mirror of
https://github.com/nextcloud/server.git
synced 2024-08-11 02:11:21 +02:00
Ensure instanceid contains a letter
instanceid is generated by uniqid() and then used as the session_name. Because session_name requires at least one letter and uniqid() does not guarantee to provide that, in the case that uniqid() generates a string of only digits, the user will be stuck in an infinite login loop because every request will generate a new PHP session.
This commit is contained in:
parent
53fd122b89
commit
93a6ed3dab
@ -418,7 +418,8 @@ class OC_Util {
|
|||||||
public static function getInstanceId() {
|
public static function getInstanceId() {
|
||||||
$id = OC_Config::getValue('instanceid', null);
|
$id = OC_Config::getValue('instanceid', null);
|
||||||
if(is_null($id)) {
|
if(is_null($id)) {
|
||||||
$id = uniqid();
|
// We need to guarantee at least one letter in instanceid so it can be used as the session_name
|
||||||
|
$id = 'oc' . uniqid();
|
||||||
OC_Config::setValue('instanceid', $id);
|
OC_Config::setValue('instanceid', $id);
|
||||||
}
|
}
|
||||||
return $id;
|
return $id;
|
||||||
|
@ -54,4 +54,9 @@ class Test_Util extends PHPUnit_Framework_TestCase {
|
|||||||
$this->assertEquals('no-reply@example.com', $email);
|
$this->assertEquals('no-reply@example.com', $email);
|
||||||
OC_Config::deleteKey('mail_domain');
|
OC_Config::deleteKey('mail_domain');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testGetInstanceIdGeneratesValidId() {
|
||||||
|
OC_Config::deleteKey('instanceid');
|
||||||
|
$this->assertStringStartsWith('oc', OC_Util::getInstanceId());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user