From c499025623018e854c650e07d287564d14886105 Mon Sep 17 00:00:00 2001
From: 3D-I <480857+3D-I@users.noreply.github.com>
Date: Tue, 16 Feb 2021 01:41:20 +0100
Subject: [PATCH] [ticket/16706] Fix undefined array keys on user IP ban

PHPBB3-16706
---
 phpBB/includes/functions.php                      | 2 +-
 phpBB/phpbb/auth/provider/oauth/token_storage.php | 8 ++++----
 phpBB/phpbb/session.php                           | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 1bc593eb60..fabb6baece 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -4049,7 +4049,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'S_ENABLE_FEEDS_TOPICS_ACTIVE'	=> ($config['feed_topics_active']) ? true : false,
 		'S_ENABLE_FEEDS_NEWS'		=> ($s_feed_news) ? true : false,
 
-		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
+		'S_LOAD_UNREADS'			=> (bool) $config['load_unreads_search'] && ($config['load_anon_lastread'] || !empty($user->data['is_registered'])),
 
 		'S_SEARCH_HIDDEN_FIELDS'	=> build_hidden_fields($s_search_hidden_fields),
 
diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php
index c0f585d7bb..aa84be9635 100644
--- a/phpBB/phpbb/auth/provider/oauth/token_storage.php
+++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php
@@ -181,10 +181,10 @@ class token_storage implements TokenStorageInterface
 	{
 		$this->cachedToken = null;
 
-		$sql = 'DELETE FROM ' . $this->oauth_token_table . ' 
+		$sql = 'DELETE FROM ' . $this->oauth_token_table . '
 			WHERE user_id = ' . (int) $this->user->data['user_id'];
 
-		if ((int) $this->user->data['user_id'] === ANONYMOUS)
+		if ((int) $this->user->data['user_id'] === ANONYMOUS && isset($this->user->data['session_id']))
 		{
 			$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
 		}
@@ -504,7 +504,7 @@ class token_storage implements TokenStorageInterface
 	 */
 	protected function get_access_token_row($data)
 	{
-		$sql = 'SELECT oauth_token 
+		$sql = 'SELECT oauth_token
 			FROM ' . $this->oauth_token_table . '
 			WHERE ' . $this->db->sql_build_array('SELECT', $data);
 		$result = $this->db->sql_query($sql);
@@ -523,7 +523,7 @@ class token_storage implements TokenStorageInterface
 	 */
 	protected function get_state_row($data)
 	{
-		$sql = 'SELECT oauth_state 
+		$sql = 'SELECT oauth_state
 			FROM ' . $this->oauth_state_table . '
 			WHERE ' . $this->db->sql_build_array('SELECT', $data);
 		$result = $this->db->sql_query($sql);
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index f1ef5757b7..869b214fcc 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -1660,7 +1660,7 @@ class session
 		}
 
 		// Do not update the session page for ajax requests, so the view online still works as intended
-		$page_changed = $this->update_session_page && $this->data['session_page'] != $this->page['page'] && !$request->is_ajax();
+		$page_changed = $this->update_session_page && (!isset($this->data['session_page']) || $this->data['session_page'] != $this->page['page']) && !$request->is_ajax();
 
 		// Only update session DB a minute or so after last update or if page changes
 		if ($this->time_now - (isset($this->data['session_time']) ? $this->data['session_time'] : 0) > 60 || $page_changed)