From ea0e42c2c38680446ae8cbe9651234054e358172 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 14 Oct 2020 10:39:35 +0200
Subject: [PATCH] Drop sessions if the session variables became corrupted

---
 .../files/lib/system/session/SessionHandler.class.php     | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
index a66f937baf..49369e40eb 100644
--- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
+++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
@@ -391,9 +391,15 @@ final class SessionHandler extends SingletonFactory {
 			return false;
 		}
 		
+		$variables = @unserialize($row['sessionVariables']);
+		// Check whether the session variables became corrupted.
+		if (!is_array($variables)) {
+			return false;
+		}
+		
 		$this->sessionID = $sessionID;
 		$this->user = new User($row['userID']);
-		$this->variables = unserialize($row['sessionVariables']);
+		$this->variables = $variables;
 		
 		$sql = "UPDATE	wcf".WCF_N."_".($this->isACP ? 'acp' : 'user')."_session
 			SET	ipAddress = ?,
-- 
2.20.1