makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'develop-ascraeus' into develop

Browse source 
* develop-ascraeus:
  [ticket/security-159] Only show first 8 characters of login keys in UCP
This commit is contained in:
Nils Adermann 2014-10-22 18:21:12 -04:00
commit 00c57ed122
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
phpBB/includes/ucp/ucp_profile.php
View file

@ -649,9 +649,14 @@ class ucp_profile
{ {
if (!empty($keys)) if (!empty($keys))
{ {
foreach ($keys as $key => $id)
{
$keys[$key] = $db->sql_like_expression($id . $db->get_any_char());
}
$sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')';
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user->data['user_id'] . ' WHERE user_id = ' . (int) $user->data['user_id'] . '
AND ' . $db->sql_in_set('key_id', $keys) ; AND ' . $sql_where ;
$db->sql_query($sql); $db->sql_query($sql);
@ -675,7 +680,7 @@ class ucp_profile
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
{ {
$template->assign_block_vars('sessions', array( $template->assign_block_vars('sessions', array(
'KEY' => $row['key_id'], 'KEY' => substr($row['key_id'], 0, 8),
'IP' => $row['last_ip'], 'IP' => $row['last_ip'],
'LOGIN_TIME' => $user->format_date($row['last_login']), 'LOGIN_TIME' => $user->format_date($row['last_login']),
)); ));