[Pkg-owncloud-commits] [owncloud] 12/73: Validate cookie to prevent auth bypasses.
David Prévot
taffit at alioth.debian.org
Fri Nov 8 23:08:58 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag v4.0.10
in repository owncloud.
commit baab13ae134ff109c043371a7813df9b9bd4967b
Author: Lukas Reschke <lukas at statuscode.ch>
Date: Fri Aug 10 15:23:04 2012 +0200
Validate cookie to prevent auth bypasses.
---
index.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/index.php b/index.php
index 3c38ff7..89eaec7 100644
--- a/index.php
+++ b/index.php
@@ -77,7 +77,7 @@ elseif(OC_User::isLoggedIn()) {
}
// confirm credentials in cookie
if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
- OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
+ OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) {
OC_User::setUserId($_COOKIE['oc_username']);
OC_Util::redirectToDefaultPage();
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list