From: Philipp Holzer <admin+github@philipp.info>
Date: Wed, 29 May 2019 17:55:18 +0000 (+0200)
Subject: Checking all values for $_SESSION
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=e853e256c73b9bf2a65a35a84132b8c0bf3dfec3;p=friendica.git

Checking all values for $_SESSION
See https://github.com/friendica/friendica/issues/6918#issuecomment-491492826
---

diff --git a/mod/redir.php b/mod/redir.php
index 4dbae5498b..931e07c770 100644
--- a/mod/redir.php
+++ b/mod/redir.php
@@ -7,8 +7,8 @@ use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Profile;
-use Friendica\Util\Strings;
 use Friendica\Util\Network;
+use Friendica\Util\Strings;
 
 function redir_init(App $a) {
 
@@ -70,7 +70,10 @@ function redir_init(App $a) {
 				&& is_array($_SESSION['remote']))
 			{
 				foreach ($_SESSION['remote'] as $v) {
-					if ($v['uid'] == $_SESSION['visitor_visiting'] && $v['cid'] == $_SESSION['visitor_id']) {
+					if (!empty($v['uid']) && !empty($_SESSION['visitor_visiting']) &&
+					    !empty($v['cid']) && !empty($_SESSION['visitor_id']) &&
+					    $v['uid'] == $_SESSION['visitor_visiting'] &&
+					    $v['cid'] == $_SESSION['visitor_id']) {
 						// Remote user is already authenticated.
 						$target_url = defaults($url, $contact_url);
 						Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);