Skip to content

Commit e2c9fc4

Browse files
Alexander PaliarushOleksii Korshenko
authored andcommitted
MAGETWO-50608: [Github][Security] Able to brute force API token access
1 parent cb3f213 commit e2c9fc4

File tree

1 file changed

+1
-3
lines changed
  • app/code/Magento/Integration/Model/ResourceModel/Oauth/Token

1 file changed

+1
-3
lines changed

app/code/Magento/Integration/Model/ResourceModel/Oauth/Token/RequestLog.php

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -106,8 +106,6 @@ public function clearExpiredFailures()
106106
{
107107
$date = (new \DateTime())->setTimestamp($this->dateTime->gmtTimestamp());
108108
$dateTime = $date->format(\Magento\Framework\Stdlib\DateTime::DATETIME_PHP_FORMAT);
109-
$select = $this->getConnection()->select();
110-
$select->from($this->getMainTable())->where('lock_expires_at <= ?', $dateTime);
111-
$this->getConnection()->delete($select);
109+
$this->getConnection()->delete($this->getMainTable(), ['lock_expires_at <= ?' => $dateTime]);
112110
}
113111
}

0 commit comments

Comments
 (0)