mirror of
https://github.com/delight-im/PHP-Auth.git
synced 2025-10-22 19:36:32 +02:00
Fail safely in role checks when invalid input has been supplied
This commit is contained in:
Marco
@@ -1563,9 +1563,13 @@ final class Auth extends UserManager {
|
||||
* @see Role
|
||||
*/
|
||||
public function hasRole($role) {
|
||||
$role = (int) $role;
|
||||
if (empty($role) || !\is_numeric($role)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_SESSION) && isset($_SESSION[self::SESSION_FIELD_ROLES])) {
|
||||
$role = (int) $role;
|
||||
|
||||
return (((int) $_SESSION[self::SESSION_FIELD_ROLES]) & $role) === $role;
|
||||
}
|
||||
else {
|
||||
|
||||
Reference in New Issue
Block a user