mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-20 03:36:20 +02:00
fix deletion of app password - see #800
This commit is contained in:
parent
45557a6ed4
commit
64c34b2c0a
@ -126,9 +126,9 @@ function revokeAppPassword(string $username, int $fAppId, array $PALANG)
|
|||||||
{
|
{
|
||||||
// $username should be from $_SESSION and not modifiable by the end user
|
// $username should be from $_SESSION and not modifiable by the end user
|
||||||
// we don't want someone to be able to delete someone else's app password by guessing an id...
|
// we don't want someone to be able to delete someone else's app password by guessing an id...
|
||||||
$rows = db_query('SELECT id FROM mailbox_app_password WHERE id = :id AND username = :username', ['username' => $username, 'id' => $fAppId]);
|
$row = db_query_one('SELECT id FROM mailbox_app_password WHERE id = :id AND username = :username', ['username' => $username, 'id' => $fAppId]);
|
||||||
if (!empty($rows)) {
|
if (is_array($row) && isset($row['id'])) {
|
||||||
$result = db_delete('mailbox_app_password', 'id', $rows[0]['id']);
|
$result = db_delete('mailbox_app_password', 'id', $row['id']);
|
||||||
if ($result == 1) {
|
if ($result == 1) {
|
||||||
flash_info($PALANG['pTotp_exceptions_revoked']);
|
flash_info($PALANG['pTotp_exceptions_revoked']);
|
||||||
return;
|
return;
|
||||||
|
Loading…
Reference in New Issue
Block a user