diff options
author | Dries Buytaert <dries@buytaert.net> | 2010-03-09 03:52:02 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2010-03-09 03:52:02 +0000 |
commit | d2f6d6a0c39b83ecd4e122f9f71a92a7ad197e89 (patch) | |
tree | 8faa1ef8850d46341047e6ea49a8312f942e2227 /includes/session.inc | |
parent | 154d593e5dccbd80d3b37f72387bb723fbb868df (diff) | |
download | brdo-d2f6d6a0c39b83ecd4e122f9f71a92a7ad197e89.tar.gz brdo-d2f6d6a0c39b83ecd4e122f9f71a92a7ad197e89.tar.bz2 |
- Patch #578212 by marcvangend, scor: fixed SA-CORE-2010-001, blocked user session regeneration.
Diffstat (limited to 'includes/session.inc')
-rw-r--r-- | includes/session.inc | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/includes/session.inc b/includes/session.inc index 6f1d5a8f4..35812f7a8 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -100,8 +100,9 @@ function _drupal_session_read($sid) { $user = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = :sid", array(':sid' => $sid))->fetchObject(); } - // We found the client's session record and they are an authenticated user. - if ($user && $user->uid > 0) { + // We found the client's session record and they are an authenticated, + // active user. + if ($user && $user->uid > 0 && $user->status == 1) { // This is done to unserialize the data member of $user. $user = drupal_unpack($user); @@ -110,8 +111,8 @@ function _drupal_session_read($sid) { $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user'; $user->roles += db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = :uid", array(':uid' => $user->uid))->fetchAllKeyed(0, 1); } - // We didn't find the client's record (session has expired), or they - // are an anonymous user. + // We didn't find the client's record (session has expired), or they are + // blocked, or they are an anonymous user. else { $session = isset($user->session) ? $user->session : ''; $user = drupal_anonymous_user($session); |