10 роки тому · b76101eaaf
--- a/Sources/Load.php
+++ b/Sources/Load.php
@@ -247,7 +247,7 @@ function loadUserSettings()
 
 	if (empty($id_member) && isset($_COOKIE[$cookiename]))
 
 	{
 
 		// Fix a security hole in PHP 4.3.9 and below...
 
-		if (preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~i', $_COOKIE[$cookiename]) == 1)
 
+		if (preg_match('~^a:[34]:\{i:0;i:\d{1,7};i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~i', $_COOKIE[$cookiename]) == 1)
 
 		{
 
 			list ($id_member, $password) = @unserialize($_COOKIE[$cookiename]);
 
 			$id_member = !empty($id_member) && strlen($password) > 0 ? (int) $id_member : 0;
--- a/Sources/LogInOut.php
+++ b/Sources/LogInOut.php
@@ -88,7 +88,7 @@ function Login2()
 
 
 
 	if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest'])
 
 	{
 
-		if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~', $_COOKIE[$cookiename]) === 1)
 
+		if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d{1,7};i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~', $_COOKIE[$cookiename]) === 1)
 
 			list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);
 
 		elseif (isset($_SESSION['login_' . $cookiename]))
 
 			list (, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);
--- a/Sources/Subs-Auth.php
+++ b/Sources/Subs-Auth.php
@@ -31,12 +31,14 @@ function setLoginCookie($cookie_length, $id, $password = '')
 
 {
 
 	global $cookiename, $boardurl, $modSettings, $sourcedir;
 
 
 
+	$id = (int) $id;
 
+
 
 	// If changing state force them to re-address some permission caching.
 
 	$_SESSION['mc']['time'] = 0;
 
 
 
 	// The cookie may already exist, and have been set with different options.
 
 	$cookie_state = (empty($modSettings['localCookies']) ? 0 : 1) | (empty($modSettings['globalCookies']) ? 0 : 2);
 
-	if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~', $_COOKIE[$cookiename]) === 1)
 
+	if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d{1,7};i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~', $_COOKIE[$cookiename]) === 1)
 
 	{
 
 		$array = @unserialize($_COOKIE[$cookiename]);