From c83452e315823214f3077fcf096d3d93e616f5eb Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Thu, 12 May 2022 17:16:54 +0200 Subject: [PATCH] Immediately destroy the session for banned users The forced logout for banned users was introduced in ab84d9cab2f864c23f0b18dbeb67e7ea79b1fe9f and only destroyed the session during shutdown. At the point where this check runs the request effectively is fully booted up and in any case the NamedUserException would abort any further booting, thus it is safe to simply destroy the session immediately to keep all the necessary logic in a single location. --- wcfsetup/install/files/lib/system/WCF.class.php | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/wcfsetup/install/files/lib/system/WCF.class.php b/wcfsetup/install/files/lib/system/WCF.class.php index 1189866f3c..2f8d6fa748 100644 --- a/wcfsetup/install/files/lib/system/WCF.class.php +++ b/wcfsetup/install/files/lib/system/WCF.class.php @@ -155,12 +155,6 @@ class WCF */ protected static $zendOpcacheEnabled; - /** - * force logout during destructor call - * @var bool - */ - protected static $forceLogout = false; - /** * Calls all init functions of the WCF class. */ @@ -218,12 +212,7 @@ class WCF // update session if (\is_object(self::getSession())) { - if (self::$forceLogout) { - // do logout - self::getSession()->delete(); - } else { - self::getSession()->update(); - } + self::getSession()->update(); } // execute shutdown actions of storage handlers @@ -567,7 +556,7 @@ class WCF AJAXException::INSUFFICIENT_PERMISSIONS ); } else { - self::$forceLogout = true; + self::getSession()->delete(); throw new NamedUserException(self::getLanguage()->getDynamicVariable('wcf.user.error.isBanned')); } -- 2.20.1