Security Update: session fixation
OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid ));
if($uid) {
- session_regenerate_id(true);
self::setUserId($uid);
self::setDisplayName($uid);
+ self::getUserSession()->setLoginName($uid);
+
OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>'' ));
return true;
}
if($user !== false) {
if (!is_null($user)) {
if ($user->isEnabled()) {
+ session_regenerate_id(true);
$this->setUser($user);
- $this->setLoginname($uid);
+ $this->setLoginName($uid);
$this->manager->emit('\OC\User', 'postLogin', array($user, $password));
return true;
} else {