Regenerate session id after public share auth

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-17 22:07:20 +0200
committer: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-26 13:21:39 +0200
commit: cb211f0434c259b1a1e93504e7192b36ba9ba41b (patch)
tree: c5a11dcf310cded302fb4d25d7243c1da10d90db /apps
parent: 84988e4f894d4a8eeffa25d92e47f230de9ba292 (diff)
download: nextcloud-server-cb211f0434c259b1a1e93504e7192b36ba9ba41b.tar.gz
nextcloud-server-cb211f0434c259b1a1e93504e7192b36ba9ba41b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php
index 759d5ee4163..42026568fba 100644
--- a/apps/files_sharing/lib/Controller/ShareController.php
+++ b/apps/files_sharing/lib/Controller/ShareController.php
@@ -201,6 +201,7 @@ class ShareController extends Controller {
 	private function linkShareAuth(\OCP\Share\IShare $share, $password = null) {
 		if ($password !== null) {
 			if ($this->shareManager->checkPassword($share, $password)) {
+				$this->session->regenerateId();
 				$this->session->set('public_link_authenticated', (string)$share->getId());
 			} else {
 				$this->emitAccessShareHook($share, 403, 'Wrong password');
author	Roeland Jago Douma <roeland@famdouma.nl>	2018-05-17 22:07:20 +0200
committer	Roeland Jago Douma <roeland@famdouma.nl>	2018-05-26 13:21:39 +0200
commit	cb211f0434c259b1a1e93504e7192b36ba9ba41b (patch)
tree	c5a11dcf310cded302fb4d25d7243c1da10d90db /apps
parent	84988e4f894d4a8eeffa25d92e47f230de9ba292 (diff)
download	nextcloud-server-cb211f0434c259b1a1e93504e7192b36ba9ba41b.tar.gz nextcloud-server-cb211f0434c259b1a1e93504e7192b36ba9ba41b.zip