flashii/misuzu
1
1
Fork 0
Code Issues 1 Pull requests Releases 140 Activity

Fixed issue caused by used of dangling variable on sessions page.

Browse source
This commit is contained in:
flash 2023-08-03 01:43:43 +00:00
parent 00d1d2922d
commit 9dd7156c79
2 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
public-legacy/settings/sessions.php
View file

@ -11,7 +11,7 @@ if(!$msz->isLoggedIn()) {
$errors = [];
$sessions = $msz->getSessions();
$currentUser = $msz->getActiveUser();
$activeSessionToken = $authToken->getSessionToken();
$activeSessionId = $msz->getAuthInfo()->getSessionId();
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
$sessionId = (string)filter_input(INPUT_POST, 'session');
@ -31,7 +31,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
break;
}
$activeSessionKilled = $sessionInfo->getToken() === $activeSessionToken;
$activeSessionKilled = $sessionInfo->getId() === $activeSessionId;
$sessions->deleteSessions(sessionInfos: $sessionInfo);
$msz->createAuditLog('PERSONAL_SESSION_DESTROY', [$sessionInfo->getId()]);
}
@ -50,7 +50,7 @@ $sessionInfos = $sessions->getSessions(userInfo: $currentUser, pagination: $pagi
foreach($sessionInfos as $sessionInfo)
$sessionList[] = [
'info' => $sessionInfo,
'active' => $sessionInfo->getToken() === $activeSessionToken,
'active' => $sessionInfo->getId() === $activeSessionId,
];
Template::render('settings.sessions', [

4
src/Auth/AuthInfo.php
View file

@ -56,6 +56,10 @@ class AuthInfo {
return $this->userInfo;
}
public function getSessionId(): ?string {
return $this->sessionInfo?->getId();
}
public function getSessionInfo(): ?SessionInfo {
return $this->sessionInfo;
}