Skip to content

Commit

Permalink
Merge pull request from GHSA-r4r6-j2j3-7pp5
Browse files Browse the repository at this point in the history
Co-authored-by: Leo Feyer <1192057+leofeyer@users.noreply.github.com>
  • Loading branch information
bytehead and leofeyer committed Apr 9, 2024
1 parent 6d42e66 commit 3032baa
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 0 deletions.
12 changes: 12 additions & 0 deletions core-bundle/src/Repository/RememberMeRepository.php
Original file line number Diff line number Diff line change
Expand Up @@ -119,4 +119,16 @@ public function persist(RememberMe ...$entities): void

$this->_em->flush();
}

public function deleteByUsername(string $username): void
{
$qb = $this->_em->createQueryBuilder();
$qb
->delete($this->_entityName, 'rm')
->where('rm.username = :username')
->setParameter('username', $username)
;

$qb->getQuery()->execute();
}
}
1 change: 1 addition & 0 deletions core-bundle/src/Resources/config/services.yml
Original file line number Diff line number Diff line change
Expand Up @@ -527,6 +527,7 @@ services:

contao.repository.remember_me:
class: Contao\CoreBundle\Repository\RememberMeRepository
public: true
arguments:
- '@doctrine'

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,8 @@ protected function compile()
$objMember->password = $objNewPassword->value;
$objMember->save();

System::getContainer()->get('contao.repository.remember_me')->deleteByUsername($objMember->username);

// Create a new version
if ($GLOBALS['TL_DCA'][$strTable]['config']['enableVersioning'] ?? null)
{
Expand Down
2 changes: 2 additions & 0 deletions core-bundle/src/Resources/contao/modules/ModulePassword.php
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,8 @@ protected function setNewPassword()
$objMember->password = $objWidget->value;
$objMember->save();

System::getContainer()->get('contao.repository.remember_me')->deleteByUsername($objMember->username);

$optInToken->confirm();

// Create a new version
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,11 @@ protected function compile()
// Set the new field in the member model
$blnModified = true;
$objMember->$field = $varValue;

if ($objWidget instanceof FormPassword)
{
System::getContainer()->get('contao.repository.remember_me')->deleteByUsername($objMember->username);
}
}
}
}
Expand Down

0 comments on commit 3032baa

Please sign in to comment.