mirror of
https://github.com/delight-im/PHP-Auth.git
synced 2025-08-09 09:36:31 +02:00
Fail safely in role checks when invalid input has been supplied
This commit is contained in:
Marco
@@ -270,8 +270,11 @@ final class Administration extends UserManager {
|
|||||||
* @see Role
|
* @see Role
|
||||||
*/
|
*/
|
||||||
public function doesUserHaveRole($userId, $role) {
|
public function doesUserHaveRole($userId, $role) {
|
||||||
|
if (empty($role) || !\is_numeric($role)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$userId = (int) $userId;
|
$userId = (int) $userId;
|
||||||
$role = (int) $role;
|
|
||||||
|
|
||||||
$rolesBitmask = $this->db->selectValue(
|
$rolesBitmask = $this->db->selectValue(
|
||||||
'SELECT roles_mask FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
|
'SELECT roles_mask FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
|
||||||
@@ -282,6 +285,8 @@ final class Administration extends UserManager {
|
|||||||
throw new UnknownIdException();
|
throw new UnknownIdException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$role = (int) $role;
|
||||||
|
|
||||||
return ($rolesBitmask & $role) === $role;
|
return ($rolesBitmask & $role) === $role;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1563,9 +1563,13 @@ final class Auth extends UserManager {
|
|||||||
* @see Role
|
* @see Role
|
||||||
*/
|
*/
|
||||||
public function hasRole($role) {
|
public function hasRole($role) {
|
||||||
$role = (int) $role;
|
if (empty($role) || !\is_numeric($role)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (isset($_SESSION) && isset($_SESSION[self::SESSION_FIELD_ROLES])) {
|
if (isset($_SESSION) && isset($_SESSION[self::SESSION_FIELD_ROLES])) {
|
||||||
|
$role = (int) $role;
|
||||||
|
|
||||||
return (((int) $_SESSION[self::SESSION_FIELD_ROLES]) & $role) === $role;
|
return (((int) $_SESSION[self::SESSION_FIELD_ROLES]) & $role) === $role;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|||||||
Reference in New Issue
Block a user