From: joshuaruesweg Date: Mon, 26 Oct 2020 10:05:35 +0000 (+0100) Subject: Delete sessions after password change X-Git-Tag: 5.4.0_Alpha_1~656^2~16 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=21dd1c3dafe4cfdc31748da4aae3027d63316d70;p=GitHub%2FWoltLab%2FWCF.git Delete sessions after password change Closes #3635 Closes #3641 --- diff --git a/wcfsetup/install/files/lib/data/user/UserAction.class.php b/wcfsetup/install/files/lib/data/user/UserAction.class.php index e2de2fe17e..772e2b3e9a 100644 --- a/wcfsetup/install/files/lib/data/user/UserAction.class.php +++ b/wcfsetup/install/files/lib/data/user/UserAction.class.php @@ -20,6 +20,7 @@ use wcf\system\exception\PermissionDeniedException; use wcf\system\exception\UserInputException; use wcf\system\language\LanguageFactory; use wcf\system\request\RequestHandler; +use wcf\system\session\SessionHandler; use wcf\system\user\group\assignment\UserGroupAssignmentHandler; use wcf\system\WCF; use wcf\util\UserRegistrationUtil; @@ -325,6 +326,13 @@ class UserAction extends AbstractDatabaseObjectAction implements IClipboardActio } } } + + if (array_key_exists('password', $this->parameters['data'])) { + foreach ($this->getObjects() as $object) { + SessionHandler::getInstance()->deleteUserSessionsExcept($object->getDecoratedObject(), SessionHandler::getInstance()->sessionID); + SessionHandler::getInstance()->deleteAcpSessionsExcept($object->getDecoratedObject(), SessionHandler::getInstance()->sessionID); + } + } } else { if (empty($this->objects)) {