diff options
| author | Miquel Rodríguez Telep / Michael Rodríguez-Torrent <miquel@designunbound.co.uk> | 2013-03-26 21:49:32 +0000 |
|---|---|---|
| committer | Miquel Rodríguez Telep / Michael Rodríguez-Torrent <miquel@designunbound.co.uk> | 2013-03-26 21:49:32 +0000 |
| commit | 93a6ed3dab8d54fa2c735381298bec2bbcdfde41 (patch) | |
| tree | 38274c8fcdc72fe60f06115234782b6f9cbd6dbf /lib/util.php | |
| parent | 53fd122b89ff14b056094fcbcbd294bb63687778 (diff) | |
| download | nextcloud-server-93a6ed3dab8d54fa2c735381298bec2bbcdfde41.tar.gz nextcloud-server-93a6ed3dab8d54fa2c735381298bec2bbcdfde41.zip | |
Ensure instanceid contains a letter
instanceid is generated by uniqid() and then used as the
session_name. Because session_name requires at least one letter
and uniqid() does not guarantee to provide that, in the case that
uniqid() generates a string of only digits, the user will be stuck
in an infinite login loop because every request will generate a
new PHP session.
Diffstat (limited to 'lib/util.php')
| -rwxr-xr-x | lib/util.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/util.php b/lib/util.php index e8d4e56ef17..1fa3ad765d0 100755 --- a/lib/util.php +++ b/lib/util.php @@ -418,7 +418,8 @@ class OC_Util { public static function getInstanceId() { $id = OC_Config::getValue('instanceid', null); if(is_null($id)) { - $id = uniqid(); + // We need to guarantee at least one letter in instanceid so it can be used as the session_name + $id = 'oc' . uniqid(); OC_Config::setValue('instanceid', $id); } return $id; |