Expired session during google auth led to a SystemException
authorMarcel Werk <burntime@woltlab.com>
Mon, 14 Sep 2020 11:51:37 +0000 (13:51 +0200)
committerMarcel Werk <burntime@woltlab.com>
Mon, 14 Sep 2020 11:51:37 +0000 (13:51 +0200)
wcfsetup/install/files/lib/action/GoogleAuthAction.class.php

index d3f349afa86bed3ff8f334ef3e1206df44057f49..841c5b2f7d392de679a566a6330076237af342c5 100644 (file)
@@ -67,7 +67,7 @@ class GoogleAuthAction extends AbstractAction {
                        }
                        
                        // validate state, validation of state is executed after fetching the access_token to invalidate 'code'
-                       if (!isset($_GET['state']) || !\hash_equals(WCF::getSession()->getVar('__googleInit'), $_GET['state'])) throw new IllegalLinkException();
+                       if (!isset($_GET['state']) || !WCF::getSession()->getVar('__googleInit') || !\hash_equals(WCF::getSession()->getVar('__googleInit'), $_GET['state'])) throw new IllegalLinkException();
                        WCF::getSession()->unregister('__googleInit');
                        
                        $data = JSON::decode($content);