diff options
| author | Joseph Warner <hardolaf@hardolaf.com> | 2013-09-02 16:47:40 -0400 |
|---|---|---|
| committer | Joseph Warner <hardolaf@hardolaf.com> | 2013-09-02 16:47:53 -0400 |
| commit | 29e3768ecc7bc8adf96d4e31c4e05a6f1de6735a (patch) | |
| tree | c79a5ce75fef95c0d615e619e90de9c77acf3237 /phpBB | |
| parent | 63ba06406575b5c7882ef26ee3b5469ca16afec5 (diff) | |
| download | forums-29e3768ecc7bc8adf96d4e31c4e05a6f1de6735a.tar forums-29e3768ecc7bc8adf96d4e31c4e05a6f1de6735a.tar.gz forums-29e3768ecc7bc8adf96d4e31c4e05a6f1de6735a.tar.bz2 forums-29e3768ecc7bc8adf96d4e31c4e05a6f1de6735a.tar.xz forums-29e3768ecc7bc8adf96d4e31c4e05a6f1de6735a.zip | |
[feature/oauth] More minor changes from review
PHPBB3-11673
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/ucp/ucp_login_link.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 5 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/auth.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/oauth.php | 6 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/token_storage.php | 26 |
5 files changed, 22 insertions, 21 deletions
diff --git a/phpBB/includes/ucp/ucp_login_link.php b/phpBB/includes/ucp/ucp_login_link.php index bf7df1d4eb..4620eb9b9e 100644 --- a/phpBB/includes/ucp/ucp_login_link.php +++ b/phpBB/includes/ucp/ucp_login_link.php @@ -236,8 +236,8 @@ class ucp_login_link */ protected function perform_redirect() { - global $phpEx; - $url = append_sid('index.' . $phpEx); + global $phpbb_root_path, $phpEx; + $url = append_sid($phpbb_root_path . 'index.' . $phpEx); redirect($url); } } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index e3a1ac1fb0..372eecbb57 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -86,7 +86,7 @@ class ucp_register // Handle login_link data added to $_hidden_fields $login_link_data = $this->get_login_link_data_array(); - if ($login_link_data !== array()) + if (!empty($login_link_data)) { // Confirm that we have all necessary data $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']); @@ -518,12 +518,13 @@ class ucp_register $var_names = $request->variable_names(phpbb_request_interface::POST); $login_link_data = array(); + $string_start_length = strlen('login_link_'); foreach ($var_names as $var_name) { if (strpos($var_name, 'login_link_') === 0) { - $key_name = str_replace('login_link_', '', $var_name); + $key_name = substr($var_name, $string_start_length); $login_link_data[$key_name] = $request->variable($var_name, '', false, phpbb_request_interface::POST); } } diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php index 5093483d4a..81f8c76fc8 100644 --- a/phpBB/phpbb/auth/auth.php +++ b/phpBB/phpbb/auth/auth.php @@ -977,7 +977,7 @@ class phpbb_auth // This data is passed along as GET data to the next page allow the account to be linked $params = array('mode' => 'login_link'); - $url = append_sid('ucp.' . $phpEx, array_merge($params, $login['redirect_data'])); + $url = append_sid($phpbb_root_path . 'ucp.' . $phpEx, array_merge($params, $login['redirect_data'])); redirect($url); } diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index a0bc3038cb..be0b8bb7d6 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -211,8 +211,8 @@ class phpbb_auth_provider_oauth extends phpbb_auth_provider_base // Retrieve the user's account $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts - FROM ' . $this->users_table . ' - WHERE user_id = ' . (int) $row['user_id']; + FROM ' . $this->users_table . ' + WHERE user_id = ' . (int) $row['user_id']; $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); @@ -545,7 +545,7 @@ class phpbb_auth_provider_oauth extends phpbb_auth_provider_base // Get all external accounts tied to the current user $data = array( - 'user_id' => $this->user->data['user_id'], + 'user_id' => (int) $this->user->data['user_id'], ); $sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . ' WHERE ' . $this->db->sql_build_array('SELECT', $data); diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php index f9ba28ee69..d21deb8999 100644 --- a/phpBB/phpbb/auth/provider/oauth/token_storage.php +++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php @@ -82,11 +82,11 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface } $data = array( - 'user_id' => $this->user->data['user_id'], + 'user_id' => (int) $this->user->data['user_id'], 'provider' => $service, ); - if ($this->user->data['user_id'] === ANONYMOUS) + if ((int) $this->user->data['user_id'] === ANONYMOUS) { $data['session_id'] = $this->user->data['session_id']; } @@ -104,7 +104,7 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface $this->cachedToken = $token; $data = array( - 'user_id' => $this->user->data['user_id'], + 'user_id' => (int) $this->user->data['user_id'], 'provider' => $service, 'oauth_token' => $this->json_encode_token($token), 'session_id' => $this->user->data['session_id'], @@ -127,11 +127,11 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface } $data = array( - 'user_id' => $this->user->data['user_id'], + 'user_id' => (int) $this->user->data['user_id'], 'provider' => $service, ); - if ($this->user->data['user_id'] === ANONYMOUS) + if ((int) $this->user->data['user_id'] === ANONYMOUS) { $data['session_id'] = $this->user->data['session_id']; } @@ -149,12 +149,12 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface $this->cachedToken = null; $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . ' - WHERE user_id = ' . $this->user->data['user_id'] . " + WHERE user_id = ' . (int) $this->user->data['user_id'] . " AND provider = '" . $this->db->sql_escape($service) . "'"; - if ($this->user->data['user_id'] === ANONYMOUS) + if ((int) $this->user->data['user_id'] === ANONYMOUS) { - $sql .= " AND session_id = '" . $this->user->data['session_id'] . "'"; + $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; } $this->db->sql_query($sql); @@ -168,11 +168,11 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface $this->cachedToken = null; $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . ' - WHERE user_id = ' . $this->user->data['user_id']; + WHERE user_id = ' . (int) $this->user->data['user_id']; - if ($this->user->data['user_id'] === ANONYMOUS) + if ((int) $this->user->data['user_id'] === ANONYMOUS) { - $sql .= " AND session_id = '" . $this->user->data['session_id'] . "'"; + $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; } $this->db->sql_query($sql); @@ -194,8 +194,8 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface SET ' . $this->db->sql_build_array('UPDATE', array( 'user_id' => (int) $user_id )) . ' - WHERE user_id = ' . $this->user->data['user_id'] . " - AND session_id = '" . $this->user->data['session_id'] . "'"; + WHERE user_id = ' . (int) $this->user->data['user_id'] . " + AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; $this->db->sql_query($sql); } |