From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 14 Oct 2020 08:39:35 +0000 (+0200)
Subject: Drop sessions if the session variables became corrupted
X-Git-Tag: 5.4.0_Alpha_1~724^2~10^2~23
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ea0e42c2c38680446ae8cbe9651234054e358172;p=GitHub%2FWoltLab%2FWCF.git

Drop sessions if the session variables became corrupted
---

diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
index a66f937baf..49369e40eb 100644
--- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
+++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
@@ -391,9 +391,15 @@ final class SessionHandler extends SingletonFactory {
 			return false;
 		}
 		
+		$variables = @unserialize($row['sessionVariables']);
+		// Check whether the session variables became corrupted.
+		if (!is_array($variables)) {
+			return false;
+		}
+		
 		$this->sessionID = $sessionID;
 		$this->user = new User($row['userID']);
-		$this->variables = unserialize($row['sessionVariables']);
+		$this->variables = $variables;
 		
 		$sql = "UPDATE	wcf".WCF_N."_".($this->isACP ? 'acp' : 'user')."_session
 			SET	ipAddress = ?,