From 80ca37092e276d949ca037beba1154a47e49f2b3 Mon Sep 17 00:00:00 2001 From: Sveneld Date: Wed, 13 Nov 2024 22:43:26 +0100 Subject: [PATCH] fix remember me --- src/App/Security/TokenProvider.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/App/Security/TokenProvider.php b/src/App/Security/TokenProvider.php index ba82014..181a80d 100644 --- a/src/App/Security/TokenProvider.php +++ b/src/App/Security/TokenProvider.php @@ -25,7 +25,7 @@ public function loadTokenBySeries(string $series) { if (!isset($this->tokens[$series])) { $result = $this->db->query( - "SELECT * FROM remember_me_tokens WHERE series='$series'" + "SELECT * FROM remember_me_tokens WHERE series='{$this->db->escape($series)}'" ); if (!$result || $result->rowCount() == 0) { throw new TokenNotFoundException('No token found.'); @@ -68,7 +68,7 @@ public function updateToken(string $series, string $tokenValue, \DateTime $lastU public function deleteTokenBySeries(string $series) { $this->db->query( - "DELETE FROM remember_me_tokens WHERE series='$series'" + "DELETE FROM remember_me_tokens WHERE series='{$this->db->escape($series)}'" ); unset($this->tokens[$series]); @@ -81,10 +81,10 @@ public function createNewToken(PersistentTokenInterface $token) { $this->db->query( "INSERT INTO remember_me_tokens (class, username, series, value, lastUsed) - VALUES ('{$token->getClass()}', - '{$token->getUserIdentifier()}', - '{$token->getSeries()}', - '{$token->getTokenValue()}', + VALUES ('{$this->db->escape($token->getClass())}', + '{$this->db->escape($token->getUserIdentifier())}', + '{$this->db->escape($token->getSeries())}', + '{$this->db->escape($token->getTokenValue())}', '{$token->getLastUsed()->format('Y-m-d H:i:s')}')" );