mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Avoid to leak a user ID that is not a string to reach a user backend 

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
Morris Jobke 2018-03-21 09:41:35 +01:00 committed by Roeland Jago Douma
parent 3955cf1412
commit fd3c97b93b
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/Controller/LoginController.php
View File

@ -142,6 +142,10 @@ class LoginController extends Controller {
* @return TemplateResponse|RedirectResponse
*/
public function showLoginForm($user, $redirect_url) {
if (!is_string($user)) {
throw new \InvalidArgumentException('User needs to be string');
}
if ($this->userSession->isLoggedIn()) {
return new RedirectResponse(OC_Util::getDefaultPageUrl());
}