Validate cookie properly and prevent auth bypass
BIG (!) thanks to Julien CAYSSOL
This commit is contained in:
parent
0de81f9dad
commit
8ec45870a3
|
@ -489,7 +489,7 @@ class OC{
|
||||||
}
|
}
|
||||||
// confirm credentials in cookie
|
// confirm credentials in cookie
|
||||||
if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
|
if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
|
||||||
OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
|
OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) {
|
||||||
OC_User::setUserId($_COOKIE['oc_username']);
|
OC_User::setUserId($_COOKIE['oc_username']);
|
||||||
OC_Util::redirectToDefaultPage();
|
OC_Util::redirectToDefaultPage();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue