From 1a1745c9fa20883e65948040a92866998d78e1ec Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 25 Sep 2019 06:46:28 +0000 Subject: [PATCH] Security improvements --- boot.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/boot.php b/boot.php index 4c9a1a5e8..224eba1f4 100644 --- a/boot.php +++ b/boot.php @@ -413,7 +413,7 @@ function public_contact() * * @return int|bool visitor_id or false */ -function remote_user($uid = 0) +function remote_user($uid = null) { // You cannot be both local and remote. // Unncommented by rabuzarus because remote authentication to local @@ -426,15 +426,15 @@ function remote_user($uid = 0) return false; } - if (!empty($uid) && !empty($_SESSION['remote'])) { + if (!is_null($uid) && !empty($_SESSION['remote'])) { + /// @todo replace it with this: + // if (!empty($_SESSION['remote'][$uid])) ... foreach ($_SESSION['remote'] as $visitor) { if ($visitor['uid'] == $uid) { return $visitor['cid']; } } - } - - if (!empty($_SESSION['visitor_id'])) { + } elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) { return intval($_SESSION['visitor_id']); }