projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b629cdb)
Expired session during 3rd party auth led to a SystemException
authorMarcel Werk <burntime@woltlab.com>
Mon, 14 Sep 2020 12:31:34 +0000 (14:31 +0200)
committerTim Düsterhus <duesterhus@woltlab.com>
Fri, 30 Oct 2020 11:46:37 +0000 (12:46 +0100)
(cherry picked from commit da8b0e89fa9da82fc7965955e7c0639a65d6ac00)

wcfsetup/install/files/lib/action/FacebookAuthAction.class.php patch | blob | blame | history
wcfsetup/install/files/lib/action/GithubAuthAction.class.php patch | blob | blame | history

diff --git a/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php b/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php
index ab50f7e87ff566cc044394057ce5259ef4644dcd..d4ea40b35869aad255a54835dd5fa578b7e64ec3 100644 (file)
--- a/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php
@@ -68,7 +68,7 @@ class FacebookAuthAction extends AbstractAction {
                        }
                        
                        // validate state, validation of state is executed after fetching the access_token to invalidate 'code'
-                       if (!isset($_GET['state']) || !\hash_equals(WCF::getSession()->getVar('__facebookInit'), $_GET['state'])) throw new IllegalLinkException();
+                       if (!isset($_GET['state']) || !WCF::getSession()->getVar('__facebookInit') || !\hash_equals(WCF::getSession()->getVar('__facebookInit'), $_GET['state'])) throw new IllegalLinkException();
                        WCF::getSession()->unregister('__facebookInit');
                        
                        try {
diff --git a/wcfsetup/install/files/lib/action/GithubAuthAction.class.php b/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
index db95872029a6e67c720ed4e524a6812dacc56310..559db9f5f6baf45b5a299175502979e2309b129a 100644 (file)
--- a/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
@@ -64,7 +64,7 @@ class GithubAuthAction extends AbstractAction {
                        }
                        
                        // validate state, validation of state is executed after fetching the access_token to invalidate 'code'
-                       if (!isset($_GET['state']) || !\hash_equals(WCF::getSession()->getVar('__githubInit'), $_GET['state'])) throw new IllegalLinkException();
+                       if (!isset($_GET['state']) || !WCF::getSession()->getVar('__githubInit') || !\hash_equals(WCF::getSession()->getVar('__githubInit'), $_GET['state'])) throw new IllegalLinkException();
                        WCF::getSession()->unregister('__githubInit');
                        
                        parse_str($content, $data);
WoltLab Suite Core (previously WoltLab Community Framework)