makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix Bug #54125 - Correctly reset login keys if passed value is the current user.

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10279 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Andreas Fischer 2009-11-19 09:54:38 +00:00
parent 72c4b694cf
commit c80f98ea10
2 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
phpBB/docs/CHANGELOG.html
View file

@ -91,6 +91,7 @@
<ul> <ul>
<li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li> <li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li>
<li>[Fix] Force full date for board online record date.</li> <li>[Fix] Force full date for board online record date.</li>
<li>[Fix] Correctly reset login keys if passed value is the current user. (Bug #54125)</li>
</ul> </ul>
<a name="v305"></a><h3>1.ii. Changes since 3.0.5</h3> <a name="v305"></a><h3>1.ii. Changes since 3.0.5</h3>

6
phpBB/includes/session.php
View file

@ -1355,7 +1355,7 @@ class session
{ {
global $config, $db; global $config, $db;
$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; $user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id;
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user_id; WHERE user_id = ' . (int) $user_id;
@ -1378,7 +1378,7 @@ class session
// Let's also clear any current sessions for the specified user_id // Let's also clear any current sessions for the specified user_id
// If it's the current user then we'll leave this session intact // If it's the current user then we'll leave this session intact
$sql_where = 'session_user_id = ' . (int) $user_id; $sql_where = 'session_user_id = ' . (int) $user_id;
$sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; $sql_where .= ($user_id === (int) $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_TABLE . " $sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE $sql_where"; WHERE $sql_where";
@ -1386,7 +1386,7 @@ class session
// We're changing the password of the current user and they have a key // We're changing the password of the current user and they have a key
// Lets regenerate it to be safe // Lets regenerate it to be safe
if ($user_id === $this->data['user_id'] && $this->cookie_data['k']) if ($user_id === (int) $this->data['user_id'] && $this->cookie_data['k'])
{ {
$this->set_login_key($user_id); $this->set_login_key($user_id);
} }