MAGETWO-50608: [Github][Security] Able to brute force API token access

Alexander Paliarush · Oleksii Korshenko · commit e2c9fc4b3ead · 2016-03-22T12:06:36.000-05:00
diff --git a/app/code/Magento/Integration/Model/ResourceModel/Oauth/Token/RequestLog.php b/app/code/Magento/Integration/Model/ResourceModel/Oauth/Token/RequestLog.php
@@ -106,8 +106,6 @@ public function clearExpiredFailures()
     {
         $date = (new \DateTime())->setTimestamp($this->dateTime->gmtTimestamp());
         $dateTime = $date->format(\Magento\Framework\Stdlib\DateTime::DATETIME_PHP_FORMAT);
-        $select = $this->getConnection()->select();
-        $select->from($this->getMainTable())->where('lock_expires_at <= ?', $dateTime);
-        $this->getConnection()->delete($select);
+        $this->getConnection()->delete($this->getMainTable(), ['lock_expires_at <= ?' => $dateTime]);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -106,8 +106,6 @@ public function clearExpiredFailures()`
`106`	`106`	`{`
`107`	`107`	`$date = (new \DateTime())->setTimestamp($this->dateTime->gmtTimestamp());`
`108`	`108`	`$dateTime = $date->format(\Magento\Framework\Stdlib\DateTime::DATETIME_PHP_FORMAT);`
`109`		`- $select = $this->getConnection()->select();`
`110`		`- $select->from($this->getMainTable())->where('lock_expires_at <= ?', $dateTime);`
`111`		`- $this->getConnection()->delete($select);`
	`109`	`+ $this->getConnection()->delete($this->getMainTable(), ['lock_expires_at <= ?' => $dateTime]);`
`112`	`110`	`}`
`113`	`111`	`}`