diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-09-29 15:18:38 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-09-29 15:18:38 +0200 |
| commit | 578aa4e42546a81e572ecda2061e238d34a4f421 (patch) | |
| tree | 285622f632f536cd9d4c1f3744a838eab3094fd6 /lib/base.php | |
| parent | f5fe95a1315200c7e0c08544b2aad5ef69167d7c (diff) | |
| download | nextcloud-server-578aa4e42546a81e572ecda2061e238d34a4f421.tar.gz nextcloud-server-578aa4e42546a81e572ecda2061e238d34a4f421.zip | |
Removed sectoken
This token is completly useless since an attacker can easily extract it
from the page.
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/base.php b/lib/base.php index 5a2decc6f63..b89859ab2dd 100644 --- a/lib/base.php +++ b/lib/base.php @@ -528,11 +528,7 @@ class OC{ } protected static function tryFormLogin() { - if(!isset($_POST["user"]) - || !isset($_POST['password']) - || !isset($_SESSION['sectoken']) - || !isset($_POST['sectoken']) - || ($_SESSION['sectoken']!=$_POST['sectoken']) ) { + if(!isset($_POST["user"]) || !isset($_POST['password'])) { return false; } |