From c80f98ea107ab74432fcfadffe13389442874993 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 19 Nov 2009 09:54:38 +0000 Subject: [PATCH] Fix Bug #54125 - Correctly reset login keys if passed value is the current user. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10279 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/docs/CHANGELOG.html | 1 + phpBB/includes/session.php | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 1fe45c97a1..254364a2b7 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -91,6 +91,7 @@

1.ii. Changes since 3.0.5

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index bf41fea7de..933bd47347 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1355,7 +1355,7 @@ class session { global $config, $db; - $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; + $user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id; $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user_id; @@ -1378,7 +1378,7 @@ class session // Let's also clear any current sessions for the specified user_id // If it's the current user then we'll leave this session intact $sql_where = 'session_user_id = ' . (int) $user_id; - $sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; + $sql_where .= ($user_id === (int) $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE $sql_where"; @@ -1386,7 +1386,7 @@ class session // We're changing the password of the current user and they have a key // Lets regenerate it to be safe - if ($user_id === $this->data['user_id'] && $this->cookie_data['k']) + if ($user_id === (int) $this->data['user_id'] && $this->cookie_data['k']) { $this->set_login_key($user_id); }