diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-12-17 12:47:00 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-12-17 12:47:00 +0100 |
| commit | f6820406b6a345a28878bbd5336eff331627b1a6 (patch) | |
| tree | 917437fd565a6169c922d3b173b6e260d3f4c0e6 /lib/private/user.php | |
| parent | 77c4c2856aa4cb27ca6ab77e5bedbaa65300d111 (diff) | |
| download | nextcloud-server-f6820406b6a345a28878bbd5336eff331627b1a6.tar.gz nextcloud-server-f6820406b6a345a28878bbd5336eff331627b1a6.zip | |
Move the Null-Byte LDAP check to the user manager
The existing method is deprecated and just a wrapper around the manager method. Since in the future other code paths might call this function instead we need to perform that check here.
Related to http://owncloud.org/security/advisory/?id=oc-sa-2014-020
Diffstat (limited to 'lib/private/user.php')
| -rw-r--r-- | lib/private/user.php | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/lib/private/user.php b/lib/private/user.php index ff45e9e26a6..2964b58ba14 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -212,9 +212,6 @@ class OC_User { * Log in a user and regenerate a new session - if the password is ok */ public static function login($loginname, $password) { - $loginname = str_replace("\0", '', $loginname); - $password = str_replace("\0", '', $password); - session_regenerate_id(true); $result = self::getUserSession()->login($loginname, $password); if ($result) { |