diff options
| author | mrgoldy <gijsmartens1@gmail.com> | 2019-10-08 20:12:24 +0200 |
|---|---|---|
| committer | mrgoldy <gijsmartens1@gmail.com> | 2019-10-08 20:12:24 +0200 |
| commit | 1f669a31a08a817c5614386658d01f8827bb4372 (patch) | |
| tree | 0af6d6570a69cffcf246718a2680d5f006be4fe7 | |
| parent | c75c13e5554652927a8aa57bd3b9f3902f57b429 (diff) | |
| download | forums-1f669a31a08a817c5614386658d01f8827bb4372.tar forums-1f669a31a08a817c5614386658d01f8827bb4372.tar.gz forums-1f669a31a08a817c5614386658d01f8827bb4372.tar.bz2 forums-1f669a31a08a817c5614386658d01f8827bb4372.tar.xz forums-1f669a31a08a817c5614386658d01f8827bb4372.zip | |
[ticket/16181] Enforce string data type
PHPBB3-16181
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/oauth.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 0d94acfbca..8352fb649d 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -216,10 +216,15 @@ class oauth extends \phpbb\auth\provider\base $this->service_providers[$service_name]->set_external_service_provider($service); $unique_id = $this->service_providers[$service_name]->perform_auth_login(); - // Check to see if this provider is already assosciated with an account + /** + * Check to see if this provider is already assosciated with an account. + * + * Enforcing a data type to make sure it are strings and not integers, + * so values are quoted in the SQL WHERE statement. + */ $data = array( - 'provider' => $service_name_original, - 'oauth_provider_id' => $unique_id + 'provider' => (string) $service_name_original, + 'oauth_provider_id' => (string) $unique_id ); $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' |