Avoid to leak a user ID that is not a string to reach a user backend
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
parent
3955cf1412
commit
fd3c97b93b
|
@ -142,6 +142,10 @@ class LoginController extends Controller {
|
||||||
* @return TemplateResponse|RedirectResponse
|
* @return TemplateResponse|RedirectResponse
|
||||||
*/
|
*/
|
||||||
public function showLoginForm($user, $redirect_url) {
|
public function showLoginForm($user, $redirect_url) {
|
||||||
|
if (!is_string($user)) {
|
||||||
|
throw new \InvalidArgumentException('User needs to be string');
|
||||||
|
}
|
||||||
|
|
||||||
if ($this->userSession->isLoggedIn()) {
|
if ($this->userSession->isLoggedIn()) {
|
||||||
return new RedirectResponse(OC_Util::getDefaultPageUrl());
|
return new RedirectResponse(OC_Util::getDefaultPageUrl());
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue