From d6d0e60136336025fa201151ed750d162e470735 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Thu, 17 May 2018 22:07:20 +0200
Subject: [PATCH] Regenerate session id after public share auth

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 apps/files_sharing/lib/Controller/ShareController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php
index a196f552f6..da0da6c27a 100644
--- a/apps/files_sharing/lib/Controller/ShareController.php
+++ b/apps/files_sharing/lib/Controller/ShareController.php
@@ -217,6 +217,7 @@ class ShareController extends Controller {
 	private function linkShareAuth(\OCP\Share\IShare $share, $password = null) {
 		if ($password !== null) {
 			if ($this->shareManager->checkPassword($share, $password)) {
+				$this->session->regenerateId();
 				$this->session->set('public_link_authenticated', (string)$share->getId());
 			} else {
 				$this->emitAccessShareHook($share, 403, 'Wrong password');