[Pkg-owncloud-commits] [owncloud] 03/23: login() must be called after getServerPublicHostKey().

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit 0b8de8087bccc6d7f5346b80cb0e0efc57a87122
Author: Andreas Fischer <bantu at owncloud.com>
Date:   Sat Jul 12 20:41:35 2014 +0200

    login() must be called after getServerPublicHostKey().
---
 apps/files_external/lib/sftp.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/files_external/lib/sftp.php b/apps/files_external/lib/sftp.php
index fc74d5b..0cec250 100644
--- a/apps/files_external/lib/sftp.php
+++ b/apps/files_external/lib/sftp.php
@@ -54,12 +54,8 @@ class SFTP extends \OC\Files\Storage\Common {
 		$hostKeys = $this->readHostKeys();
 		$this->client = new \Net_SFTP($this->host);
 
-		if (!$this->client->login($this->user, $this->password)) {
-			throw new \Exception('Login failed');
-		}
-
+		// The SSH Host Key MUST be verified before login().
 		$currentHostKey = $this->client->getServerPublicHostKey();
-
 		if (array_key_exists($this->host, $hostKeys)) {
 			if ($hostKeys[$this->host] != $currentHostKey) {
 				throw new \Exception('Host public key does not match known key');
@@ -68,6 +64,10 @@ class SFTP extends \OC\Files\Storage\Common {
 			$hostKeys[$this->host] = $currentHostKey;
 			$this->writeHostKeys($hostKeys);
 		}
+
+		if (!$this->client->login($this->user, $this->password)) {
+			throw new \Exception('Login failed');
+		}
 	}
 
 	public function test() {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git