diff options
| author | Miquel Rodríguez Telep / Michael Rodríguez-Torrent <miquel@designunbound.co.uk> | 2013-03-26 21:49:32 +0000 |
|---|---|---|
| committer | Miquel Rodríguez Telep / Michael Rodríguez-Torrent <miquel@designunbound.co.uk> | 2013-03-26 21:49:32 +0000 |
| commit | 93a6ed3dab8d54fa2c735381298bec2bbcdfde41 (patch) | |
| tree | 38274c8fcdc72fe60f06115234782b6f9cbd6dbf | |
| parent | 53fd122b89ff14b056094fcbcbd294bb63687778 (diff) | |
| download | nextcloud-server-93a6ed3dab8d54fa2c735381298bec2bbcdfde41.tar.gz nextcloud-server-93a6ed3dab8d54fa2c735381298bec2bbcdfde41.zip | |
Ensure instanceid contains a letter
instanceid is generated by uniqid() and then used as the
session_name. Because session_name requires at least one letter
and uniqid() does not guarantee to provide that, in the case that
uniqid() generates a string of only digits, the user will be stuck
in an infinite login loop because every request will generate a
new PHP session.
| -rwxr-xr-x | lib/util.php | 3 | ||||
| -rw-r--r-- | tests/lib/util.php | 5 |
2 files changed, 7 insertions, 1 deletions
diff --git a/lib/util.php b/lib/util.php index e8d4e56ef17..1fa3ad765d0 100755 --- a/lib/util.php +++ b/lib/util.php @@ -418,7 +418,8 @@ class OC_Util { public static function getInstanceId() { $id = OC_Config::getValue('instanceid', null); if(is_null($id)) { - $id = uniqid(); + // We need to guarantee at least one letter in instanceid so it can be used as the session_name + $id = 'oc' . uniqid(); OC_Config::setValue('instanceid', $id); } return $id; diff --git a/tests/lib/util.php b/tests/lib/util.php index 1c9054264c9..1f253825920 100644 --- a/tests/lib/util.php +++ b/tests/lib/util.php @@ -54,4 +54,9 @@ class Test_Util extends PHPUnit_Framework_TestCase { $this->assertEquals('no-reply@example.com', $email); OC_Config::deleteKey('mail_domain'); } + + function testGetInstanceIdGeneratesValidId() { + OC_Config::deleteKey('instanceid'); + $this->assertStringStartsWith('oc', OC_Util::getInstanceId()); + } } |