Validate cookie to prevent auth bypasses.

author Lukas Reschke <lukas@statuscode.ch>

Fri, 10 Aug 2012 13:23:04 +0000 (15:23 +0200)

committer Jörn Friedrich Dreyer <jfd@butonic.de>

Fri, 24 Aug 2012 12:58:48 +0000 (14:58 +0200)
author Lukas Reschke <lukas@statuscode.ch>
Fri, 10 Aug 2012 13:23:04 +0000 (15:23 +0200)
committer Jörn Friedrich Dreyer <jfd@butonic.de>
Fri, 24 Aug 2012 12:58:48 +0000 (14:58 +0200)
diff --git a/index.php b/index.php

index 3c38ff760f8eb478c2480767a6810adfaa10cb87..89eaec7d21a911eea99e7facfcaf24722e8ec982 100644 (file)
--- a/index.php
+++ b/index.php
@@ -77,7 +77,7 @@ elseif(OC_User::isLoggedIn()) {
                 }
                 // confirm credentials in cookie
                 if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
-               OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
+               OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) {
                         OC_User::setUserId($_COOKIE['oc_username']);
                         OC_Util::redirectToDefaultPage();
                 }
author	Lukas Reschke <lukas@statuscode.ch>
	Fri, 10 Aug 2012 13:23:04 +0000 (15:23 +0200)
committer	Jörn Friedrich Dreyer <jfd@butonic.de>
	Fri, 24 Aug 2012 12:58:48 +0000 (14:58 +0200)