Avoid to leak a user ID that is not a string to reach a user backend
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
parent
3955cf1412
commit
fd3c97b93b
|
@ -142,6 +142,10 @@ class LoginController extends Controller {
|
|||
* @return TemplateResponse|RedirectResponse
|
||||
*/
|
||||
public function showLoginForm($user, $redirect_url) {
|
||||
if (!is_string($user)) {
|
||||
throw new \InvalidArgumentException('User needs to be string');
|
||||
}
|
||||
|
||||
if ($this->userSession->isLoggedIn()) {
|
||||
return new RedirectResponse(OC_Util::getDefaultPageUrl());
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue