diff options
| author |   Marc Alexander <admin@m-a-styles.de> | 2019-10-28 20:32:03 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-10-28 20:32:03 +0100 |
| commit | e95e387188b050c163edcce3141c957d259810c9 (patch) | |
| tree | 3baa4f05e50f34aeb73860edb7f60597b8163147 /phpBB/phpbb | |
| parent | Merge pull request #5682 from 3D-I/ticket/16151 (diff) | |
| parent | [ticket/16181] Fix typo in comment (diff) | |
| download | phpbb-e95e387188b050c163edcce3141c957d259810c9.tar.gz phpbb-e95e387188b050c163edcce3141c957d259810c9.tar.bz2 phpbb-e95e387188b050c163edcce3141c957d259810c9.zip | |
Merge pull request #5709 from mrgoldy/ticket/16181
[ticket/16181] Enforce string for OAuth provider id
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/oauth.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 0d94acfbca..e3f8394bba 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -216,10 +216,15 @@ class oauth extends \phpbb\auth\provider\base $this->service_providers[$service_name]->set_external_service_provider($service); $unique_id = $this->service_providers[$service_name]->perform_auth_login(); - // Check to see if this provider is already assosciated with an account + /** + * Check to see if this provider is already associated with an account. + * + * Enforcing a data type to make data contains strings and not integers, + * so values are quoted in the SQL WHERE statement. + */ $data = array( - 'provider' => $service_name_original, - 'oauth_provider_id' => $unique_id + 'provider' => (string) $service_name_original, + 'oauth_provider_id' => (string) $unique_id ); $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' |