From 740ece8da10177354ab904f9aeb6ea914741c025 Mon Sep 17 00:00:00 2001 From: Marcel Werk Date: Mon, 14 Sep 2020 13:51:37 +0200 Subject: [PATCH] Expired session during google auth led to a SystemException --- wcfsetup/install/files/lib/action/GoogleAuthAction.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php b/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php index d3f349afa8..841c5b2f7d 100644 --- a/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php +++ b/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php @@ -67,7 +67,7 @@ class GoogleAuthAction extends AbstractAction { } // validate state, validation of state is executed after fetching the access_token to invalidate 'code' - if (!isset($_GET['state']) || !\hash_equals(WCF::getSession()->getVar('__googleInit'), $_GET['state'])) throw new IllegalLinkException(); + if (!isset($_GET['state']) || !WCF::getSession()->getVar('__googleInit') || !\hash_equals(WCF::getSession()->getVar('__googleInit'), $_GET['state'])) throw new IllegalLinkException(); WCF::getSession()->unregister('__googleInit'); $data = JSON::decode($content); -- 2.20.1