diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-08-10 15:27:10 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-08-10 15:28:59 +0200 |
| commit | 8ec45870a3f1d9dfb633a39b7b8a7c4911533d9e (patch) | |
| tree | 55eb9dd7ce58b11341a7cb271cd0e2fa2877fb63 /lib | |
| parent | 0de81f9dad5bfba01f01d468eb0fd1f452354792 (diff) | |
| download | nextcloud-server-8ec45870a3f1d9dfb633a39b7b8a7c4911533d9e.tar.gz nextcloud-server-8ec45870a3f1d9dfb633a39b7b8a7c4911533d9e.zip | |
Validate cookie properly and prevent auth bypass
BIG (!) thanks to Julien CAYSSOL
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/base.php b/lib/base.php index 3a65b30ae9f..0730e5ff3a9 100644 --- a/lib/base.php +++ b/lib/base.php @@ -489,7 +489,7 @@ class OC{ } // confirm credentials in cookie if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && - OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { + OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) { OC_User::setUserId($_COOKIE['oc_username']); OC_Util::redirectToDefaultPage(); } |