makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #5709 from mrgoldy/ticket/16181

Browse source 
[ticket/16181] Enforce string for OAuth provider id
This commit is contained in:
Marc Alexander 2019-10-28 20:32:03 +01:00
commit e95e387188
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
phpBB/phpbb/auth/provider/oauth/oauth.php
View file

@ -216,10 +216,15 @@ class oauth extends \phpbb\auth\provider\base
$this->service_providers[$service_name]->set_external_service_provider($service);
$unique_id = $this->service_providers[$service_name]->perform_auth_login();
// Check to see if this provider is already assosciated with an account
/**
* Check to see if this provider is already associated with an account.
*
* Enforcing a data type to make data contains strings and not integers,
* so values are quoted in the SQL WHERE statement.
*/
$data = array(
'provider' => $service_name_original,
'oauth_provider_id' => $unique_id
'provider' => (string) $service_name_original,
'oauth_provider_id' => (string) $unique_id
);
$sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '