From 9dd7156c79f35631b9e21592d3deef1bc6f89f2a Mon Sep 17 00:00:00 2001 From: flashwave Date: Thu, 3 Aug 2023 01:43:43 +0000 Subject: [PATCH] Fixed issue caused by used of dangling variable on sessions page. --- public-legacy/settings/sessions.php | 6 +++--- src/Auth/AuthInfo.php | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/public-legacy/settings/sessions.php b/public-legacy/settings/sessions.php index 9c74abe..dc19636 100644 --- a/public-legacy/settings/sessions.php +++ b/public-legacy/settings/sessions.php @@ -11,7 +11,7 @@ if(!$msz->isLoggedIn()) { $errors = []; $sessions = $msz->getSessions(); $currentUser = $msz->getActiveUser(); -$activeSessionToken = $authToken->getSessionToken(); +$activeSessionId = $msz->getAuthInfo()->getSessionId(); while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { $sessionId = (string)filter_input(INPUT_POST, 'session'); @@ -31,7 +31,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { break; } - $activeSessionKilled = $sessionInfo->getToken() === $activeSessionToken; + $activeSessionKilled = $sessionInfo->getId() === $activeSessionId; $sessions->deleteSessions(sessionInfos: $sessionInfo); $msz->createAuditLog('PERSONAL_SESSION_DESTROY', [$sessionInfo->getId()]); } @@ -50,7 +50,7 @@ $sessionInfos = $sessions->getSessions(userInfo: $currentUser, pagination: $pagi foreach($sessionInfos as $sessionInfo) $sessionList[] = [ 'info' => $sessionInfo, - 'active' => $sessionInfo->getToken() === $activeSessionToken, + 'active' => $sessionInfo->getId() === $activeSessionId, ]; Template::render('settings.sessions', [ diff --git a/src/Auth/AuthInfo.php b/src/Auth/AuthInfo.php index 6a550ef..b672f4f 100644 --- a/src/Auth/AuthInfo.php +++ b/src/Auth/AuthInfo.php @@ -56,6 +56,10 @@ class AuthInfo { return $this->userInfo; } + public function getSessionId(): ?string { + return $this->sessionInfo?->getId(); + } + public function getSessionInfo(): ?SessionInfo { return $this->sessionInfo; }