diff options
| author | Nils Adermann <naderman@naderman.de> | 2014-10-22 18:21:12 -0400 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2014-10-22 18:21:12 -0400 |
| commit | 00c57ed122d741a2166188b6158852be401d5299 (patch) | |
| tree | 9930d5965d943a8a550a194a6d08f95dc227b7a3 /phpBB/includes/ucp/ucp_profile.php | |
| parent | d08a47d8577c33fcd63bb172d16422e3854b26ed (diff) | |
| parent | d7553893c4c211edb1a42f91276edbcc27bfd330 (diff) | |
| download | forums-00c57ed122d741a2166188b6158852be401d5299.tar forums-00c57ed122d741a2166188b6158852be401d5299.tar.gz forums-00c57ed122d741a2166188b6158852be401d5299.tar.bz2 forums-00c57ed122d741a2166188b6158852be401d5299.tar.xz forums-00c57ed122d741a2166188b6158852be401d5299.zip | |
Merge branch 'develop-ascraeus' into develop
* develop-ascraeus:
[ticket/security-159] Only show first 8 characters of login keys in UCP
Diffstat (limited to 'phpBB/includes/ucp/ucp_profile.php')
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 66e21a68a5..a36b67f515 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -649,9 +649,14 @@ class ucp_profile { if (!empty($keys)) { + foreach ($keys as $key => $id) + { + $keys[$key] = $db->sql_like_expression($id . $db->get_any_char()); + } + $sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')'; $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user->data['user_id'] . ' - AND ' . $db->sql_in_set('key_id', $keys) ; + AND ' . $sql_where ; $db->sql_query($sql); @@ -675,7 +680,7 @@ class ucp_profile while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('sessions', array( - 'KEY' => $row['key_id'], + 'KEY' => substr($row['key_id'], 0, 8), 'IP' => $row['last_ip'], 'LOGIN_TIME' => $user->format_date($row['last_login']), )); |