From 477682e062a90f69d1460c23ed16b038b763ef8b Mon Sep 17 00:00:00 2001
From: Steven Nguyen <stnguyen90@users.noreply.github.com>
Date: Mon, 14 Jul 2025 16:05:58 -0700
Subject: [PATCH] fix: prevent injected $user from being shadowed

---
 app/controllers/api/account.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index f086036872..c0a97a4ad0 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -1461,9 +1461,9 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
         if (!empty($nameOAuth)) {
             $name = $nameOAuth;
         } elseif ($userParam !== null) {
-            $user = \json_decode($userParam, true);
-            if (isset($user['name']['firstName']) && isset($user['name']['lastName'])) {
-                $name = $user['name']['firstName'] . ' ' . $user['name']['lastName'];
+            $userDecoded = \json_decode($userParam, true);
+            if (isset($userDecoded['name']['firstName']) && isset($userDecoded['name']['lastName'])) {
+                $name = $userDecoded['name']['firstName'] . ' ' . $userDecoded['name']['lastName'];
             }
         }
         $email = $oauth2->getUserEmail($accessToken);