Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
3.0.12
-
None
-
PHP 5.4.4, MySQL 5.5.38, Linux 3.13.0, Debian Wheezy, FastCGI mode, any browser.
Description
I find that banned users trying to visit my forum (running phpBB 3.0.12) cause infinite recursion, causing the page to crash (after having consumed many a CPU second). The recursion loop looks as follows:
session_begin at session.php:476
session_create at session.php:657
check_ban at session.php:1188
session_kill at session.php:933
session_create at session.php:657
check_ban at session.php:1188
session_kill at session.php:933
...
I suspect the cause of this is that the return value of the auth module's autologin function overrides the wish of session_kill() to create an ANONYMOUS session.
As long as the contract of the autologin function as described at <https://wiki.phpbb.com/Authentication_plugins#autologin_method> is to be considered reasonably correct, this seems like a bug, no? No particular particular behavior seems to be described at that page that the autologin function should implement to ensure that bans work correctly.
Attachments
Issue Links
- caused
-
-
- Closed
-
-
-
- Closed
-