[ticket/security/276] Centralise call for token expiration

SECURITY-276
2025-08-09 10:16:36 +02:00 · 2024-05-09 11:51:59 +02:00
parent 7c661746cf
commit 1c1c981b17
8 changed files with 20 additions and 10 deletions
--- a/phpBB/includes/acp/acp_inactive.php
+++ b/phpBB/includes/acp/acp_inactive.php
@@ -242,7 +242,7 @@ class acp_inactive
 						$sql = 'UPDATE ' . USERS_TABLE . '
 							SET user_reminded = user_reminded + 1,
 								user_reminded_time = ' . time() . ',
-								user_actkey_expiration = ' . (int) strtotime('+1 day') . '
+								user_actkey_expiration = ' . (int) $user::get_token_expiration() . '
 							WHERE ' . $db->sql_in_set('user_id', $user_ids);
 						$db->sql_query($sql);

--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -388,12 +388,12 @@ class acp_users
 								// Always update actkey even if same and also update actkey expiration to 24 hours from now
 								$sql_ary = [
 									'user_actkey'				=> $user_actkey,
-									'user_actkey_expiration'	=> strtotime('+1 day'),
+									'user_actkey_expiration'	=> $user::get_token_expiration(),
 								];

 								$sql = 'UPDATE ' . USERS_TABLE . '
 									SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
-									WHERE user_id = ' . $user_id;
+									WHERE user_id = ' . (int) $user_id;
 								$db->sql_query($sql);

 								// Start sending email
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -198,7 +198,7 @@ class ucp_profile
 								$notifications_manager->add_notifications('notification.type.admin_activate_user', array(
 									'user_id'					=> $user->data['user_id'],
 									'user_actkey'				=> $user_actkey,
-									'user_actkey_expiration'	=> strtotime('+1 day'), // 24 hours until activation can be resent
+									'user_actkey_expiration'	=> $user::get_token_expiration(),
 									'user_regdate'				=> time(), // Notification time
 								));
 							}
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -389,7 +389,7 @@ class ucp_register
 					'user_lang'					=> $data['lang'],
 					'user_type'					=> $user_type,
 					'user_actkey'				=> $user_actkey,
-					'user_actkey_expiration'	=> strtotime('+1 day'), // 24 hours until activation can be resent
+					'user_actkey_expiration'	=> $user::get_token_expiration(),
 					'user_ip'					=> $user->ip,
 					'user_regdate'				=> time(),
 					'user_inactive_reason'		=> $user_inactive_reason,
--- a/phpBB/includes/ucp/ucp_resend.php
+++ b/phpBB/includes/ucp/ucp_resend.php
@@ -179,7 +179,7 @@ class ucp_resend
 		global $db, $user;

 		$sql_ary = [
-			'user_actkey_expiration'	=> strtotime('+1 day'),
+			'user_actkey_expiration'	=> $user::get_token_expiration(),
 		];

 		$sql = 'UPDATE ' . USERS_TABLE . '