-
Bug
-
Resolution: Fixed
-
3.0.5
-
None
-
PHP Environment: PHP 5.2.6
Database: 5.0.51
I had problems registering new users on my forum. I always got a general error when submitting the register form.
After turning the debug mode on it appeared that in the method validate_referer(...) in session.php:
- "$config" was unknown (global statement should be added)
- the key "force_server" was unknown in "$config" (should be "force_server_vars")
I repaired these bugs; here is the validate_referer(...) method of seesion.php as I 'm using now :
/** * Check if the request originated from the same page. * @param bool $check_script_path If true, the path will be checked as well */ function validate_referer($check_script_path = false) { global $config; // no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason) if (empty($this->referer) || empty($this->host)) { return true; } $host = htmlspecialchars($this->host); $ref = substr($this->referer, strpos($this->referer, '://') + 3); if (!(stripos($ref, $host) === 0) && (!$config['force_server_vars'] || !(stripos($ref, $config['server_name']) === 0))) { return false; } else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '') { $ref = substr($ref, strlen($host)); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) { $ref = substr($ref, strlen(":$server_port")); } if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) { return false; } } return true; }
|