diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2012-08-10 15:23:04 +0200 |
---|---|---|
committer | Jörn Friedrich Dreyer <jfd@butonic.de> | 2012-08-24 14:58:48 +0200 |
commit | 360c22fd2821ed440089d7899d4c6680a0676410 (patch) | |
tree | d34f7b1b138caa0f910297738097e9bd5c435ba8 /index.php | |
parent | 76e0ca785bb473ea63d7811349cc27d6999fde8f (diff) | |
download | nextcloud-server-360c22fd2821ed440089d7899d4c6680a0676410.tar.gz nextcloud-server-360c22fd2821ed440089d7899d4c6680a0676410.zip |
Validate cookie to prevent auth bypasses.
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php index 3c38ff760f8..89eaec7d21a 100644 --- a/index.php +++ b/index.php @@ -77,7 +77,7 @@ elseif(OC_User::isLoggedIn()) { } // confirm credentials in cookie if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && - OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { + OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) { OC_User::setUserId($_COOKIE['oc_username']); OC_Util::redirectToDefaultPage(); } |