summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries Buytaert2010-03-09 03:52:02 (GMT)
committerDries Buytaert2010-03-09 03:52:02 (GMT)
commitd2f6d6a0c39b83ecd4e122f9f71a92a7ad197e89 (patch)
tree8faa1ef8850d46341047e6ea49a8312f942e2227
parent154d593e5dccbd80d3b37f72387bb723fbb868df (diff)
- Patch #578212 by marcvangend, scor: fixed SA-CORE-2010-001, blocked user session regeneration.
-rw-r--r--includes/session.inc9
1 files changed, 5 insertions, 4 deletions
diff --git a/includes/session.inc b/includes/session.inc
index 6f1d5a8..35812f7 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -100,8 +100,9 @@ function _drupal_session_read($sid) {
$user = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = :sid", array(':sid' => $sid))->fetchObject();
}
- // We found the client's session record and they are an authenticated user.
- if ($user && $user->uid > 0) {
+ // We found the client's session record and they are an authenticated,
+ // active user.
+ if ($user && $user->uid > 0 && $user->status == 1) {
// This is done to unserialize the data member of $user.
$user = drupal_unpack($user);
@@ -110,8 +111,8 @@ function _drupal_session_read($sid) {
$user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
$user->roles += db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = :uid", array(':uid' => $user->uid))->fetchAllKeyed(0, 1);
}
- // We didn't find the client's record (session has expired), or they
- // are an anonymous user.
+ // We didn't find the client's record (session has expired), or they are
+ // blocked, or they are an anonymous user.
else {
$session = isset($user->session) ? $user->session : '';
$user = drupal_anonymous_user($session);