aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/auth
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb/auth')
-rw-r--r--phpBB/phpbb/auth/auth.php2
-rw-r--r--phpBB/phpbb/auth/provider/oauth/oauth.php6
-rw-r--r--phpBB/phpbb/auth/provider/oauth/token_storage.php26
3 files changed, 17 insertions, 17 deletions
diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php
index 5093483d4a..81f8c76fc8 100644
--- a/phpBB/phpbb/auth/auth.php
+++ b/phpBB/phpbb/auth/auth.php
@@ -977,7 +977,7 @@ class phpbb_auth
// This data is passed along as GET data to the next page allow the account to be linked
$params = array('mode' => 'login_link');
- $url = append_sid('ucp.' . $phpEx, array_merge($params, $login['redirect_data']));
+ $url = append_sid($phpbb_root_path . 'ucp.' . $phpEx, array_merge($params, $login['redirect_data']));
redirect($url);
}
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php
index a0bc3038cb..be0b8bb7d6 100644
--- a/phpBB/phpbb/auth/provider/oauth/oauth.php
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -211,8 +211,8 @@ class phpbb_auth_provider_oauth extends phpbb_auth_provider_base
// Retrieve the user's account
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
- FROM ' . $this->users_table . '
- WHERE user_id = ' . (int) $row['user_id'];
+ FROM ' . $this->users_table . '
+ WHERE user_id = ' . (int) $row['user_id'];
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
@@ -545,7 +545,7 @@ class phpbb_auth_provider_oauth extends phpbb_auth_provider_base
// Get all external accounts tied to the current user
$data = array(
- 'user_id' => $this->user->data['user_id'],
+ 'user_id' => (int) $this->user->data['user_id'],
);
$sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php
index f9ba28ee69..d21deb8999 100644
--- a/phpBB/phpbb/auth/provider/oauth/token_storage.php
+++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php
@@ -82,11 +82,11 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
}
$data = array(
- 'user_id' => $this->user->data['user_id'],
+ 'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
);
- if ($this->user->data['user_id'] === ANONYMOUS)
+ if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$data['session_id'] = $this->user->data['session_id'];
}
@@ -104,7 +104,7 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
$this->cachedToken = $token;
$data = array(
- 'user_id' => $this->user->data['user_id'],
+ 'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
'oauth_token' => $this->json_encode_token($token),
'session_id' => $this->user->data['session_id'],
@@ -127,11 +127,11 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
}
$data = array(
- 'user_id' => $this->user->data['user_id'],
+ 'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
);
- if ($this->user->data['user_id'] === ANONYMOUS)
+ if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$data['session_id'] = $this->user->data['session_id'];
}
@@ -149,12 +149,12 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
$this->cachedToken = null;
$sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '
- WHERE user_id = ' . $this->user->data['user_id'] . "
+ WHERE user_id = ' . (int) $this->user->data['user_id'] . "
AND provider = '" . $this->db->sql_escape($service) . "'";
- if ($this->user->data['user_id'] === ANONYMOUS)
+ if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
- $sql .= " AND session_id = '" . $this->user->data['session_id'] . "'";
+ $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}
$this->db->sql_query($sql);
@@ -168,11 +168,11 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
$this->cachedToken = null;
$sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '
- WHERE user_id = ' . $this->user->data['user_id'];
+ WHERE user_id = ' . (int) $this->user->data['user_id'];
- if ($this->user->data['user_id'] === ANONYMOUS)
+ if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
- $sql .= " AND session_id = '" . $this->user->data['session_id'] . "'";
+ $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}
$this->db->sql_query($sql);
@@ -194,8 +194,8 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
SET ' . $this->db->sql_build_array('UPDATE', array(
'user_id' => (int) $user_id
)) . '
- WHERE user_id = ' . $this->user->data['user_id'] . "
- AND session_id = '" . $this->user->data['session_id'] . "'";
+ WHERE user_id = ' . (int) $this->user->data['user_id'] . "
+ AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
$this->db->sql_query($sql);
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-03-28 05:33:48 +0000