Commit 0c599b1e by Qiang Xue

Fixes #5480: Added defensive code to `yii\web\User::getIdentity()` to avoid…

Fixes #5480: Added defensive code to `yii\web\User::getIdentity()` to avoid potential infinite recursion
parent 074425dc
...@@ -53,6 +53,7 @@ Yii Framework 2 Change Log ...@@ -53,6 +53,7 @@ Yii Framework 2 Change Log
- Enh #4739: Better display of exceptions when the response format is set as "raw" format (qiangxue) - Enh #4739: Better display of exceptions when the response format is set as "raw" format (qiangxue)
- Enh #5223: Query builder now supports selecting sub-queries as columns (qiangxue) - Enh #5223: Query builder now supports selecting sub-queries as columns (qiangxue)
- Enh #5367: Added `yii\grid\DataColumn::encodeLabel` (SDKiller) - Enh #5367: Added `yii\grid\DataColumn::encodeLabel` (SDKiller)
- Enh #5480: Added defensive code to `yii\web\User::getIdentity()` to avoid potential infinite recursion (qiangxue)
- Enh #5587: `json_encode` is now used with `JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE` where it makes sense, also - Enh #5587: `json_encode` is now used with `JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE` where it makes sense, also
it is now default for `Json::encode()` (samdark) it is now default for `Json::encode()` (samdark)
- Enh #5600: Allow configuring debug panels in `yii\debug\Module::panels` as panel class name strings (qiangxue) - Enh #5600: Allow configuring debug panels in `yii\debug\Module::panels` as panel class name strings (qiangxue)
......
...@@ -172,6 +172,7 @@ class User extends Component ...@@ -172,6 +172,7 @@ class User extends Component
{ {
if ($this->_identity === false) { if ($this->_identity === false) {
if ($this->enableSession && $autoRenew) { if ($this->enableSession && $autoRenew) {
$this->_identity = null;
$this->renewAuthStatus(); $this->renewAuthStatus();
} else { } else {
return null; return null;
...@@ -615,7 +616,7 @@ class User extends Component ...@@ -615,7 +616,7 @@ class User extends Component
$this->setIdentity($identity); $this->setIdentity($identity);
if (($this->authTimeout !== null || $this->absoluteAuthTimeout !== null) && $identity !== null) { if ($identity !== null && ($this->authTimeout !== null || $this->absoluteAuthTimeout !== null)) {
$expire = $this->authTimeout !== null ? $session->get($this->authTimeoutParam) : null; $expire = $this->authTimeout !== null ? $session->get($this->authTimeoutParam) : null;
$expireAbsolute = $this->absoluteAuthTimeout !== null ? $session->get($this->absoluteAuthTimeoutParam) : null; $expireAbsolute = $this->absoluteAuthTimeout !== null ? $session->get($this->absoluteAuthTimeoutParam) : null;
if ($expire !== null && $expire < time() || $expireAbsolute !== null && $expireAbsolute < time()) { if ($expire !== null && $expire < time() || $expireAbsolute !== null && $expireAbsolute < time()) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment