diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2018-03-21 09:41:35 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-04-11 00:03:30 +0200 |
| commit | fd3c97b93b317cc1b0bfdb17f7b660dae865f25e (patch) | |
| tree | 462253bcc463ea04cef5aea15d1cac9b6acf4718 /core | |
| parent | 3955cf14128b247933ca0fb4cd9c9dd46ea9b280 (diff) | |
| download | nextcloud-server-fd3c97b93b317cc1b0bfdb17f7b660dae865f25e.tar.gz nextcloud-server-fd3c97b93b317cc1b0bfdb17f7b660dae865f25e.zip | |
Avoid to leak a user ID that is not a string to reach a user backend
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/LoginController.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index ffa5b10fc2f..0f02be4bfda 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -142,6 +142,10 @@ class LoginController extends Controller { * @return TemplateResponse|RedirectResponse */ public function showLoginForm($user, $redirect_url) { + if (!is_string($user)) { + throw new \InvalidArgumentException('User needs to be string'); + } + if ($this->userSession->isLoggedIn()) { return new RedirectResponse(OC_Util::getDefaultPageUrl()); } |