diff options
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 6 |
2 files changed, 4 insertions, 3 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 1fe45c97a1..254364a2b7 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -91,6 +91,7 @@ <ul> <li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li> <li>[Fix] Force full date for board online record date.</li> + <li>[Fix] Correctly reset login keys if passed value is the current user. (Bug #54125)</li> </ul> <a name="v305"></a><h3>1.ii. Changes since 3.0.5</h3> diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index bf41fea7de..933bd47347 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1355,7 +1355,7 @@ class session { global $config, $db; - $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; + $user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id; $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user_id; @@ -1378,7 +1378,7 @@ class session // Let's also clear any current sessions for the specified user_id // If it's the current user then we'll leave this session intact $sql_where = 'session_user_id = ' . (int) $user_id; - $sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; + $sql_where .= ($user_id === (int) $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE $sql_where"; @@ -1386,7 +1386,7 @@ class session // We're changing the password of the current user and they have a key // Lets regenerate it to be safe - if ($user_id === $this->data['user_id'] && $this->cookie_data['k']) + if ($user_id === (int) $this->data['user_id'] && $this->cookie_data['k']) { $this->set_login_key($user_id); } |