Menu
▾
▴
[Phpbb-checkins] r9917 - in /branches/phpBB-3_0_0/phpBB: docs/CHANGELOG.html includes/session.php
|
From: Joas S. <nic...@ph...> - 2009-08-04 10:05:42
|
Author: nickvergessen
Date: Tue Aug 4 11:04:54 2009
New Revision: 9917
Log:
Fix Bug #49035 - Fix general error while registration, through undefined variable $config in validate_referer (Patch by wjvriend)
Authorised by: bantu
Modified:
branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html
branches/phpBB-3_0_0/phpBB/includes/session.php
Modified: branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html
==============================================================================
*** branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html (original)
--- branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html Tue Aug 4 11:04:54 2009
***************
*** 186,191 ****
--- 186,192 ----
<li>[Fix] Do not try to create thumbnails for images we cannot open properly. (Bug #48695)</li>
<li>[Fix] Apply locale-independent basename() to attachment filenames. New function added: utf8_basename(). (Bug #43335 - Patch by ocean=Yohsuke)</li>
<li>[Fix] Adjust build_url() to not prepend $phpbb_root_path if path returned from redirect() is an URL. This fixes redirect issues with some installations and bridges. (Bug #47535)</li>
+ <li>[Fix] Fix general error while registration, through undefined variable $config in validate_referer (Bug #49035 - Patch by wjvriend)</li>
<li>[Change] Change the data format of the default file ACM to be more secure from tampering and have better performance.</li>
<li>[Change] Add index on log_time to the log table to prevent slowdown on boards with many log entries. (Bug #44665 - Patch by bantu)</li>
<li>[Change] Template engine now permits to a limited extent variable includes.</li>
Modified: branches/phpBB-3_0_0/phpBB/includes/session.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/session.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/session.php Tue Aug 4 11:04:54 2009
***************
*** 1364,1369 ****
--- 1364,1371 ----
*/
function validate_referer($check_script_path = false)
{
+ global $config;
+
// no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason)
if (empty($this->referer) || empty($this->host))
{
***************
*** 1373,1379 ****
$host = htmlspecialchars($this->host);
$ref = substr($this->referer, strpos($this->referer, '://') + 3);
! if (!(stripos($ref, $host) === 0) && (!$config['force_server'] || !(stripos($ref, $config['server_name']) === 0)))
{
return false;
}
--- 1375,1381 ----
$host = htmlspecialchars($this->host);
$ref = substr($this->referer, strpos($this->referer, '://') + 3);
! if (!(stripos($ref, $host) === 0) && (!$config['force_server_vars'] || !(stripos($ref, $config['server_name']) === 0)))
{
return false;
}
|
