mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #9515 from nextcloud/bugfix/noid/reset_session_when_auth_against_protected_share 

Regenerate session id after public share auth
This commit is contained in:
Roeland Jago Douma 2018-05-22 09:21:39 +02:00 committed by GitHub
parent 0d90c5ebc4 d6d0e60136
commit d4464cc3ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/files_sharing/lib/Controller/ShareController.php
View File

@ -217,6 +217,7 @@ class ShareController extends Controller {
private function linkShareAuth(\OCP\Share\IShare $share, $password = null) {
if ($password !== null) {
if ($this->shareManager->checkPassword($share, $password)) {
$this->session->regenerateId();
$this->session->set('public_link_authenticated', (string)$share->getId());
} else {
$this->emitAccessShareHook($share, 403, 'Wrong password');