diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2009-11-19 09:54:38 +0000 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2009-11-19 09:54:38 +0000 |
| commit | c80f98ea107ab74432fcfadffe13389442874993 (patch) | |
| tree | f07af19ddd6400c6434e10e378c2c0c19e82c60a /phpBB | |
| parent | 72c4b694cf7776e20582ec57148614cc02815b85 (diff) | |
| download | forums-c80f98ea107ab74432fcfadffe13389442874993.tar forums-c80f98ea107ab74432fcfadffe13389442874993.tar.gz forums-c80f98ea107ab74432fcfadffe13389442874993.tar.bz2 forums-c80f98ea107ab74432fcfadffe13389442874993.tar.xz forums-c80f98ea107ab74432fcfadffe13389442874993.zip | |
Fix Bug #54125 - Correctly reset login keys if passed value is the current user.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10279 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 6 |
2 files changed, 4 insertions, 3 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 1fe45c97a1..254364a2b7 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -91,6 +91,7 @@ <ul> <li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li> <li>[Fix] Force full date for board online record date.</li> + <li>[Fix] Correctly reset login keys if passed value is the current user. (Bug #54125)</li> </ul> <a name="v305"></a><h3>1.ii. Changes since 3.0.5</h3> diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index bf41fea7de..933bd47347 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1355,7 +1355,7 @@ class session { global $config, $db; - $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; + $user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id; $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user_id; @@ -1378,7 +1378,7 @@ class session // Let's also clear any current sessions for the specified user_id // If it's the current user then we'll leave this session intact $sql_where = 'session_user_id = ' . (int) $user_id; - $sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; + $sql_where .= ($user_id === (int) $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE $sql_where"; @@ -1386,7 +1386,7 @@ class session // We're changing the password of the current user and they have a key // Lets regenerate it to be safe - if ($user_id === $this->data['user_id'] && $this->cookie_data['k']) + if ($user_id === (int) $this->data['user_id'] && $this->cookie_data['k']) { $this->set_login_key($user_id); } |