MDL-23949 fixed use of invalid $USER before linked to session
authorPetr Skoda <skodak@moodle.org>
Thu, 26 Aug 2010 17:19:09 +0000 (17:19 +0000)
committerPetr Skoda <skodak@moodle.org>
Thu, 26 Aug 2010 17:19:09 +0000 (17:19 +0000)
lib/sessionlib.php

index c863583..998e90b 100644 (file)
@@ -758,13 +758,12 @@ function session_gc() {
  * @return string
  */
 function sesskey() {
-    global $USER;
-
-    if (empty($USER->sesskey)) {
-        $USER->sesskey = random_string(10);
+    // note: do not use $USER because it may not be initialised yet
+    if (empty($_SESSION['USER']->sesskey)) {
+        $_SESSION['USER']->sesskey = random_string(10);
     }
 
-    return $USER->sesskey;
+    return $_SESSION['USER']->sesskey;
 }