[Pkg-owncloud-commits] [owncloud] 38/70: login() must be called after getServerPublicHostKey().

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v6.0.5RC1
in repository owncloud.

commit 3e2e766f641e72719ce90e1e0beb7dc84e74da8c
Author: Andreas Fischer <bantu at owncloud.com>
Date:   Sat Jul 12 20:41:35 2014 +0200

    login() must be called after getServerPublicHostKey().
---
 apps/files_external/lib/sftp.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/files_external/lib/sftp.php b/apps/files_external/lib/sftp.php
index 95e0cef..7ea003e 100644
--- a/apps/files_external/lib/sftp.php
+++ b/apps/files_external/lib/sftp.php
@@ -43,12 +43,8 @@ class SFTP extends \OC\Files\Storage\Common {
 		$hostKeys = $this->readHostKeys();
 		$this->client = new \Net_SFTP($this->host);
 
-		if (!$this->client->login($this->user, $this->password)) {
-			throw new \Exception('Login failed');
-		}
-
+		// The SSH Host Key MUST be verified before login().
 		$currentHostKey = $this->client->getServerPublicHostKey();
-
 		if (array_key_exists($this->host, $hostKeys)) {
 			if ($hostKeys[$this->host] != $currentHostKey) {
 				throw new \Exception('Host public key does not match known key');
@@ -57,6 +53,10 @@ class SFTP extends \OC\Files\Storage\Common {
 			$hostKeys[$this->host] = $currentHostKey;
 			$this->writeHostKeys($hostKeys);
 		}
+
+		if (!$this->client->login($this->user, $this->password)) {
+			throw new \Exception('Login failed');
+		}
 	}
 
 	public function test() {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git