { + //this will fix the path for anonymouse users if ((@include $phpbb_root_path . $language_filename) === false) { |
