Commit 128c3e76 by Robert Lyon Committed by Cecilia Vela Gurovic

Bug 1734194: Infinite loop site crash if usr = 0 saved in usr_session

The USER object will have id = 0 when a user is logged out It should never end up in the usr_session table. This patch stops that from happening and also ignores usr = 0 insession table with setting up auth as well. behatnotneeded Change-Id: I0ba7afe0d21ae822daf8895af943f41048ba82b7 Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz> (cherry picked from commit e7191aad)
parent c1151cf3
......@@ -415,7 +415,7 @@ function auth_setup () {
// Need to doublecheck that the User's sessionid still has a match the usr_session table
// It can disappear if the current user has hacked the real user's account and the real user has
// reset the password clearing the session from usr_session.
$sessionexists = get_record('usr_session', 'usr', $USER->id, 'session', $USER->get('sessionid'));
$sessionexists = ($USER->id > 0) ? get_record('usr_session', 'usr', $USER->id, 'session', $USER->get('sessionid')) : false;
$parentuser = $USER->get('parentuser');
if (($sessionlogouttime && isset($_GET['logout']))
|| ($sessionexists === false && $USER->get('sessionid') != '' && empty($parentuser))
......
......@@ -1848,13 +1848,19 @@ class LiveUser extends User {
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$useragent = $_SERVER['HTTP_USER_AGENT'];
}
insert_record('usr_session', (object) array(
'usr' => $this->get('id'),
'session' => $sessionid,
'ctime' => db_format_timestamp(time()),
'mtime' => db_format_timestamp(time()),
'useragent' => $useragent,
));
if ($this->get('id') == 0) {
throw new UserException("Logged out user can not be stored in usr_session");
}
else {
insert_record('usr_session', (object) array(
'usr' => $this->get('id'),
'session' => $sessionid,
'ctime' => db_format_timestamp(time()),
'mtime' => db_format_timestamp(time()),
'useragent' => $useragent,
));
}
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment