open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Validate cookie properly and prevent auth bypass

Browse Source 
BIG (!) thanks to Julien CAYSSOL
remotes/origin/stable45
Lukas Reschke 13 years ago
parent 0de81f9dad
commit 8ec45870a3
1 changed files with 1 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      lib/base.php

2
lib/base.php
Unescape View File

@ -489,7 +489,7 @@ class OC{
}
// confirm credentials in cookie
if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) {
OC_User::setUserId($_COOKIE['oc_username']);
OC_Util::redirectToDefaultPage();
}

Write Preview
Loading…
Cancel
Save