Browse Source
Ensure instanceid contains a letter
instanceid is generated by uniqid() and then used as the session_name. Because session_name requires at least one letter and uniqid() does not guarantee to provide that, in the case that uniqid() generates a string of only digits, the user will be stuck in an infinite login loop because every request will generate a new PHP session.tags/v6.0.0alpha2
Miquel Rodríguez Telep / Michael Rodríguez-Torrent
11 years ago
2 changed files with 7 additions and 1 deletions
+ 2
- 1
lib/util.php
View File
| @@ -418,7 +418,8 @@ class OC_Util { | |||
| public static function getInstanceId() { | |||
| $id = OC_Config::getValue('instanceid', null); | |||
| if(is_null($id)) { | |||
| $id = uniqid(); | |||
| // We need to guarantee at least one letter in instanceid so it can be used as the session_name | |||
| $id = 'oc' . uniqid(); | |||
| OC_Config::setValue('instanceid', $id); | |||
| } | |||
| return $id; | |||
+ 5
- 0
tests/lib/util.php
View File
| @@ -54,4 +54,9 @@ class Test_Util extends PHPUnit_Framework_TestCase { | |||
| $this->assertEquals('no-reply@example.com', $email); | |||
| OC_Config::deleteKey('mail_domain'); | |||
| } | |||
| function testGetInstanceIdGeneratesValidId() { | |||
| OC_Config::deleteKey('instanceid'); | |||
| $this->assertStringStartsWith('oc', OC_Util::getInstanceId()); | |||
| } | |||
| } | |||
Loading…