mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 05:50:42 +02:00
Code Issues Releases Wiki Activity

[ticket/16706] Fix undefined array keys on user IP ban

Browse Source 
PHPBB3-16706
This commit is contained in:
3D-I
2021-02-16 01:41:20 +01:00
parent 0daf4b6b1c
commit c499025623
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
phpBB/phpbb/auth/provider/oauth/token_storage.php
View File

@@ -181,10 +181,10 @@ class token_storage implements TokenStorageInterface
{
$this->cachedToken = null;
$sql = 'DELETE FROM ' . $this->oauth_token_table . '
$sql = 'DELETE FROM ' . $this->oauth_token_table . '
WHERE user_id = ' . (int) $this->user->data['user_id'];
if ((int) $this->user->data['user_id'] === ANONYMOUS)
if ((int) $this->user->data['user_id'] === ANONYMOUS && isset($this->user->data['session_id']))
{
$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}
@@ -504,7 +504,7 @@ class token_storage implements TokenStorageInterface
*/
protected function get_access_token_row($data)
{
$sql = 'SELECT oauth_token
$sql = 'SELECT oauth_token
FROM ' . $this->oauth_token_table . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
@@ -523,7 +523,7 @@ class token_storage implements TokenStorageInterface
*/
protected function get_state_row($data)
{
$sql = 'SELECT oauth_state
$sql = 'SELECT oauth_state
FROM ' . $this->oauth_state_table . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);

2
phpBB/phpbb/session.php
View File

@@ -1660,7 +1660,7 @@ class session
}
// Do not update the session page for ajax requests, so the view online still works as intended
$page_changed = $this->update_session_page && $this->data['session_page'] != $this->page['page'] && !$request->is_ajax();
$page_changed = $this->update_session_page && (!isset($this->data['session_page']) || $this->data['session_page'] != $this->page['page']) && !$request->is_ajax();
// Only update session DB a minute or so after last update or if page changes
if ($this->time_now - (isset($this->data['session_time']) ? $this->data['session_time'] : 0) > 60 || $page_changed)