config API: Fix postgreSQL wrong cast errors DELETE-ing login cookie …

…data which collides with stored sysinfo_ticker data.
ophian · Mar 15, 2024 · 2cf9acc · 2cf9acc
1 parent 97ca0db
commit 2cf9acc
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php
@@ -643,10 +643,11 @@ function serendipity_issueAutologin($array) {
         $cast = 'cast(name AS UNSIGNED)';
     }
 
+    // Delete possible current cookie. Also delete any autologin keys that smell like 3-week-old, dead fish. Be explicit for postgreSQL casts to exclude sysinfo tickers!
     if (isset($serendipity['COOKIE']['author_information'])) {
         serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options
-                                WHERE okey = 'l_" . serendipity_db_escape_string($serendipity['COOKIE']['author_information']) . "'
-                                   OR (okey LIKE 'l_%' AND $cast < " . (time() - 1814400) . ")");
+                                WHERE okey = 'l_" . serendipity_db_escape_string($serendipity['COOKIE']['author_information']) . "' AND name != 'sysinfo_ticker'
+                                   OR (name != 'sysinfo_ticker' AND okey LIKE 'l_%' AND $cast < " . (time() - 1814400) . ")");
     }
 
     // Issue new autologin cookie