diff options
author | Julius Härtl <jus@bitgrid.net> | 2020-09-07 08:55:21 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-07 08:55:21 +0300 |
commit | 953e679d63de634544e4de095e770a39ed8b42d8 (patch) | |
tree | 255b892b03d5bbdaa4b98f67239d4996e7855438 | |
parent | 1572f7b83b1a27b1bc2555ba4218112619daa9a9 (diff) | |
parent | eb82bb030d47f42b74eeb1f64eecf7bb156725d4 (diff) |
Merge pull request #1020 from nextcloud/backport/1014/stable19
[stable19] Harden check when using token from memcache
-rw-r--r-- | lib/Service/SessionService.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/Service/SessionService.php b/lib/Service/SessionService.php index d02d2ad0b..16d1fcabb 100644 --- a/lib/Service/SessionService.php +++ b/lib/Service/SessionService.php @@ -152,7 +152,14 @@ class SessionService { $data = $this->cache->get($token); if ($data !== null) { - return Session::fromRow(json_decode($data, true)); + $session = Session::fromRow(json_decode($data, true)); + if ($session->getId() !== $sessionId || $session->getDocumentId() !== $documentId) { + $this->cache->remove($token); + $this->session = false; + return false; + } + + return $session; } try { |