Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #578212 by marcvangend, scor: fixed SA-CORE-2010-001, blocked user session regeneration.

merge-requests/26/head
Dries Buytaert 2010-03-09 03:52:02 +00:00
parent 154d593e5d
commit d2f6d6a0c3
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
includes/session.inc
View File

@ -100,8 +100,9 @@ function _drupal_session_read($sid) {
$user = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = :sid", array(':sid' => $sid))->fetchObject();
}
// We found the client's session record and they are an authenticated user.
if ($user && $user->uid > 0) {
// We found the client's session record and they are an authenticated,
// active user.
if ($user && $user->uid > 0 && $user->status == 1) {
// This is done to unserialize the data member of $user.
$user = drupal_unpack($user);
@ -110,8 +111,8 @@ function _drupal_session_read($sid) {
$user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
$user->roles += db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = :uid", array(':uid' => $user->uid))->fetchAllKeyed(0, 1);
}
// We didn't find the client's record (session has expired), or they
// are an anonymous user.
// We didn't find the client's record (session has expired), or they are
// blocked, or they are an anonymous user.
else {
$session = isset($user->session) ? $user->session : '';
$user = drupal_anonymous_user($session);