Fix je nasazenej, mod uz se nevyviji, takze full disclosure tady:
Bezpecnostni chyba zpusobujici unik SID (hash uzivatelskeho sezeni) v pripade, ze uzivatel ma v prohlizeci zakazana cookies, opalcuje prispevek a autor opalcovaneho prispevku ma zapnute upozornovani na nove palce pomoci SZ.
V dusledku muze dojit ke kradezi/prevzeti uzivatelskeho sezeni. Ackoliv jsou SID svazany s uzivatelskou IP adresou a utok vyzaduje relativne malo pouzivane nastaveni, lze si predstavit situace a zpusoby, jak utocnik muze tato nastaveni uzivateli a/nebo IP adresu vnutit (verejna kavarna, tor...) a riziko zneuziti tudiz nebylo pouze hypoteticke.
diff --git a/includes/functions_thanks.php b/includes/functions_thanks.php
index 9eb7b48..d7c1a2e 100644
--- a/includes/functions_thanks.php
+++ b/includes/functions_thanks.php
@@ -461,7 +461,7 @@ function send_thanks_pm($user_id, $to_id, $send_pm = true, $post_id = 0, $lang_a
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
$user->data['user_lang'] = (file_exists($phpbb_root_path . 'language/' . $user->data['user_lang'] . "/mods/thanks_mod.$phpEx")) ? $user->data['user_lang'] : $config['default_lang'];
$user->add_lang('mods/thanks_mod');
- $massage = '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $post_id .'#p' . $post_id) .'">'. $user->lang['THANKS_PM_MES_'. $lang_act] .'</a>';
+ $massage = '<a href="' . "{$phpbb_root_path}viewtopic.$phpEx" . '?p=' . $post_id .'#p' . $post_id .'">'. $user->lang['THANKS_PM_MES_'. $lang_act] .'</a>';
$pm_data = array(
'from_user_id' => $user->data['user_id'],
'from_user_ip' => $user->ip,
Aktualizováno uživatelem