Regenerate session id after public share auth

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-17 22:07:20 +0200
committer: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-17 22:07:20 +0200
commit: d6d0e60136336025fa201151ed750d162e470735 (patch)
tree: 888e66e982136faa3fd3811e154a53bbeb0613ea /apps
parent: 9236c20a28dd9558d1577ebfd7c7ea9202ca70bb (diff)
download: nextcloud-server-d6d0e60136336025fa201151ed750d162e470735.tar.gz
nextcloud-server-d6d0e60136336025fa201151ed750d162e470735.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php
index a196f552f6e..da0da6c27a8 100644
--- a/apps/files_sharing/lib/Controller/ShareController.php
+++ b/apps/files_sharing/lib/Controller/ShareController.php
@@ -217,6 +217,7 @@ class ShareController extends Controller {
 	private function linkShareAuth(\OCP\Share\IShare $share, $password = null) {
 		if ($password !== null) {
 			if ($this->shareManager->checkPassword($share, $password)) {
+				$this->session->regenerateId();
 				$this->session->set('public_link_authenticated', (string)$share->getId());
 			} else {
 				$this->emitAccessShareHook($share, 403, 'Wrong password');
author	Roeland Jago Douma <roeland@famdouma.nl>	2018-05-17 22:07:20 +0200
committer	Roeland Jago Douma <roeland@famdouma.nl>	2018-05-17 22:07:20 +0200
commit	d6d0e60136336025fa201151ed750d162e470735 (patch)
tree	888e66e982136faa3fd3811e154a53bbeb0613ea /apps
parent	9236c20a28dd9558d1577ebfd7c7ea9202ca70bb (diff)
download	nextcloud-server-d6d0e60136336025fa201151ed750d162e470735.tar.gz nextcloud-server-d6d0e60136336025fa201151ed750d162e470735.zip