From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Fri, 13 May 2022 09:14:19 +0000 (+0200)
Subject: Use a `?` placeholder for the `USER_SESSION_LIMIT` in SessionHandler
X-Git-Tag: 6.0.0_Alpha_1~1308
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2ed2f44a522736146cae7293368b7464a0670c2e;p=GitHub%2FWoltLab%2FWCF.git

Use a `?` placeholder for the `USER_SESSION_LIMIT` in SessionHandler

MySQL supports placeholders within the `LIMIT`, make use of this to avoid the
string concatenation that breaks syntax highlighting of the SQL query within
the IDE.
---

diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
index 248d63be04..4a5e23f38c 100644
--- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
+++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
@@ -1072,7 +1072,7 @@ final class SessionHandler extends SingletonFactory
                         FROM        wcf1_user_session
                         WHERE       userID = ?
                         ORDER BY    lastActivityTime DESC
-                        LIMIT       " . self::USER_SESSION_LIMIT . "
+                        LIMIT       ?
                     ) newest_sessions
                     ON      newest_sessions.sessionID = all_sessions.sessionID
                     WHERE   all_sessions.userID = ?
@@ -1080,6 +1080,7 @@ final class SessionHandler extends SingletonFactory
             $statement = WCF::getDB()->prepare($sql);
             $statement->execute([
                 $user->userID,
+                self::USER_SESSION_LIMIT,
                 $user->userID,
             ]);
             foreach ($statement->fetchAll(\PDO::FETCH_COLUMN) as $sessionID) {