Merge branch 'hotfix/1.7.7' into develop

classes/context/Context.class.php

@@ -1281,15 +1281,17 @@ class Context
 			$val = array($val);
 		}
 
+		$result = array();
 		foreach($val as $k => $v)
 		{
+			$k = htmlentities($k);
 			if($key === 'page' || $key === 'cpage' || substr_compare($key, 'srl', -3) === 0)
 			{
-				$val[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;
+				$result[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;
 			}
 			elseif($key === 'mid' || $key === 'vid' || $key === 'search_keyword')
 			{
-				$val[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
+				$result[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
 			}
 			else
 			{
@@ -1300,12 +1302,12 @@ class Context
 
 				if(!is_array($v))
 				{
-					$val[$k] = trim($v);
+					$result[$k] = trim($v);
 				}
 			}
 		}
 
-		return $isArray ? $val : $val[0];
+		return $isArray ? $result : $result[0];
 	}
 
 	/**

config/config.inc.php

@@ -29,7 +29,7 @@ define('__ZBXE__', __XE__);
 /**
  * Display XE's full version.
  */
-define('__XE_VERSION__', '1.7.6');
+define('__XE_VERSION__', '1.7.7');
 define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false));
 define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false));
 define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));

modules/member/member.controller.php

@@ -1874,8 +1874,7 @@ class memberController extends member
 	function validateSession()
 	{
 		$destory_session = false;
-
-		if($_SESSION['ipaddress'] != $_SERVER['REMOTE_ADDR']) $destory_session =  true;
+		if($_SESSION['destroyed'] === true) $destory_session = true;
 
 		if($destory_session)
 		{
@@ -1888,9 +1887,16 @@ class memberController extends member
 
 	function regenerateSession()
 	{
-		if(!$_SESSION['session_checkup'] || time() - $_SESSION['session_checkup'] > 30)
+		if(!$_SESSION['session_checkup'])
 		{
-			session_regenerate_id(true);
+			$_SESSION['session_checkup'] = time();
+		}
+
+		if(time() - $_SESSION['session_checkup'] >= 1)
+		{
+			$_SESSION['destroyed'] = true;
+			session_regenerate_id();
+			$_SESSION['destroyed'] = false;
 			$_SESSION['session_checkup'] = time();
 		}
 	}

modules/member/skins/default/find_member_account.html

@@ -6,7 +6,7 @@
 	<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skin/default/find_member_account/1'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
 		<p>{$XE_VALIDATOR_MESSAGE}</p>
 	</div>
-	<form action="{getUrl('')}" method="get" ruleset="findAccount">
+	<form action="{getUrl('', 'act', 'procMemberFindAccount')}" method="get" ruleset="findAccount">
 		<input type="hidden" name="mid" value="{$mid}" />
 		<input type="hidden" name="act" value="procMemberFindAccount" />
 		<input type="hidden" name="document_srl" value="{$document_srl}" />
@@ -25,7 +25,7 @@
 	<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skin/default/find_member_account/2'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
 		<p>{$XE_VALIDATOR_MESSAGE}</p>
 	</div>
-	<form action="./" method="get" ruleset="@find_member_account_by_question">
+	<form action="{getUrl('', 'act', 'procMemberFindAccountByQuestion')}" method="get" ruleset="@find_member_account_by_question">
 		<input type="hidden" name="module" value="member" />
 		<input type="hidden" name="mid" value="{$mid}" />
 		<input type="hidden" name="document_srl" value="{$document_srl}" />	
@@ -59,7 +59,7 @@
 	<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skin/default/find_member_account/3'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
 		<p>{$XE_VALIDATOR_MESSAGE}</p>
 	</div>
-	<form ruleset="resendAuthMail" action="./" method="post">
+	<form ruleset="resendAuthMail" action="{getUrl('', 'act', 'procMemberResendAuthMail')}" method="post">
 		<input type="hidden" name="module" value="member" />
 		<input type="hidden" name="act" value="procMemberResendAuthMail" />
 		<input type="hidden" name="success_return_url" value="{getUrl(act, $act)}" />