From e853e256c73b9bf2a65a35a84132b8c0bf3dfec3 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Wed, 29 May 2019 19:55:18 +0200 Subject: [PATCH] Checking all values for $_SESSION See https://github.com/friendica/friendica/issues/6918#issuecomment-491492826 --- mod/redir.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/mod/redir.php b/mod/redir.php index 4dbae5498b..931e07c770 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -7,8 +7,8 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Profile; -use Friendica\Util\Strings; use Friendica\Util\Network; +use Friendica\Util\Strings; function redir_init(App $a) { @@ -70,7 +70,10 @@ function redir_init(App $a) { && is_array($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $_SESSION['visitor_visiting'] && $v['cid'] == $_SESSION['visitor_id']) { + if (!empty($v['uid']) && !empty($_SESSION['visitor_visiting']) && + !empty($v['cid']) && !empty($_SESSION['visitor_id']) && + $v['uid'] == $_SESSION['visitor_visiting'] && + $v['cid'] == $_SESSION['visitor_id']) { // Remote user is already authenticated. $target_url = defaults($url, $contact_url); Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG); -- 2.39.5