diff options
| author | Nils Adermann <naderman@naderman.de> | 2014-10-22 18:20:46 -0400 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2014-10-22 18:20:46 -0400 |
| commit | d7553893c4c211edb1a42f91276edbcc27bfd330 (patch) | |
| tree | 5e46d6d74dc353e3d251bd1fcca903c9741cf7ba | |
| parent | fad280f94b97799cf12a636b65f7f2288e8b3640 (diff) | |
| parent | f796f920589a88b6572a04057bbb039f98196032 (diff) | |
| download | forums-d7553893c4c211edb1a42f91276edbcc27bfd330.tar forums-d7553893c4c211edb1a42f91276edbcc27bfd330.tar.gz forums-d7553893c4c211edb1a42f91276edbcc27bfd330.tar.bz2 forums-d7553893c4c211edb1a42f91276edbcc27bfd330.tar.xz forums-d7553893c4c211edb1a42f91276edbcc27bfd330.zip | |
Merge pull request #3057 from marc1706/ticket/security-159
[ticket/security-159] Only show first 8 characters of login keys in UCP
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 361dc831aa..a876d0133a 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -655,9 +655,14 @@ class ucp_profile { if (!empty($keys)) { + foreach ($keys as $key => $id) + { + $keys[$key] = $db->sql_like_expression($id . $db->get_any_char()); + } + $sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')'; $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user->data['user_id'] . ' - AND ' . $db->sql_in_set('key_id', $keys) ; + AND ' . $sql_where ; $db->sql_query($sql); @@ -681,7 +686,7 @@ class ucp_profile while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('sessions', array( - 'KEY' => $row['key_id'], + 'KEY' => substr($row['key_id'], 0, 8), 'IP' => $row['last_ip'], 'LOGIN_TIME' => $user->format_date($row['last_login']), )); |