From: Tim Düsterhus Date: Thu, 12 May 2022 15:16:54 +0000 (+0200) Subject: Immediately destroy the session for banned users X-Git-Tag: 6.0.0_Alpha_1~1311^2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=c83452e315823214f3077fcf096d3d93e616f5eb;p=GitHub%2FWoltLab%2FWCF.git Immediately destroy the session for banned users The forced logout for banned users was introduced in ab84d9cab2f864c23f0b18dbeb67e7ea79b1fe9f and only destroyed the session during shutdown. At the point where this check runs the request effectively is fully booted up and in any case the NamedUserException would abort any further booting, thus it is safe to simply destroy the session immediately to keep all the necessary logic in a single location. --- diff --git a/wcfsetup/install/files/lib/system/WCF.class.php b/wcfsetup/install/files/lib/system/WCF.class.php index 1189866f3c..2f8d6fa748 100644 --- a/wcfsetup/install/files/lib/system/WCF.class.php +++ b/wcfsetup/install/files/lib/system/WCF.class.php @@ -155,12 +155,6 @@ class WCF */ protected static $zendOpcacheEnabled; - /** - * force logout during destructor call - * @var bool - */ - protected static $forceLogout = false; - /** * Calls all init functions of the WCF class. */ @@ -218,12 +212,7 @@ class WCF // update session if (\is_object(self::getSession())) { - if (self::$forceLogout) { - // do logout - self::getSession()->delete(); - } else { - self::getSession()->update(); - } + self::getSession()->update(); } // execute shutdown actions of storage handlers @@ -567,7 +556,7 @@ class WCF AJAXException::INSUFFICIENT_PERMISSIONS ); } else { - self::$forceLogout = true; + self::getSession()->delete(); throw new NamedUserException(self::getLanguage()->getDynamicVariable('wcf.user.error.isBanned')); }